local-it/vikunja-api
0
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

Fix checking list rights when accessing a bucket

Browse source 
(Cherry-picked from 4ceeb877b1)
This commit is contained in:
kolaente 2021-04-22 16:44:42 +02:00
parent 279c5f6b73
commit eb6327a147
No known key found for this signature in database
GPG key ID: F40E70337AB24C9B
1 changed files with 13 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

13
pkg/models/kanban.go
View file

@ -99,6 +99,19 @@ func getDefaultBucket(s *xorm.Session, listID int64) (bucket *Bucket, err error)
// @Router /lists/{id}/buckets [get]
func (b *Bucket) ReadAll(s *xorm.Session, auth web.Auth, search string, page int, perPage int) (result interface{}, resultCount int, numberOfTotalItems int64, err error) {
list, err := GetListSimpleByID(s, b.ListID)
if err != nil {
return nil, 0, 0, err
}
can, _, err := list.CanRead(s, auth)
if err != nil {
return nil, 0, 0, err
}
if !can {
return nil, 0, 0, ErrGenericForbidden{}
}
// Note: I'm ignoring pagination for now since I've yet to figure out a way on how to make it work
// I'll probably just don't do it and instead make individual tasks archivable.