Fixed: Add permission check for runAsSystemUser in CoreEvents

(cherry picked from commit c8d9f48)

Author: jacopoc

framework/webapp/src/main/java/org/apache/ofbiz/webapp/event/CoreEvents.java

@@ -125,6 +125,9 @@ public static String scheduleService(HttpServletRequest request, HttpServletResp
         String serviceCnt = (String) params.remove("SERVICE_COUNT");
         String retryCnt = (String) params.remove("SERVICE_MAXRETRY");
         String runAsSystemUser = (String) params.remove("SERVICE_RUN_AS_SYSTEM");
+        if (!security.hasPermission("SERVICE_RSAS_VIEW", userLogin)) {
+            runAsSystemUser = "N";
+        }
 
         // the frequency map
         Map<String, Integer> freqMap = new HashMap<>();