Improve column restrictions

author: Frederic Guillot <fred@kanboard.net> 2016-09-11 18:32:47 -0400
committer: Frederic Guillot <fred@kanboard.net> 2016-09-11 18:32:47 -0400
commit: c84df535b6bdc7260144872fc4e0c241a5a5ad61 (patch)
tree: d0e1dfe683fc338298f64e67e69cbbb26455e08c /app/Controller/TaskMovePositionController.php
parent: d8f6d8568396816a6bfaca1e01211384e803cf91 (diff)
1 files changed, 4 insertions, 0 deletions
diff --git a/app/Controller/TaskMovePositionController.php b/app/Controller/TaskMovePositionController.php
index 0db742c3..c6e8be0c 100644
--- a/app/Controller/TaskMovePositionController.php
+++ b/app/Controller/TaskMovePositionController.php
@@ -30,6 +30,10 @@ class TaskMovePositionController extends BaseController
         $task = $this->getTask();
         $values = $this->request->getJson();
 
+        if (! $this->helper->projectRole->canMoveTask($task['project_id'], $task['column_id'], $values['column_id'])) {
+            throw new AccessForbiddenException(e("You don't have the permission to move this task"));
+        }
+
         $result = $this->taskPositionModel->movePosition(
             $task['project_id'],
             $task['id'],
author	Frederic Guillot <fred@kanboard.net>	2016-09-11 18:32:47 -0400
committer	Frederic Guillot <fred@kanboard.net>	2016-09-11 18:32:47 -0400
commit	c84df535b6bdc7260144872fc4e0c241a5a5ad61 (patch)
tree	d0e1dfe683fc338298f64e67e69cbbb26455e08c /app/Controller/TaskMovePositionController.php
parent	d8f6d8568396816a6bfaca1e01211384e803cf91 (diff)