diff options
| author | Busfreak <martin@middeke.de> | 2017-04-12 13:08:56 +0200 |
|---|---|---|
| committer | Busfreak <martin@middeke.de> | 2017-04-12 13:08:56 +0200 |
| commit | ca562bb909c2bceffffe054e345c646619cd32bf (patch) | |
| tree | 92de2047c3d034c8723dbbbdc9021587a6df02ae /app/Controller/TaskModificationController.php | |
| parent | 660ba7b4827a3058d93a8f1c010925b4e9669ecf (diff) | |
Bug: Improve task update restriction
the function "checkPermission" has been removed and replaced with
"projectRole->canUpdateTask"
Diffstat (limited to 'app/Controller/TaskModificationController.php')
| -rw-r--r-- | app/Controller/TaskModificationController.php | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/app/Controller/TaskModificationController.php b/app/Controller/TaskModificationController.php index a53c1a38..1892a209 100644 --- a/app/Controller/TaskModificationController.php +++ b/app/Controller/TaskModificationController.php @@ -23,7 +23,9 @@ class TaskModificationController extends BaseController { $task = $this->getTask(); $values = array('id' => $task['id'], 'date_started' => time()); - $this->checkPermission($task, $values); + if (! $this->helper->projectRole->canUpdateTask($task)) { + throw new AccessForbiddenException(t('You are not allowed to update tasks assigned to someone else.')); + } $this->taskModificationModel->update($values); $this->response->redirect($this->helper->url->to('TaskViewController', 'show', array('project_id' => $task['project_id'], 'task_id' => $task['id']))); } |