diff options
Diffstat (limited to 'app/Controller/CustomFilterController.php')
| -rw-r--r-- | app/Controller/CustomFilterController.php | 8 |
1 files changed, 5 insertions, 3 deletions
diff --git a/app/Controller/CustomFilterController.php b/app/Controller/CustomFilterController.php index 1bf1617e..3e2de713 100644 --- a/app/Controller/CustomFilterController.php +++ b/app/Controller/CustomFilterController.php @@ -182,10 +182,12 @@ class CustomFilterController extends BaseController private function checkPermission(array $project, array $filter) { - $user_id = $this->userSession->getId(); + $userID = $this->userSession->getId(); - if ($filter['user_id'] != $user_id && ($this->projectUserRoleModel->getUserRole($project['id'], $user_id) === Role::PROJECT_MANAGER || ! $this->userSession->isAdmin())) { - throw new AccessForbiddenException(); + if ($filter['user_id'] != $userID) { + if ($this->projectUserRoleModel->getUserRole($project['id'], $userID) !== Role::PROJECT_MANAGER && ! $this->userSession->isAdmin()) { + throw new AccessForbiddenException(); + } } } } |