From 1fb383ec73b1774e5ee0c377a666d386942047b2 Mon Sep 17 00:00:00 2001
From: Colin Kuskie <colink@perldreamer.com>
Date: Tue, 2 Dec 2008 19:07:40 +0000
Subject: [PATCH] forward porting ems badge viewing permission fix

---
 docs/changelog/7.x.x.txt                          | 1 +
 lib/WebGUI/Asset/Wobject/EventManagementSystem.pm | 3 ++-
 2 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/docs/changelog/7.x.x.txt b/docs/changelog/7.x.x.txt
index 53769499d..0c0d23261 100644
--- a/docs/changelog/7.x.x.txt
+++ b/docs/changelog/7.x.x.txt
@@ -19,6 +19,7 @@
  - fixed #9191: Message Board reveals user email, ignores profile privacy setting (#9180)
  - fixed #4209: i18n in Rich edit in Dutch breaks
  - fixed #9196: Shelf lacks pagination
+ - fixed #4208: EMS badges with Admin security visible to all
 
 7.6.4
  - Survey now will show progress and time limit.
diff --git a/lib/WebGUI/Asset/Wobject/EventManagementSystem.pm b/lib/WebGUI/Asset/Wobject/EventManagementSystem.pm
index ab9dd2d08..1756fb203 100644
--- a/lib/WebGUI/Asset/Wobject/EventManagementSystem.pm
+++ b/lib/WebGUI/Asset/Wobject/EventManagementSystem.pm
@@ -824,7 +824,8 @@ sub www_getBadgesAsJson {
     my ($db, $form) = $session->quick(qw(db form));
     my %results = ();
     $results{records} = [];
-	foreach my $badge (@{$self->getBadges}) {
+	BADGE: foreach my $badge (@{$self->getBadges}) {
+        next BADGE unless $badge->canView;
 		push(@{$results{records}}, {
 			title 				=> $badge->getTitle,
 			description			=> $badge->get('description'),