Fix #142 - No validation if batch action is actually activated

Admin/Admin.php

@@ -749,9 +749,13 @@ abstract class Admin implements AdminInterface, DomainObjectInterface
      */
     public function getBatchActions()
     {
-        return array(
-            'delete' => $this->trans('action_delete', array(), 'SonataAdminBundle')
-        );
+        $actions = array();
+
+        if ($this->isGranted('DELETE')) {
+            $actions['delete'] = $this->trans('action_delete', array(), 'SonataAdminBundle');
+        }
+
+        return $actions;
     }
 
     /**

Controller/CRUDController.php

@@ -267,6 +267,10 @@ class CRUDController extends Controller
             return new RedirectResponse($this->admin->generateUrl('list'));
         }
 
+        if (!array_key_exists($action, $this->admin->getBatchActions())) {
+            throw new \RuntimeException(sprintf('The `%s` batch action is not defined', $action));
+        }
+
         // execute the action, batchActionXxxxx
         $final_action = sprintf('batchAction%s', ucfirst($action));
         if (!method_exists($this, $final_action)) {