diff options
Diffstat (limited to 'app/Controller/Task.php')
-rw-r--r-- | app/Controller/Task.php | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/app/Controller/Task.php b/app/Controller/Task.php index 7bb989c6..28db5c28 100644 --- a/app/Controller/Task.php +++ b/app/Controller/Task.php @@ -289,6 +289,10 @@ class Task extends Base { $task = $this->getTask(); + if (! $this->taskPermission->canRemoveTask($task)) { + $this->forbidden(); + } + if ($this->request->getStringParam('confirmation') === 'yes') { $this->checkCSRFParam(); |