UWVA#32983 Rechten beter controleren bij clone

svn path=/Website/branches/v2015.1/; revision=25410

APPL/API2/model_reportsx.inc

@@ -73,6 +73,12 @@ function model_reportsx(usrrap_key, params)
 
     this._analyze_fields = function (fields, params, jsondata) /* analyseer inkomende data, common voor PUT en POST */
         {
+            if ("report" in jsondata)
+                jsondata = jsondata.report; // dereference
+            if (user.oslogin() != "_FACILITOR") // Die mag alles
+            {
+                user.auth_required_or_abort(this.is_safe_view(jsondata.viewname));
+            }
         };
 
     this._clone_report_cols = function(old_usrrap_key, new_model)
@@ -156,10 +162,6 @@ function model_reportsx(usrrap_key, params)
     this.REST_POST = function _reportsx_REST_POST(params, jsondata) /* new report */
         {
             this._check_authorization(params, "POST");
-            if (user.oslogin() != "_FACILITOR") // Die mag alles
-            {
-                user.auth_required_or_abort(this.is_safe_view(jsondata.report.viewname));
-            }
 
             var fields = api2.update_fields(params, this, jsondata); // Build updater
             this._analyze_fields(fields, params, jsondata);