diff options
| author | Malf Furious <m@lfurio.us> | 2018-11-01 04:35:26 -0400 |
|---|---|---|
| committer | Malf Furious <m@lfurio.us> | 2018-11-01 04:35:26 -0400 |
| commit | d8e6fc09df73e4165fa5503b713f8958e1599175 (patch) | |
| tree | c37f9183bc952294551138780387886583bb5c90 /app | |
| parent | 75c8a6d4ee00ba9b7040697c4de65620f27b9728 (diff) | |
| download | scrott-d8e6fc09df73e4165fa5503b713f8958e1599175.tar.gz scrott-d8e6fc09df73e4165fa5503b713f8958e1599175.zip | |
Fix 'closeIssue' form submission
I was failing to assert user has modify permissions for the issue.
Signed-off-by: Malf Furious <m@lfurio.us>
Diffstat (limited to 'app')
| -rw-r--r-- | app/model/issue.php | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/app/model/issue.php b/app/model/issue.php index 0954ad9..403e82e 100644 --- a/app/model/issue.php +++ b/app/model/issue.php @@ -52,6 +52,12 @@ if (isAction("iss-mesg-add")) if (isset(input()['closeIssue'])) { + if (!$user->canModify($issue)) + { + logError(ERROR, "You do not have permission to close this issue"); + return; + } + $issue->close($user); logError(NOTICE, "Issue #" . $issue->numb . " closed"); $log = mesg::initNewLog("% closed issue", $user, $issue); |