Commit d5a2788a authored by Richard Mansfield's avatar Richard Mansfield
Browse files

Check edit permissions in tasks.json.php (bug #771623)



Change-Id: I689b3f07744ae7f740f472110942039f2b00232c
Signed-off-by: default avatarRichard Mansfield <richard.mansfield@catalyst.net.nz>
parent d9e0e603
......@@ -35,6 +35,10 @@ $plan = param_integer('id');
$limit = param_integer('limit', 10);
$offset = param_integer('offset', 0);
if (!$USER->can_edit_artefact(new ArtefactTypePlan($plan))) {
json_reply(true, get_string('accessdenied', 'error'));
}
$tasks = ArtefactTypeTask::get_tasks($plan, $offset, $limit);
ArtefactTypeTask::build_tasks_list_html($tasks);
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment