Add new project restriction to block assignee change

author: Frederic Guillot <fred@kanboard.net> 2017-04-05 22:53:54 -0400
committer: Frederic Guillot <fred@kanboard.net> 2017-04-05 22:53:54 -0400
commit: 481e767d3533449e63eda1767c5e6c071d3442a3 (patch)
tree: ac97a2bb3d31078e2f88ea5346bc9745b136903d /app/Controller/TaskModificationController.php
parent: 22f48ea2897d95c8a31e26a0b3313559de8839d6 (diff)
1 files changed, 4 insertions, 0 deletions
diff --git a/app/Controller/TaskModificationController.php b/app/Controller/TaskModificationController.php
index 520bf70e..d2b02a80 100644
--- a/app/Controller/TaskModificationController.php
+++ b/app/Controller/TaskModificationController.php
@@ -103,6 +103,10 @@ class TaskModificationController extends BaseController
 
     protected function updateTask(array &$task, array &$values, array &$errors)
     {
+        if (isset($values['owner_id']) && $values['owner_id'] != $task['owner_id'] && ! $this->helper->projectRole->canChangeAssignee($task)) {
+            throw new AccessForbiddenException(t('You are not allowed to change the assignee'));
+        }
+
         $result = $this->taskModificationModel->update($values);
 
         if ($result && ! empty($task['external_uri'])) {
author	Frederic Guillot <fred@kanboard.net>	2017-04-05 22:53:54 -0400
committer	Frederic Guillot <fred@kanboard.net>	2017-04-05 22:53:54 -0400
commit	481e767d3533449e63eda1767c5e6c071d3442a3 (patch)
tree	ac97a2bb3d31078e2f88ea5346bc9745b136903d /app/Controller/TaskModificationController.php
parent	22f48ea2897d95c8a31e26a0b3313559de8839d6 (diff)