AS1024/Kanboard-Prod
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Regular users can remove only their own tasks

Browse Source
This commit is contained in:
Frédéric Guillot
2014-09-23 15:17:04 +02:00
parent 0bd0beba41
commit 484c9614d1
6 changed files with 145 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
app/Controller/Task.php
View File

@@ -289,6 +289,10 @@ class Task extends Base
{
$task = $this->getTask();
if (! $this->taskPermission->canRemoveTask($task)) {
$this->forbidden();
}
if ($this->request->getStringParam('confirmation') === 'yes') {
$this->checkCSRFParam();