ami/tl-vikunja
1
0
Fork 0
Code Activity

fix(projects): properly check if a user or link share is allowed to create a new project

Browse Source
This commit is contained in:
kolaente
2023-01-12 16:49:52 +01:00
parent 03eb4ecd07
commit 154ac61d7c
2 changed files with 11 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
pkg/models/project_rights.go
View File

@ -161,7 +161,16 @@ func (p *Project) CanDelete(s *xorm.Session, a web.Auth) (bool, error) {
// CanCreate checks if the user can create a project
func (p *Project) CanCreate(s *xorm.Session, a web.Auth) (bool, error) {
return p.CanWrite(s, a)
if p.ParentProjectID != 0 {
parent := &Project{ID: p.ParentProjectID}
return parent.CanWrite(s, a)
}
// Check if we're dealing with a share auth
_, is := a.(*LinkSharing)
if is {
return false, nil
}
return true, nil
}
// IsAdmin returns whether the user has admin rights on the project or not