AS1024/Kanboard-Prod
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Regular users can remove only their own tasks

Browse Source
This commit is contained in:
Frédéric Guillot
2014-09-23 15:17:04 +02:00
parent 0bd0beba41
commit 484c9614d1
6 changed files with 145 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
app/Controller/Base.php
View File

@@ -31,6 +31,7 @@ use Model\LastLogin;
* @property \Model\Task $task
* @property \Model\TaskHistory $taskHistory
* @property \Model\TaskExport $taskExport
* @property \Model\TaskPermission $taskPermission
* @property \Model\TaskValidator $taskValidator
* @property \Model\CommentHistory $commentHistory
* @property \Model\SubtaskHistory $subtaskHistory
@@ -242,6 +243,10 @@ abstract class Base
*/
protected function taskLayout($template, array $params)
{
if (isset($params['task']) && $this->taskPermission->canRemoveTask($params['task']) === false) {
$params['hide_remove_menu'] = true;
}
$content = $this->template->load($template, $params);
$params['task_content_for_layout'] = $content;

4
app/Controller/Task.php
View File

@@ -289,6 +289,10 @@ class Task extends Base
{
$task = $this->getTask();
if (! $this->taskPermission->canRemoveTask($task)) {
$this->forbidden();
}
if ($this->request->getStringParam('confirmation') === 'yes') {
$this->checkCSRFParam();