diff options
Diffstat (limited to 'app/Controller')
-rw-r--r-- | app/Controller/Base.php | 2 | ||||
-rw-r--r-- | app/Controller/Board.php | 22 |
2 files changed, 6 insertions, 18 deletions
diff --git a/app/Controller/Base.php b/app/Controller/Base.php index b090356e..66a9e84f 100644 --- a/app/Controller/Base.php +++ b/app/Controller/Base.php @@ -146,7 +146,7 @@ abstract class Base extends \Kanboard\Core\Base protected function forbidden($no_layout = false) { if ($this->request->isAjax()) { - $this->response->text('Not Authorized', 401); + $this->response->text('Access Forbidden', 403); } $this->response->html($this->template->layout('app/forbidden', array( diff --git a/app/Controller/Board.php b/app/Controller/Board.php index a75fea33..06736cce 100644 --- a/app/Controller/Board.php +++ b/app/Controller/Board.php @@ -73,10 +73,6 @@ class Board extends Base return $this->response->status(403); } - if (! $this->projectPermission->isUserAllowed($project_id, $this->userSession->getId())) { - $this->response->text('Forbidden', 403); - } - $values = $this->request->getJson(); $result =$this->taskPosition->movePosition( @@ -101,22 +97,18 @@ class Board extends Base */ public function check() { - if (! $this->request->isAjax()) { - return $this->response->status(403); - } - $project_id = $this->request->getIntegerParam('project_id'); $timestamp = $this->request->getIntegerParam('timestamp'); - if (! $this->projectPermission->isUserAllowed($project_id, $this->userSession->getId())) { - $this->response->text('Forbidden', 403); + if (! $project_id || ! $this->request->isAjax()) { + return $this->response->status(403); } if (! $this->project->isModifiedSince($project_id, $timestamp)) { return $this->response->status(304); } - $this->response->html($this->renderBoard($project_id)); + return $this->response->html($this->renderBoard($project_id)); } /** @@ -126,14 +118,10 @@ class Board extends Base */ public function reload() { - if (! $this->request->isAjax()) { - return $this->response->status(403); - } - $project_id = $this->request->getIntegerParam('project_id'); - if (! $this->projectPermission->isUserAllowed($project_id, $this->userSession->getId())) { - $this->response->text('Forbidden', 403); + if (! $project_id || ! $this->request->isAjax()) { + return $this->response->status(403); } $values = $this->request->getJson(); |