ahtlon/deck
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 1 Wiki Activity

security and api

Browse Source 
Signed-off-by: Jakob Röhrl <jakob.roehrl@web.de>
This commit is contained in:
Jakob Röhrl
2020-09-02 08:40:19 +02:00
parent 71780b5578
commit 2a4b0a3ed3
3 changed files with 21 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
lib/Service/StackService.php
View File

@@ -393,6 +393,8 @@ class StackService {
}
$this->permissionService->checkPermission(null, $boardId, Acl::PERMISSION_MANAGE);
$this->permissionService->checkPermission(null, $boardId, Acl::PERMISSION_READ);
if ($this->boardService->isArchived(null, $boardId)) {
throw new StatusException('Operation not allowed. This board is archived.');
}
@@ -400,6 +402,10 @@ class StackService {
$stack = $this->stackMapper->find($id);
$board = $this->boardMapper->find($boardId);
if ($stack->getBoardId() !== $board->getId()) {
throw new StatusException('Operation not allowed. Stack is not part of this board');
}
$newStack = new Stack();
$newStack->setTitle($stack->getTitle() . ' (' . $this->l10n->t('copy') . ')');
@@ -418,7 +424,6 @@ class StackService {
);
$cards = $this->cardMapper->findAll($id);
$newCardArray = [];
foreach ($cards as $card) {
$newCard = new Card();