Enforce restrictions for column menus

author: Frederic Guillot <fred@kanboard.net> 2016-09-18 22:05:20 -0400
committer: Frederic Guillot <fred@kanboard.net> 2016-09-18 22:05:20 -0400
commit: c328bcf840f2fe21e87246b10fb8c75dfa640d1d (patch)
tree: 0c9d07b3a8f2f08bd127aa717611126487090f1c /app/Controller
parent: 3043163747b13ce1942b2e55977cf7c5417021de (diff)
1 files changed, 6 insertions, 3 deletions
diff --git a/app/Controller/TaskBulkController.php b/app/Controller/TaskBulkController.php
index df7f589b..4e06f636 100644
--- a/app/Controller/TaskBulkController.php
+++ b/app/Controller/TaskBulkController.php
@@ -47,7 +47,12 @@ class TaskBulkController extends BaseController
         $values = $this->request->getValues();
         list($valid, $errors) = $this->taskValidator->validateBulkCreation($values);
 
-        if ($valid) {
+        if (! $valid) {
+            $this->show($values, $errors);
+        } else if (! $this->helper->projectRole->canCreateTaskInColumn($project['id'], $values['column_id'])) {
+            $this->flash->failure(t('You cannot create tasks in this column.'));
+            $this->response->redirect($this->helper->url->to('BoardViewController', 'show', array('project_id' => $project['id'])), true);
+        } else {
             $this->createTasks($project, $values);
             $this->response->redirect($this->helper->url->to(
                 'BoardViewController',
@@ -55,8 +60,6 @@ class TaskBulkController extends BaseController
                 array('project_id' => $project['id']),
                 'swimlane-'. $values['swimlane_id']
             ), true);
-        } else {
-            $this->show($values, $errors);
         }
     }
author	Frederic Guillot <fred@kanboard.net>	2016-09-18 22:05:20 -0400
committer	Frederic Guillot <fred@kanboard.net>	2016-09-18 22:05:20 -0400
commit	c328bcf840f2fe21e87246b10fb8c75dfa640d1d (patch)
tree	0c9d07b3a8f2f08bd127aa717611126487090f1c /app/Controller
parent	3043163747b13ce1942b2e55977cf7c5417021de (diff)