AS1024
/
Kanboard-Prod
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Bug: Improve task update restriction 

the function "checkPermission" has been removed and replaced with
"projectRole->canUpdateTask"
This commit is contained in:
Busfreak 2017-04-12 13:08:56 +02:00
parent 660ba7b482
commit ca562bb909
1 changed files with 3 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
app/Controller/TaskModificationController.php
View File

@ -23,7 +23,9 @@ class TaskModificationController extends BaseController
{ {
$task = $this->getTask(); $task = $this->getTask();
$values = array('id' => $task['id'], 'date_started' => time()); $values = array('id' => $task['id'], 'date_started' => time());
$this->checkPermission($task, $values); if (! $this->helper->projectRole->canUpdateTask($task)) {
throw new AccessForbiddenException(t('You are not allowed to update tasks assigned to someone else.'));
}
$this->taskModificationModel->update($values); $this->taskModificationModel->update($values);
$this->response->redirect($this->helper->url->to('TaskViewController', 'show', array('project_id' => $task['project_id'], 'task_id' => $task['id']))); $this->response->redirect($this->helper->url->to('TaskViewController', 'show', array('project_id' => $task['project_id'], 'task_id' => $task['id'])));
} }