diff options
Diffstat (limited to 'app/Controller/TaskModificationController.php')
| -rw-r--r-- | app/Controller/TaskModificationController.php | 25 |
1 files changed, 13 insertions, 12 deletions
diff --git a/app/Controller/TaskModificationController.php b/app/Controller/TaskModificationController.php index a3f68a8b..a53c1a38 100644 --- a/app/Controller/TaskModificationController.php +++ b/app/Controller/TaskModificationController.php @@ -40,6 +40,11 @@ class TaskModificationController extends BaseController public function edit(array $values = array(), array $errors = array()) { $task = $this->getTask(); + + if (! $this->helper->projectRole->canUpdateTask($task)) { + throw new AccessForbiddenException(t('You are not allowed to update tasks assigned to someone else.')); + } + $project = $this->projectModel->getById($task['project_id']); if (empty($values)) { @@ -105,7 +110,14 @@ class TaskModificationController extends BaseController protected function updateTask(array &$task, array &$values, array &$errors) { - $this->checkPermission($task, $values); + if (isset($values['owner_id']) && $values['owner_id'] != $task['owner_id'] && !$this->helper->projectRole->canChangeAssignee($task)) { + throw new AccessForbiddenException(t('You are not allowed to change the assignee.')); + } + + if (! $this->helper->projectRole->canUpdateTask($task)) { + throw new AccessForbiddenException(t('You are not allowed to update tasks assigned to someone else.')); + } + $result = $this->taskModificationModel->update($values); if ($result && ! empty($task['external_uri'])) { @@ -122,15 +134,4 @@ class TaskModificationController extends BaseController return $result; } - - protected function checkPermission(array &$task, array &$values) - { - if (isset($values['owner_id']) && $values['owner_id'] != $task['owner_id'] && !$this->helper->projectRole->canChangeAssignee($task)) { - throw new AccessForbiddenException(t('You are not allowed to change the assignee.')); - } - - if (! $this->helper->projectRole->canUpdateTask($task)) { - throw new AccessForbiddenException(t('You are not allowed to update tasks assigned to someone else.')); - } - } } |