diff options
| author | Frederic Guillot <fred@kanboard.net> | 2015-01-26 21:35:33 -0500 |
|---|---|---|
| committer | Frederic Guillot <fred@kanboard.net> | 2015-01-26 21:35:33 -0500 |
| commit | 0f6a4e9de9b6fb1c07f1fd85bdd2786a5c21e3bd (patch) | |
| tree | 83daa40ffb25d52aab3aaf8ba5c5e1429791c49e /app/Controller | |
| parent | 29606b34cb5bce5c3cf656eb8acc137fb0836e76 (diff) | |
Allow urls without project_id
Diffstat (limited to 'app/Controller')
| -rw-r--r-- | app/Controller/Base.php | 27 |
1 files changed, 22 insertions, 5 deletions
diff --git a/app/Controller/Base.php b/app/Controller/Base.php index e0f99d18..232e09bf 100644 --- a/app/Controller/Base.php +++ b/app/Controller/Base.php @@ -165,16 +165,17 @@ abstract class Base $this->container['dispatcher']->dispatch('session.bootstrap', new Event); if (! $this->acl->isPublicAction($controller, $action)) { - $this->handleAuthenticatedUser($controller, $action); + $this->handleAuthentication($controller, $action); + $this->handleAuthorization($controller, $action); } } /** - * Check page access and authentication + * Check authentication * * @access public */ - public function handleAuthenticatedUser($controller, $action) + public function handleAuthentication($controller, $action) { if (! $this->authentication->isAuthenticated()) { @@ -184,8 +185,24 @@ abstract class Base $this->response->redirect('?controller=user&action=login&redirect_query='.urlencode($this->request->getQueryString())); } + } + + /** + * Check page access and authorization + * + * @access public + */ + public function handleAuthorization($controller, $action) + { + $project_id = $this->request->getIntegerParam('project_id'); + $task_id = $this->request->getIntegerParam('task_id'); + + // Allow urls without "project_id" + if ($task_id > 0 && $project_id === 0) { + $project_id = $this->taskFinder->getProjectId($task_id); + } - if (! $this->acl->isAllowed($controller, $action, $this->request->getIntegerParam('project_id', 0))) { + if (! $this->acl->isAllowed($controller, $action, $project_id)) { $this->forbidden(); } } @@ -287,7 +304,7 @@ abstract class Base { $task = $this->taskFinder->getDetails($this->request->getIntegerParam('task_id')); - if (! $task || $task['project_id'] != $this->request->getIntegerParam('project_id')) { + if (! $task) { $this->notfound(); } |