From c2d18f216ac13dbd09760241afb7ceb3617346d0 Mon Sep 17 00:00:00 2001
From: jtkech <jean-thierry.kechichian@wanadoo.fr>
Date: Thu, 28 May 2015 21:33:08 +0200
Subject: [PATCH] Update AdminController.cs

---
 .../Orchard.Workflows/Controllers/AdminController.cs        | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/src/Orchard.Web/Modules/Orchard.Workflows/Controllers/AdminController.cs b/src/Orchard.Web/Modules/Orchard.Workflows/Controllers/AdminController.cs
index 69d2d2641..30809e85d 100644
--- a/src/Orchard.Web/Modules/Orchard.Workflows/Controllers/AdminController.cs
+++ b/src/Orchard.Web/Modules/Orchard.Workflows/Controllers/AdminController.cs
@@ -1,6 +1,7 @@
 using System.Collections.Generic;
 using System.Collections.Specialized;
 using System.Linq;
+using System.Security.Authentication;
 using System.Security.Cryptography.X509Certificates;
 using System.Web;
 using System.Web.Mvc;
@@ -160,8 +161,11 @@ namespace Orchard.Workflows.Controllers {
         }
 
         public JsonResult State(int? id) {
+            if (!Services.Authorizer.Authorize(StandardPermissions.SiteOwner, T("Not authorized to edit workflows")))
+                throw new AuthenticationException("");
+
             var workflowDefinitionRecord = id.HasValue ? _workflowDefinitionRecords.Get(id.Value) : null;
-            var isRunning = workflowDefinitionRecord != null ? workflowDefinitionRecord.WorkflowRecords.Any() : false;
+            var isRunning = workflowDefinitionRecord != null && workflowDefinitionRecord.WorkflowRecords.Any();
             return Json(new { isRunning = isRunning }, JsonRequestBehavior.AllowGet);
         }