Fix rights checks (#70)

2019-04-01 19:48:48 +00:00
parent 19faee0102
commit 87873e53c5
17 changed files with 92 additions and 115 deletions
--- a/pkg/models/list_tasks_rights.go
+++ b/pkg/models/list_tasks_rights.go
@ -40,13 +40,15 @@ func (t *ListTask) CanCreate(a web.Auth) (bool, error) {
 }

 // CanRead determines if a user can read a task
-func (t *ListTask) CanRead(a web.Auth) (bool, error) {
+func (t *ListTask) CanRead(a web.Auth) (canRead bool, err error) {
+	// Get the task, error out if it doesn't exist
+	*t, err = getTaskByIDSimple(t.ID)
+	if err != nil {
+		return
+	}
+
 	// A user can read a task if it has access to the list
 	list := &List{ID: t.ListID}
-	err := list.GetSimpleByID()
-	if err != nil {
-		return false, err
-	}
 	return list.CanRead(a)
 }