From cfec551968ff59c124b9e148d2c807153ead9fb5 Mon Sep 17 00:00:00 2001 From: Frederic Guillot Date: Sat, 23 Jan 2016 17:40:34 -0500 Subject: Remove useless permission check --- app/Controller/Board.php | 22 +++++----------------- 1 file changed, 5 insertions(+), 17 deletions(-) (limited to 'app/Controller/Board.php') diff --git a/app/Controller/Board.php b/app/Controller/Board.php index a75fea33..06736cce 100644 --- a/app/Controller/Board.php +++ b/app/Controller/Board.php @@ -73,10 +73,6 @@ class Board extends Base return $this->response->status(403); } - if (! $this->projectPermission->isUserAllowed($project_id, $this->userSession->getId())) { - $this->response->text('Forbidden', 403); - } - $values = $this->request->getJson(); $result =$this->taskPosition->movePosition( @@ -101,22 +97,18 @@ class Board extends Base */ public function check() { - if (! $this->request->isAjax()) { - return $this->response->status(403); - } - $project_id = $this->request->getIntegerParam('project_id'); $timestamp = $this->request->getIntegerParam('timestamp'); - if (! $this->projectPermission->isUserAllowed($project_id, $this->userSession->getId())) { - $this->response->text('Forbidden', 403); + if (! $project_id || ! $this->request->isAjax()) { + return $this->response->status(403); } if (! $this->project->isModifiedSince($project_id, $timestamp)) { return $this->response->status(304); } - $this->response->html($this->renderBoard($project_id)); + return $this->response->html($this->renderBoard($project_id)); } /** @@ -126,14 +118,10 @@ class Board extends Base */ public function reload() { - if (! $this->request->isAjax()) { - return $this->response->status(403); - } - $project_id = $this->request->getIntegerParam('project_id'); - if (! $this->projectPermission->isUserAllowed($project_id, $this->userSession->getId())) { - $this->response->text('Forbidden', 403); + if (! $project_id || ! $this->request->isAjax()) { + return $this->response->status(403); } $values = $this->request->getJson(); -- cgit v1.2.3