Validate access when a hotspot/delineation question is created - refs #7705

main/exercice/hotspot_actionscript_admin.as.php

@@ -8,6 +8,15 @@
 */
 require_once '../inc/global.inc.php';
 
+api_protect_course_script(false);
+
+$isAllowedToEdit = api_is_allowed_to_edit(null,true);
+
+if (!$isAllowedToEdit) {
+    api_not_allowed(true);
+    exit;
+}
+
 // set vars
 $questionId = intval($_GET['modifyAnswers']);
 $objQuestion = Question::read($questionId);