done

httpdocs/config/services.yaml

@@ -38,9 +38,9 @@ services:
 
     # add more service definitions when explicit configuration is needed
     # please note that last definitions always *replace* previous ones
-    App\EventListener\BackendMenuListener:
-      arguments:
-        - "@router"
-        - "@request_stack"
-      tags:
-        - { name: kernel.event_listener, event: contao.backend_menu_build, method: onContaoBackendMenuBuild, priority: -255 }
+#    App\EventListener\BackendMenuListener:
+#      arguments:
+#        - "@router"
+#        - "@request_stack"
+#      tags:
+#        - { name: kernel.event_listener, event: contao.backend_menu_build, method: onContaoBackendMenuBuild, priority: -255 }

httpdocs/src/Controller/BackendController.php

@@ -2,6 +2,7 @@
 namespace App\Controller;
 
 
+use Contao\BackendUser;
 use Doctrine\DBAL\Connection;
 use Onurb\Bundle\ExcelBundle\Factory\ExcelFactory;
 use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
@@ -13,7 +14,6 @@ use Symfony\Component\HttpKernel\KernelInterface;
 use Symfony\Component\Routing\Annotation\Route;
 use Twig\Environment as TwigEnvironment;
 use Terminal42\ServiceAnnotationBundle\Annotation\ServiceTag;
-use function Ramsey\Uuid\v1;
 
 /**
  * @Route("/contao/key-data",
@@ -36,6 +36,10 @@ class BackendController extends AbstractController
         $GLOBALS['TL_JAVASCRIPT'][] = 'assets/jquery/js/jquery.js';
         $this->twig = $twig;
         $this->kernel = $kernel;
+
+        if (!BackendController::hasRightsToImport()) {
+            throw new \Exception('invalid rights');
+        }
     }
 
     /**
@@ -161,4 +165,10 @@ class BackendController extends AbstractController
     {
         return $request->cookies->get($this->kernel->getEnvironment() === 'dev' ? 'csrf_contao_csrf_token' : 'csrf_https-contao_csrf_token');
     }
+
+    public static function hasRightsToImport()
+    {
+        $objUser = BackendUser::getInstance();
+        return $objUser->isAdmin || in_array(2, $objUser->groups, false);
+    }
 }

httpdocs/src/EventListener/BackendMenuListener.php

@@ -4,9 +4,11 @@
 namespace App\EventListener;
 
 use App\Controller\BackendController;
+use Contao\BackendUser;
 use Contao\CoreBundle\Event\MenuEvent;
 use Symfony\Component\HttpFoundation\RequestStack;
 use Symfony\Component\Routing\RouterInterface;
+use Symfony\Component\Security\Core\Security;
 use Terminal42\ServiceAnnotationBundle\Annotation\ServiceTag;
 
 /**
@@ -34,6 +36,10 @@ class BackendMenuListener
             return;
         }
 
+        if (!BackendController::hasRightsToImport()) {
+            return;
+        }
+
         $contentNode = $tree->getChild('content');
 
         $node = $factory