Fix incorrect access checks for updating and deleting categories

Fixes #11873: [patch] Add and delete category of a specific project using SOAP API
mantisbt · May 12, 2010 · 8277d96 · 8277d96
1 parent 731eaf0
commit 8277d96
Showing 1 changed file with 2 additions and 2 deletions.
diff --git a/api/soap/mc_project_api.php b/api/soap/mc_project_api.php
@@ -151,7 +151,7 @@ function mc_project_delete_category ($p_username, $p_password, $p_project_id, $p
                 return new soap_fault( 'Client', '', "Project '$p_project_id' does not exist." );
         }
 
-        if( !mci_has_access( config_get( 'manage_project_threshold' ), $p_project_id ) ) {
+        if( !mci_has_access( config_get( 'manage_project_threshold' ), $t_user_id, $p_project_id ) ) {
                 return new soap_fault( 'Client', '', 'Access Denied' );
         }
 
@@ -188,7 +188,7 @@ function mc_project_rename_category_by_name ($p_username, $p_password, $p_projec
                 return new soap_fault( 'Client', '', "Project '$p_project_id' does not exist." );
         }
 
-        if( !mci_has_access( config_get( 'manage_project_threshold' ), $p_project_id ) ) {
+        if( !mci_has_access( config_get( 'manage_project_threshold' ), $t_user_id, $p_project_id ) ) {
                 return new soap_fault( 'Client', '', 'Access Denied' );
         }