fix(saved filters): check permissions when accessing tasks of a filter

(cherry picked from commit bbbd936868f73a73e37d0f40313274e9e0ba30ac)
2024-11-21 15:42:26 +01:00 · 2024-11-21 15:42:26 +01:00 · a0d05211ff
commit a0d05211ff
parent 4d454de228
1 changed files with 8 additions and 0 deletions
--- a/pkg/models/task_collection.go
+++ b/pkg/models/task_collection.go
@ -233,6 +233,14 @@ func (tf *TaskCollection) ReadAll(s *xorm.Session, a web.Auth, search string, pa
 			return nil, 0, 0, err
 		}

+		canRead, _, err := sf.CanRead(s, a)
+		if err != nil {
+			return nil, 0, 0, err
+		}
+		if !canRead {
+			return nil, 0, 0, ErrGenericForbidden{}
+		}
+
 		// By prepending sort options before the saved ones from the filter, we make sure the supplied sort
 		// options via query take precedence over the rest.