projects / horde.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: bd9748f)
Permission checking.
authorJan Schneider <jan@horde.org>
Mon, 16 Nov 2009 18:08:51 +0000 (19:08 +0100)
committerJan Schneider <jan@horde.org>
Mon, 16 Nov 2009 18:08:51 +0000 (19:08 +0100)
nag/lib/Api.php patch | blob | history

diff --git a/nag/lib/Api.php b/nag/lib/Api.php
index 176fcc4..8db58c6 100644 (file)
--- a/nag/lib/Api.php
+++ b/nag/lib/Api.php
@@ -906,7 +906,8 @@ class Nag_Api extends Horde_Registry_Api
             return $task;
         }
 
-        if (!array_key_exists($task->tasklist, Nag::listTasklists(false, PERMS_READ))) {
+        if (!array_key_exists($task->tasklist,
+                              Nag::listTasklists(false, PERMS_READ))) {
             return PEAR::raiseError(_("Permission Denied"));
         }
 
@@ -944,6 +945,12 @@ class Nag_Api extends Horde_Registry_Api
     public function getTask($tasklist, $id)
     {
         require_once dirname(__FILE__) . '/base.php';
+
+        if (!array_key_exists($tasklist,
+                              Nag::listTasklists(false, PERMS_READ))) {
+            return PEAR::raiseError(_("Permission Denied"));
+        }
+
         $storage = Nag_Driver::singleton($tasklist);
         return $storage->get($id);
     }
Unnamed repository; edit this file to name it for gitweb.