Fix permission check of ajax operations (#219)

codefog · Mar 12, 2024 · 3f43eea · 3f43eea
1 parent 459775d
commit 3f43eea
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/src/EventListener/DcaAjaxOperationsListener.php b/src/EventListener/DcaAjaxOperationsListener.php
@@ -165,7 +165,7 @@ private function checkPermission(string $table, array $settings): bool
         $hasPermission = true;
 
         // Check the permissions
-        if (($GLOBALS['TL_DCA'][$table]['fields'][$settings['field']]['exclude'] ?? false) && $this->security->isGranted(ContaoCorePermissions::USER_CAN_EDIT_FIELD_OF_TABLE, $table.'::'.$settings['field'])) {
+        if (($GLOBALS['TL_DCA'][$table]['fields'][$settings['field']]['exclude'] ?? false) && !$this->security->isGranted(ContaoCorePermissions::USER_CAN_EDIT_FIELD_OF_TABLE, $table.'::'.$settings['field'])) {
             $hasPermission = false;
         }