From f0651c48c14f44a21d01c2ee71ebdd0a5ffd81a6 Mon Sep 17 00:00:00 2001 From: Frederic Guillot Date: Sun, 6 Dec 2015 17:39:21 -0500 Subject: Restrict actions for project viewers --- app/Helper/Subtask.php | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) (limited to 'app/Helper') diff --git a/app/Helper/Subtask.php b/app/Helper/Subtask.php index 4bb26e77..7d474de0 100644 --- a/app/Helper/Subtask.php +++ b/app/Helper/Subtask.php @@ -14,12 +14,17 @@ class Subtask extends \Kanboard\Core\Base * Get the link to toggle subtask status * * @access public - * @param array $subtask - * @param string $redirect + * @param array $subtask + * @param string $redirect + * @param integer $project_id * @return string */ - public function toggleStatus(array $subtask, $redirect) + public function toggleStatus(array $subtask, $redirect, $project_id = 0) { + if ($project_id > 0 && ! $this->helper->user->hasProjectAccess('subtask', 'edit', $project_id)) { + return trim($this->template->render('subtask/icons', array('subtask' => $subtask))) . $this->helper->e($subtask['title']); + } + if ($subtask['status'] == 0 && isset($this->sessionStorage->hasSubtaskInProgress) && $this->sessionStorage->hasSubtaskInProgress === true) { return $this->helper->url->link( trim($this->template->render('subtask/icons', array('subtask' => $subtask))) . $this->helper->e($subtask['title']), -- cgit v1.2.3