ami/tl-vikunja
1
0
Fork 0
Code

fix(saved filters): check permissions when accessing tasks of a filter

Browse Source 
(cherry picked from commit bbbd936868f73a73e37d0f40313274e9e0ba30ac)
This commit is contained in:
kolaente 2024-11-21 15:42:26 +01:00
parent 4d454de228
commit a0d05211ff
No known key found for this signature in database
GPG Key ID: F40E70337AB24C9B
1 changed files with 8 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
pkg/models/task_collection.go
View File

@ -233,6 +233,14 @@ func (tf *TaskCollection) ReadAll(s *xorm.Session, a web.Auth, search string, pa
return nil, 0, 0, err return nil, 0, 0, err
} }
canRead, _, err := sf.CanRead(s, a)
if err != nil {
return nil, 0, 0, err
}
if !canRead {
return nil, 0, 0, ErrGenericForbidden{}
}
// By prepending sort options before the saved ones from the filter, we make sure the supplied sort // By prepending sort options before the saved ones from the filter, we make sure the supplied sort
// options via query take precedence over the rest. // options via query take precedence over the rest.