Add project restriction to block task edition

2017-04-07 21:46:36 -04:00
parent 481e767d35
commit 003c03a4e6
6 changed files with 44 additions and 8 deletions
--- a/app/Controller/TaskModificationController.php
+++ b/app/Controller/TaskModificationController.php
@@ -22,7 +22,9 @@ class TaskModificationController extends BaseController
    public function start()
    {
        $task = $this->getTask();
-        $this->taskModificationModel->update(array('id' => $task['id'], 'date_started' => time()));
+        $values = array('id' => $task['id'], 'date_started' => time());
+        $this->checkPermission($task, $values);
+        $this->taskModificationModel->update($values);
        $this->response->redirect($this->helper->url->to('TaskViewController', 'show', array('project_id' => $task['project_id'], 'task_id' => $task['id'])));
    }

@@ -103,10 +105,7 @@ class TaskModificationController extends BaseController

    protected function updateTask(array &$task, array &$values, array &$errors)
    {
-        if (isset($values['owner_id']) && $values['owner_id'] != $task['owner_id'] && ! $this->helper->projectRole->canChangeAssignee($task)) {
-            throw new AccessForbiddenException(t('You are not allowed to change the assignee'));
-        }
-
+        $this->checkPermission($task, $values);
        $result = $this->taskModificationModel->update($values);

        if ($result && ! empty($task['external_uri'])) {
@@ -123,4 +122,15 @@ class TaskModificationController extends BaseController

        return $result;
    }
+
+    protected function checkPermission(array &$task, array &$values)
+    {
+        if (isset($values['owner_id']) && $values['owner_id'] != $task['owner_id'] && !$this->helper->projectRole->canChangeAssignee($task)) {
+            throw new AccessForbiddenException(t('You are not allowed to change the assignee.'));
+        }
+
+        if (! $this->helper->projectRole->canUpdateTask($task)) {
+            throw new AccessForbiddenException(t('You are not allowed to update tasks assigned to someone else.'));
+        }
+    }
 }
--- a/app/Helper/ProjectRoleHelper.php
+++ b/app/Helper/ProjectRoleHelper.php
@@ -189,6 +189,24 @@ class ProjectRoleHelper extends Base
        return true;
    }

+    /**
+     * Return true if the user can update a task
+     *
+     * @public
+     * @param  array $task
+     * @return bool
+     */
+    public function canUpdateTask(array $task)
+    {
+        $role = $this->getProjectUserRole($task['project_id']);
+
+        if ($task['owner_id'] != $this->userSession->getId() && $this->hasRestriction($task['project_id'], $role, ProjectRoleRestrictionModel::RULE_TASK_UPDATE_ASSIGNED)) {
+            return false;
+        }
+
+        return true;
+    }
+
    /**
     * Check project access
     *
--- a/app/Model/ProjectRoleRestrictionModel.php
+++ b/app/Model/ProjectRoleRestrictionModel.php
@@ -19,6 +19,7 @@ class ProjectRoleRestrictionModel extends Base
    const RULE_TASK_OPEN_CLOSE = 'task_open_close';
    const RULE_TASK_MOVE = 'task_move';
    const RULE_TASK_CHANGE_ASSIGNEE = 'task_change_assignee';
+    const RULE_TASK_UPDATE_ASSIGNED = 'task_update_assigned';

    /**
     * Get rules
@@ -33,6 +34,7 @@ class ProjectRoleRestrictionModel extends Base
            self::RULE_TASK_OPEN_CLOSE      => t('Closing or opening a task is not permitted'),
            self::RULE_TASK_MOVE            => t('Moving a task is not permitted'),
            self::RULE_TASK_CHANGE_ASSIGNEE => t('Changing assignee is not permitted'),
+            self::RULE_TASK_UPDATE_ASSIGNED => t('Update only assigned tasks'),
        );
    }