diff options
| author | Frederic Guillot <fred@kanboard.net> | 2016-01-23 17:40:34 -0500 |
|---|---|---|
| committer | Frederic Guillot <fred@kanboard.net> | 2016-01-23 17:40:34 -0500 |
| commit | cfec551968ff59c124b9e148d2c807153ead9fb5 (patch) | |
| tree | 4ba6ae30f402279c7bf7b576b3e124c8f2b745cc /app/Controller/Board.php | |
| parent | 0798887834550a23fefb610905fccebdeea33584 (diff) | |
Remove useless permission check
Diffstat (limited to 'app/Controller/Board.php')
| -rw-r--r-- | app/Controller/Board.php | 22 |
1 files changed, 5 insertions, 17 deletions
diff --git a/app/Controller/Board.php b/app/Controller/Board.php index a75fea33..06736cce 100644 --- a/app/Controller/Board.php +++ b/app/Controller/Board.php @@ -73,10 +73,6 @@ class Board extends Base return $this->response->status(403); } - if (! $this->projectPermission->isUserAllowed($project_id, $this->userSession->getId())) { - $this->response->text('Forbidden', 403); - } - $values = $this->request->getJson(); $result =$this->taskPosition->movePosition( @@ -101,22 +97,18 @@ class Board extends Base */ public function check() { - if (! $this->request->isAjax()) { - return $this->response->status(403); - } - $project_id = $this->request->getIntegerParam('project_id'); $timestamp = $this->request->getIntegerParam('timestamp'); - if (! $this->projectPermission->isUserAllowed($project_id, $this->userSession->getId())) { - $this->response->text('Forbidden', 403); + if (! $project_id || ! $this->request->isAjax()) { + return $this->response->status(403); } if (! $this->project->isModifiedSince($project_id, $timestamp)) { return $this->response->status(304); } - $this->response->html($this->renderBoard($project_id)); + return $this->response->html($this->renderBoard($project_id)); } /** @@ -126,14 +118,10 @@ class Board extends Base */ public function reload() { - if (! $this->request->isAjax()) { - return $this->response->status(403); - } - $project_id = $this->request->getIntegerParam('project_id'); - if (! $this->projectPermission->isUserAllowed($project_id, $this->userSession->getId())) { - $this->response->text('Forbidden', 403); + if (! $project_id || ! $this->request->isAjax()) { + return $this->response->status(403); } $values = $this->request->getJson(); |