fix(kanban): disable task edit for non-assignees and enforce guard in edit action

Diogo-Ferraz · Diogo-Ferraz · commit 0cb0b22806b5 · 2026-02-27T10:43:24.000+01:00
diff --git a/src/app/features/projects/components/project-kanban/project-kanban.component.html b/src/app/features/projects/components/project-kanban/project-kanban.component.html
@@ -148,7 +148,7 @@ <h2>Project Kanban Board</h2>
                       <span class="task-card__title">{{ task.title }}</span>
                       <div class="task-card__header-actions">
                         <p-tag *ngIf="isTaskPending(task.id)" severity="info" value="Saving"></p-tag>
-                        <button pButton type="button" icon="pi pi-pencil" class="p-button-rounded p-button-text p-button-sm" [disabled]="isTaskPending(task.id)" (click)="openEditTask(task)"></button>
+                        <button pButton type="button" icon="pi pi-pencil" class="p-button-rounded p-button-text p-button-sm" [disabled]="isTaskPending(task.id) || !canEditTask(task)" (click)="openEditTask(task)"></button>
                         <button
                           pButton
                           type="button"
diff --git a/src/app/features/projects/components/project-kanban/project-kanban.component.ts b/src/app/features/projects/components/project-kanban/project-kanban.component.ts
@@ -213,6 +213,10 @@ export class ProjectKanbanComponent implements OnInit, OnDestroy {
   }
 
   openEditTask(task: TaskItemDto): void {
+    if (!this.canEditTask(task) || this.isTaskPending(task.id)) {
+      return;
+    }
+
     this.editTaskId = task.id;
     this.taskForm = {
       title: task.title,
@@ -348,6 +352,10 @@ export class ProjectKanbanComponent implements OnInit, OnDestroy {
     return !!this.currentUserId && task.assignedUserId === this.currentUserId;
   }
 
+  canEditTask(task: TaskItemDto): boolean {
+    return this.canManageAllTasks || this.isAssignedToMe(task);
+  }
+
   canDeleteTask(task: TaskItemDto): boolean {
     return this.canManageAllTasks || this.isAssignedToMe(task);
   }

Original file line number	Diff line number	Diff line change
`@@ -213,6 +213,10 @@ export class ProjectKanbanComponent implements OnInit, OnDestroy {`
`213`	`213`	`}`
`214`	`214`
`215`	`215`	`openEditTask(task: TaskItemDto): void {`
	`216`	`+ if (!this.canEditTask(task) \|\| this.isTaskPending(task.id)) {`
	`217`	`+ return;`
	`218`	`+ }`
	`219`	`+`
`216`	`220`	`this.editTaskId = task.id;`
`217`	`221`	`this.taskForm = {`
`218`	`222`	`title: task.title,`
`@@ -348,6 +352,10 @@ export class ProjectKanbanComponent implements OnInit, OnDestroy {`
`348`	`352`	`return !!this.currentUserId && task.assignedUserId === this.currentUserId;`
`349`	`353`	`}`
`350`	`354`
	`355`	`+ canEditTask(task: TaskItemDto): boolean {`
	`356`	`+ return this.canManageAllTasks \|\| this.isAssignedToMe(task);`
	`357`	`+ }`
	`358`	`+`
`351`	`359`	`canDeleteTask(task: TaskItemDto): boolean {`
`352`	`360`	`return this.canManageAllTasks \|\| this.isAssignedToMe(task);`
`353`	`361`	`}`