public function execute($task)
{
// If we're using the JSON API we need a manager
$format = $this->input->getCmd('format', 'html');
if ($format == 'json' && !($this->checkACL('core.manage') || $this->checkACL('core.admin'))) {
throw new \RuntimeException(\JText::_('JLIB_APPLICATION_ERROR_ACCESS_FORBIDDEN'), 403);
}
// For the HTML view we only allow browse and download
if ($format != 'json') {
if (!in_array($task, ['browse', 'download'])) {
$task = 'browse';
}
}
return parent::execute($task);
}