[evolvis-commits] r14074: ReportTrackerAct: Check access control before giving results

mirabilos at evolvis.org mirabilos at evolvis.org
Mon Feb 28 03:48:27 CET 2011


Author: mirabilos
Date: 2011-02-28 03:48:27 +0100 (Mon, 28 Feb 2011)
New Revision: 14074

Modified:
   trunk/gforge_base/evolvisforge-5.1/gforge/common/reporting/ReportTrackerAct.class.php
Log:
ReportTrackerAct: Check access control before giving results

Modified: trunk/gforge_base/evolvisforge-5.1/gforge/common/reporting/ReportTrackerAct.class.php
===================================================================
--- trunk/gforge_base/evolvisforge-5.1/gforge/common/reporting/ReportTrackerAct.class.php	2011-02-28 02:48:24 UTC (rev 14073)
+++ trunk/gforge_base/evolvisforge-5.1/gforge/common/reporting/ReportTrackerAct.class.php	2011-02-28 02:48:27 UTC (rev 14074)
@@ -35,9 +35,21 @@
 function ReportTrackerAct($span,$group_id,$atid,$start=0,$end=0) {
 	$this->Report();
 
+	$group =& group_get_object($group_id);
+	$at = new ArtifactType($group, $atid);
+	if ($at->isError()) {
+		if ($at->isPermissionDeniedError()) {
+			exit_permission_denied();
+		} else {
+			exit_error('Error',$at->getErrorMessage());
+		}
+	}
+
+	// Set start date from the project date.
 	if (!$start) {
 		$start=mktime(0,0,0,date('m'),1,date('Y')-1);
 	}
+
 	if (!$end) {
 		$end=time();
 	} else {



More information about the evolvis-commits mailing list