From a40da29a0e26fac52d6a58341df78fe61ab93e7e Mon Sep 17 00:00:00 2001
From: Tomas Dittmann <chaosmeist3r@gmail.com>
Date: Tue, 23 Nov 2021 20:24:23 +0100
Subject: [PATCH] don't look for project_id for files

it is only used for late accessibility checking (it was already checked in middleware).

With this, you can create stable file links (as long as the file exists)

I need this change for my [inline image plugin](https://github.com/Chaosmeister/PITM)
---
 app/Controller/BaseController.php | 8 --------
 1 file changed, 8 deletions(-)

diff --git a/app/Controller/BaseController.php b/app/Controller/BaseController.php
index c0a51c8da..ca4ca081a 100644
--- a/app/Controller/BaseController.php
+++ b/app/Controller/BaseController.php
@@ -95,16 +95,10 @@ abstract class BaseController extends Base
     {
         $task_id = $this->request->getIntegerParam('task_id');
         $file_id = $this->request->getIntegerParam('file_id');
-        $project_id = $this->request->getIntegerParam('project_id');
         $model = 'projectFileModel';
 
         if ($task_id > 0) {
             $model = 'taskFileModel';
-            $task_project_id = $this->taskFinderModel->getProjectId($task_id);
-
-            if ($project_id != $task_project_id) {
-                throw new AccessForbiddenException();
-            }
         }
 
         $file = $this->$model->getById($file_id);
@@ -115,8 +109,6 @@ abstract class BaseController extends Base
 
         if (isset($file['task_id']) && $file['task_id'] != $task_id) {
             throw new AccessForbiddenException();
-        } else if (isset($file['project_id']) && $file['project_id'] != $project_id) {
-            throw new AccessForbiddenException();
         }
 
         $file['model'] = $model;