From ad8b1223cc7c4dbfc7245d630d1b4f4831a8c80f Mon Sep 17 00:00:00 2001
From: Frederic Guillot <fred@kanboard.net>
Date: Sat, 27 May 2017 12:18:05 -0400
Subject: Check owner existence before to create project

---
 app/Model/ProjectModel.php | 8 ++++++++
 1 file changed, 8 insertions(+)

(limited to 'app/Model/ProjectModel.php')

diff --git a/app/Model/ProjectModel.php b/app/Model/ProjectModel.php
index 7f55a9fb..097806d8 100644
--- a/app/Model/ProjectModel.php
+++ b/app/Model/ProjectModel.php
@@ -355,6 +355,10 @@ class ProjectModel extends Base
      */
     public function create(array $values, $userId = 0, $addUser = false)
     {
+        if (! empty($userId) && ! $this->userModel->exists($userId)) {
+            return false;
+        }
+
         $this->db->startTransaction();
 
         $values['token'] = '';
@@ -447,6 +451,10 @@ class ProjectModel extends Base
             $values['end_date'] = $this->dateParser->getIsoDate($values['end_date']);
         }
 
+        if (! empty($values['owner_id']) && ! $this->userModel->exists($values['owner_id'])) {
+            return false;
+        }
+
         $this->helper->model->convertIntegerFields($values, array('priority_default', 'priority_start', 'priority_end'));
 
         return $this->exists($values['id']) &&
-- 
cgit v1.2.3