[Fusionforge-commits] r8557 - trunk/gforge/common/reporting

Alain Peyrat aljeux at libremir.placard.fr.eu.org
Thu Dec 17 18:41:14 CET 2009


Author: aljeux
Date: 2009-12-17 18:41:13 +0100 (Thu, 17 Dec 2009)
New Revision: 8557

Modified:
   trunk/gforge/common/reporting/ReportTrackerAct.class.php
Log:
ReportTrackerAct: Check access control before giving results

Modified: trunk/gforge/common/reporting/ReportTrackerAct.class.php
===================================================================
--- trunk/gforge/common/reporting/ReportTrackerAct.class.php	2009-12-17 17:41:08 UTC (rev 8556)
+++ trunk/gforge/common/reporting/ReportTrackerAct.class.php	2009-12-17 17:41:13 UTC (rev 8557)
@@ -35,9 +35,21 @@
 function ReportTrackerAct($span,$group_id,$atid,$start=0,$end=0) {
 	$this->Report();
 
+	$group =& group_get_object($group_id);
+	$at = new ArtifactType($group, $atid);
+	if ($at->isError()) {
+		if ($at->isPermissionDeniedError()) {
+			exit_permission_denied();
+		} else {
+			exit_error('Error',$at->getErrorMessage());
+		}
+	}
+
+	// Set start date from the project date.
 	if (!$start) {
 		$start=mktime(0,0,0,date('m'),1,date('Y')-1);
 	}
+
 	if (!$end) {
 		$end=time();
 	} else {




More information about the Fusionforge-commits mailing list