From c84df535b6bdc7260144872fc4e0c241a5a5ad61 Mon Sep 17 00:00:00 2001
From: Frederic Guillot <fred@kanboard.net>
Date: Sun, 11 Sep 2016 18:32:47 -0400
Subject: Improve column restrictions

---
 app/Controller/TaskMovePositionController.php | 4 ++++
 1 file changed, 4 insertions(+)

(limited to 'app/Controller')

diff --git a/app/Controller/TaskMovePositionController.php b/app/Controller/TaskMovePositionController.php
index 0db742c3..c6e8be0c 100644
--- a/app/Controller/TaskMovePositionController.php
+++ b/app/Controller/TaskMovePositionController.php
@@ -30,6 +30,10 @@ class TaskMovePositionController extends BaseController
         $task = $this->getTask();
         $values = $this->request->getJson();
 
+        if (! $this->helper->projectRole->canMoveTask($task['project_id'], $task['column_id'], $values['column_id'])) {
+            throw new AccessForbiddenException(e("You don't have the permission to move this task"));
+        }
+
         $result = $this->taskPositionModel->movePosition(
             $task['project_id'],
             $task['id'],
-- 
cgit v1.2.3