summaryrefslogtreecommitdiff
path: root/app/Controller
diff options
context:
space:
mode:
Diffstat (limited to 'app/Controller')
-rw-r--r--app/Controller/Base.php2
-rw-r--r--app/Controller/Board.php22
2 files changed, 6 insertions, 18 deletions
diff --git a/app/Controller/Base.php b/app/Controller/Base.php
index b090356e..66a9e84f 100644
--- a/app/Controller/Base.php
+++ b/app/Controller/Base.php
@@ -146,7 +146,7 @@ abstract class Base extends \Kanboard\Core\Base
protected function forbidden($no_layout = false)
{
if ($this->request->isAjax()) {
- $this->response->text('Not Authorized', 401);
+ $this->response->text('Access Forbidden', 403);
}
$this->response->html($this->template->layout('app/forbidden', array(
diff --git a/app/Controller/Board.php b/app/Controller/Board.php
index a75fea33..06736cce 100644
--- a/app/Controller/Board.php
+++ b/app/Controller/Board.php
@@ -73,10 +73,6 @@ class Board extends Base
return $this->response->status(403);
}
- if (! $this->projectPermission->isUserAllowed($project_id, $this->userSession->getId())) {
- $this->response->text('Forbidden', 403);
- }
-
$values = $this->request->getJson();
$result =$this->taskPosition->movePosition(
@@ -101,22 +97,18 @@ class Board extends Base
*/
public function check()
{
- if (! $this->request->isAjax()) {
- return $this->response->status(403);
- }
-
$project_id = $this->request->getIntegerParam('project_id');
$timestamp = $this->request->getIntegerParam('timestamp');
- if (! $this->projectPermission->isUserAllowed($project_id, $this->userSession->getId())) {
- $this->response->text('Forbidden', 403);
+ if (! $project_id || ! $this->request->isAjax()) {
+ return $this->response->status(403);
}
if (! $this->project->isModifiedSince($project_id, $timestamp)) {
return $this->response->status(304);
}
- $this->response->html($this->renderBoard($project_id));
+ return $this->response->html($this->renderBoard($project_id));
}
/**
@@ -126,14 +118,10 @@ class Board extends Base
*/
public function reload()
{
- if (! $this->request->isAjax()) {
- return $this->response->status(403);
- }
-
$project_id = $this->request->getIntegerParam('project_id');
- if (! $this->projectPermission->isUserAllowed($project_id, $this->userSession->getId())) {
- $this->response->text('Forbidden', 403);
+ if (! $project_id || ! $this->request->isAjax()) {
+ return $this->response->status(403);
}
$values = $this->request->getJson();