AS1024
/
Kanboard-Prod
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

don't look for project_id for files 

it is only used for late accessibility checking (it was already checked in middleware).

With this, you can create stable file links (as long as the file exists)

I need this change for my [inline image plugin](https://github.com/Chaosmeister/PITM)
This commit is contained in:
Tomas Dittmann 2021-11-23 20:24:23 +01:00 committed by fguillot
parent 67be448604
commit a40da29a0e
1 changed files with 0 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
app/Controller/BaseController.php
View File

@ -95,16 +95,10 @@ abstract class BaseController extends Base
{
$task_id = $this->request->getIntegerParam('task_id');
$file_id = $this->request->getIntegerParam('file_id');
$project_id = $this->request->getIntegerParam('project_id');
$model = 'projectFileModel';
if ($task_id > 0) {
$model = 'taskFileModel';
$task_project_id = $this->taskFinderModel->getProjectId($task_id);
if ($project_id != $task_project_id) {
throw new AccessForbiddenException();
}
}
$file = $this->$model->getById($file_id);
@ -115,8 +109,6 @@ abstract class BaseController extends Base
if (isset($file['task_id']) && $file['task_id'] != $task_id) {
throw new AccessForbiddenException();
} else if (isset($file['project_id']) && $file['project_id'] != $project_id) {
throw new AccessForbiddenException();
}
$file['model'] = $model;