From b5cad97f7502e2b729283324fb7d0137a13f5c4a Mon Sep 17 00:00:00 2001
From: Jan Schneider <jan@horde.org>
Date: Mon, 16 Nov 2009 19:08:51 +0100
Subject: [PATCH] Permission checking.

---
 nag/lib/Api.php | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/nag/lib/Api.php b/nag/lib/Api.php
index 176fcc401..8db58c614 100644
--- a/nag/lib/Api.php
+++ b/nag/lib/Api.php
@@ -906,7 +906,8 @@ class Nag_Api extends Horde_Registry_Api
             return $task;
         }
 
-        if (!array_key_exists($task->tasklist, Nag::listTasklists(false, PERMS_READ))) {
+        if (!array_key_exists($task->tasklist,
+                              Nag::listTasklists(false, PERMS_READ))) {
             return PEAR::raiseError(_("Permission Denied"));
         }
 
@@ -944,6 +945,12 @@ class Nag_Api extends Horde_Registry_Api
     public function getTask($tasklist, $id)
     {
         require_once dirname(__FILE__) . '/base.php';
+
+        if (!array_key_exists($tasklist,
+                              Nag::listTasklists(false, PERMS_READ))) {
+            return PEAR::raiseError(_("Permission Denied"));
+        }
+
         $storage = Nag_Driver::singleton($tasklist);
         return $storage->get($id);
     }
-- 
2.11.0