Restrict actions for project viewers

author: Frederic Guillot <fred@kanboard.net> 2015-12-06 17:39:21 -0500
committer: Frederic Guillot <fred@kanboard.net> 2015-12-06 17:39:21 -0500
commit: f0651c48c14f44a21d01c2ee71ebdd0a5ffd81a6 (patch)
tree: 51f1d6b6c2ad14f692e10e2d6bb44bf071a56301 /app/Template/project
parent: bd849ff655f9b31f90425c07e5773c7a4e956c34 (diff)
1 files changed, 2 insertions, 0 deletions
diff --git a/app/Template/project/sidebar.php b/app/Template/project/sidebar.php
index b436c9e8..2cc5ff2f 100644
--- a/app/Template/project/sidebar.php
+++ b/app/Template/project/sidebar.php
@@ -4,9 +4,11 @@
         <li <?= $this->app->getRouterAction() === 'show' ? 'class="active"' : '' ?>>
             <?= $this->url->link(t('Summary'), 'project', 'show', array('project_id' => $project['id'])) ?>
         </li>
+        <?php if ($this->user->hasProjectAccess('customfilter', 'index', $project['id'])): ?>
         <li <?= $this->app->getRouterController() === 'customfilter' && $this->app->getRouterAction() === 'index' ? 'class="active"' : '' ?>>
             <?= $this->url->link(t('Custom filters'), 'customfilter', 'index', array('project_id' => $project['id'])) ?>
         </li>
+        <?php endif ?>
 
         <?php if ($this->user->hasProjectAccess('project', 'edit', $project['id'])): ?>
             <li <?= $this->app->getRouterController() === 'project' && $this->app->getRouterAction() === 'share' ? 'class="active"' : '' ?>>
author	Frederic Guillot <fred@kanboard.net>	2015-12-06 17:39:21 -0500
committer	Frederic Guillot <fred@kanboard.net>	2015-12-06 17:39:21 -0500
commit	f0651c48c14f44a21d01c2ee71ebdd0a5ffd81a6 (patch)
tree	51f1d6b6c2ad14f692e10e2d6bb44bf071a56301 /app/Template/project
parent	bd849ff655f9b31f90425c07e5773c7a4e956c34 (diff)