From 4b6d666818a2002f7db26c573e1667117ee0dae4 Mon Sep 17 00:00:00 2001
From: Andrey Antukh <niwi@niwi.be>
Date: Fri, 5 Sep 2014 22:30:55 +0200
Subject: [PATCH] Check if project matches the content_object.project.

---
 taiga/projects/attachments/api.py | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/taiga/projects/attachments/api.py b/taiga/projects/attachments/api.py
index e1195e2f..c6a47450 100644
--- a/taiga/projects/attachments/api.py
+++ b/taiga/projects/attachments/api.py
@@ -61,6 +61,9 @@ class BaseAttachmentViewSet(HistoryResourceMixin, WatchedResourceMixin, ModelCru
             obj.content_type = self.get_content_type()
             obj.owner = self.request.user
 
+        if obj.project_id != obj.content_object.project_id:
+            raise exc.WrongArguments("Project ID not matches between object and project")
+
         super().pre_save(obj)
 
     def post_delete(self, obj):