AS1024
/
Kanboard-Prod
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Remove useless permission check

This commit is contained in:
Frederic Guillot 2016-01-23 17:40:34 -05:00
parent 0798887834
commit cfec551968
2 changed files with 6 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
app/Controller/Base.php
View File

@ -146,7 +146,7 @@ abstract class Base extends \Kanboard\Core\Base
protected function forbidden($no_layout = false)
{
if ($this->request->isAjax()) {
$this->response->text('Not Authorized', 401);
$this->response->text('Access Forbidden', 403);
}
$this->response->html($this->template->layout('app/forbidden', array(

22
app/Controller/Board.php
View File

@ -73,10 +73,6 @@ class Board extends Base
return $this->response->status(403);
}
if (! $this->projectPermission->isUserAllowed($project_id, $this->userSession->getId())) {
$this->response->text('Forbidden', 403);
}
$values = $this->request->getJson();
$result =$this->taskPosition->movePosition(
@ -101,22 +97,18 @@ class Board extends Base
*/
public function check()
{
if (! $this->request->isAjax()) {
return $this->response->status(403);
}
$project_id = $this->request->getIntegerParam('project_id');
$timestamp = $this->request->getIntegerParam('timestamp');
if (! $this->projectPermission->isUserAllowed($project_id, $this->userSession->getId())) {
$this->response->text('Forbidden', 403);
if (! $project_id || ! $this->request->isAjax()) {
return $this->response->status(403);
}
if (! $this->project->isModifiedSince($project_id, $timestamp)) {
return $this->response->status(304);
}
$this->response->html($this->renderBoard($project_id));
return $this->response->html($this->renderBoard($project_id));
}
/**
@ -126,14 +118,10 @@ class Board extends Base
*/
public function reload()
{
if (! $this->request->isAjax()) {
return $this->response->status(403);
}
$project_id = $this->request->getIntegerParam('project_id');
if (! $this->projectPermission->isUserAllowed($project_id, $this->userSession->getId())) {
$this->response->text('Forbidden', 403);
if (! $project_id || ! $this->request->isAjax()) {
return $this->response->status(403);
}
$values = $this->request->getJson();