AS1024/itflow
1
0
Fork 0
mirror of https://github.com/itflow-org/itflow synced 2026-05-25 04:08:18 +00:00
Code Issues Packages Projects Releases Wiki Activity

Kanban - Enforce per-client perms (ajax)

Browse Source
This commit is contained in:
wrongecho
2026-05-20 14:01:55 +01:00
parent 7211426292
commit c5d67cd4f9
1 changed files with 6 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
agent/ajax.php
View File

@@ -454,6 +454,12 @@ if (isset($_POST['update_kanban_ticket'])) {
foreach ($positions as $position) {
$ticket_id = intval($position['ticket_id']);
// Client perms check
$client_query = mysqli_fetch_assoc(mysqli_query($mysqli, "SELECT ticket_client_id FROM tickets WHERE ticket_id = $ticket_id"));
$client_id = intval($client_query['ticket_client_id']);
enforceClientAccess();
$kanban = intval($position['ticket_order']); // ticket kanban position
$status = intval($position['ticket_status']); // ticket statuses
$oldStatus = intval($position['ticket_oldStatus']); // ticket old status if moved