AS1024/Kanboard-Prod
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Extract project permissions to a separate class

Browse Source
This commit is contained in:
Frédéric Guillot
2014-09-20 12:52:48 +02:00
parent 5f96af82f2
commit 00cdc609d1
15 changed files with 452 additions and 413 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
app/Controller/Action.php
View File

@@ -27,7 +27,7 @@ class Action extends Base
'available_events' => $this->action->getAvailableEvents(),
'available_params' => $this->action->getAllActionParameters(),
'columns_list' => $this->board->getColumnsList($project['id']),
'users_list' => $this->project->getUsersList($project['id']),
'users_list' => $this->projectPermission->getUsersList($project['id']),
'projects_list' => $this->project->getList(false),
'colors_list' => $this->color->getList(),
'categories_list' => $this->category->getList($project['id']),
@@ -51,7 +51,7 @@ class Action extends Base
'values' => $values,
'action_params' => $action->getActionRequiredParameters(),
'columns_list' => $this->board->getColumnsList($project['id']),
'users_list' => $this->project->getUsersList($project['id']),
'users_list' => $this->projectPermission->getUsersList($project['id']),
'projects_list' => $this->project->getList(false),
'colors_list' => $this->color->getList(),
'categories_list' => $this->category->getList($project['id']),

3
app/Controller/Base.php
View File

@@ -26,6 +26,7 @@ use Model\LastLogin;
* @property \Model\LastLogin $lastLogin
* @property \Model\Notification $notification
* @property \Model\Project $project
* @property \Model\ProjectPermission $projectPermission
* @property \Model\SubTask $subTask
* @property \Model\Task $task
* @property \Model\TaskHistory $taskHistory
@@ -211,7 +212,7 @@ abstract class Base
{
if ($this->acl->isRegularUser()) {
if ($project_id > 0 && ! $this->project->isUserAllowed($project_id, $this->acl->getUserId())) {
if ($project_id > 0 && ! $this->projectPermission->isUserAllowed($project_id, $this->acl->getUserId())) {
$this->forbidden();
}
}

16
app/Controller/Board.php
View File

@@ -55,11 +55,11 @@ class Board extends Base
{
$task = $this->getTask();
$project = $this->project->getById($task['project_id']);
$projects = $this->project->getAvailableList($this->acl->getUserId());
$projects = $this->projectPermission->getAllowedProjects($this->acl->getUserId());
$params = array(
'errors' => array(),
'values' => $task,
'users_list' => $this->project->getUsersList($project['id']),
'users_list' => $this->projectPermission->getUsersList($project['id']),
'projects' => $projects,
'current_project_id' => $project['id'],
'current_project_name' => $project['name'],
@@ -109,7 +109,7 @@ class Board extends Base
{
$task = $this->getTask();
$project = $this->project->getById($task['project_id']);
$projects = $this->project->getAvailableList($this->acl->getUserId());
$projects = $this->projectPermission->getAllowedProjects($this->acl->getUserId());
$params = array(
'errors' => array(),
'values' => $task,
@@ -194,7 +194,7 @@ class Board extends Base
$project_id = $last_seen_project_id ?: $favorite_project_id;
if (! $project_id) {
$projects = $this->project->getAvailableList($this->acl->getUserId());
$projects = $this->projectPermission->getAllowedProjects($this->acl->getUserId());
if (empty($projects)) {
@@ -220,7 +220,7 @@ class Board extends Base
public function show($project_id = 0)
{
$project = $this->getProject($project_id);
$projects = $this->project->getAvailableList($this->acl->getUserId());
$projects = $this->projectPermission->getAllowedProjects($this->acl->getUserId());
$board_selector = $projects;
unset($board_selector[$project['id']]);
@@ -228,7 +228,7 @@ class Board extends Base
$this->user->storeLastSeenProjectId($project['id']);
$this->response->html($this->template->layout('board_index', array(
'users' => $this->project->getUsersList($project['id'], true, true),
'users' => $this->projectPermission->getUsersList($project['id'], true, true),
'filters' => array('user_id' => UserModel::EVERYBODY_ID),
'projects' => $projects,
'current_project_id' => $project['id'],
@@ -394,7 +394,7 @@ class Board extends Base
if ($project_id > 0 && $this->request->isAjax()) {
if (! $this->project->isUserAllowed($project_id, $this->acl->getUserId())) {
if (! $this->projectPermission->isUserAllowed($project_id, $this->acl->getUserId())) {
$this->response->status(401);
}
@@ -433,7 +433,7 @@ class Board extends Base
$project_id = $this->request->getIntegerParam('project_id');
$timestamp = $this->request->getIntegerParam('timestamp');
if ($project_id > 0 && ! $this->project->isUserAllowed($project_id, $this->acl->getUserId())) {
if ($project_id > 0 && ! $this->projectPermission->isUserAllowed($project_id, $this->acl->getUserId())) {
$this->response->text('Not Authorized', 401);
}

10
app/Controller/Project.php
View File

@@ -206,7 +206,7 @@ class Project extends Base
$this->response->html($this->projectLayout('project_users', array(
'project' => $project,
'users' => $this->project->getAllUsers($project['id']),
'users' => $this->projectPermission->getAllUsers($project['id']),
'menu' => 'projects',
'title' => t('Edit project access list')
)));
@@ -220,11 +220,11 @@ class Project extends Base
public function allow()
{
$values = $this->request->getValues();
list($valid,) = $this->project->validateUserAccess($values);
list($valid,) = $this->projectPermission->validateModification($values);
if ($valid) {
if ($this->project->allowUser($values['project_id'], $values['user_id'])) {
if ($this->projectPermission->allowUser($values['project_id'], $values['user_id'])) {
$this->session->flash(t('Project updated successfully.'));
}
else {
@@ -249,11 +249,11 @@ class Project extends Base
'user_id' => $this->request->getIntegerParam('user_id'),
);
list($valid,) = $this->project->validateUserAccess($values);
list($valid,) = $this->projectPermission->validateModification($values);
if ($valid) {
if ($this->project->revokeUser($values['project_id'], $values['user_id'])) {
if ($this->projectPermission->revokeUser($values['project_id'], $values['user_id'])) {
$this->session->flash(t('Project updated successfully.'));
}
else {

8
app/Controller/Subtask.php
View File

@@ -41,7 +41,7 @@ class Subtask extends Base
'task_id' => $task['id'],
),
'errors' => array(),
'users_list' => $this->project->getUsersList($task['project_id']),
'users_list' => $this->projectPermission->getUsersList($task['project_id']),
'task' => $task,
'menu' => 'tasks',
'title' => t('Add a sub-task')
@@ -79,7 +79,7 @@ class Subtask extends Base
$this->response->html($this->taskLayout('subtask_create', array(
'values' => $values,
'errors' => $errors,
'users_list' => $this->project->getUsersList($task['project_id']),
'users_list' => $this->projectPermission->getUsersList($task['project_id']),
'task' => $task,
'menu' => 'tasks',
'title' => t('Add a sub-task')
@@ -99,7 +99,7 @@ class Subtask extends Base
$this->response->html($this->taskLayout('subtask_edit', array(
'values' => $subtask,
'errors' => array(),
'users_list' => $this->project->getUsersList($task['project_id']),
'users_list' => $this->projectPermission->getUsersList($task['project_id']),
'status_list' => $this->subTask->getStatusList(),
'subtask' => $subtask,
'task' => $task,
@@ -136,7 +136,7 @@ class Subtask extends Base
$this->response->html($this->taskLayout('subtask_edit', array(
'values' => $values,
'errors' => $errors,
'users_list' => $this->project->getUsersList($task['project_id']),
'users_list' => $this->projectPermission->getUsersList($task['project_id']),
'status_list' => $this->subTask->getStatusList(),
'subtask' => $subtask,
'task' => $task,

10
app/Controller/Task.php
View File

@@ -123,7 +123,7 @@ class Task extends Base
),
'projects_list' => $this->project->getListByStatus(ProjectModel::ACTIVE),
'columns_list' => $this->board->getColumnsList($project_id),
'users_list' => $this->project->getUsersList($project_id),
'users_list' => $this->projectPermission->getUsersList($project_id),
'colors_list' => $this->color->getList(),
'categories_list' => $this->category->getList($project_id),
'menu' => 'tasks',
@@ -169,7 +169,7 @@ class Task extends Base
'values' => $values,
'projects_list' => $this->project->getListByStatus(ProjectModel::ACTIVE),
'columns_list' => $this->board->getColumnsList($values['project_id']),
'users_list' => $this->project->getUsersList($values['project_id']),
'users_list' => $this->projectPermission->getUsersList($values['project_id']),
'colors_list' => $this->color->getList(),
'categories_list' => $this->category->getList($values['project_id']),
'menu' => 'tasks',
@@ -199,7 +199,7 @@ class Task extends Base
'values' => $task,
'errors' => array(),
'task' => $task,
'users_list' => $this->project->getUsersList($task['project_id']),
'users_list' => $this->projectPermission->getUsersList($task['project_id']),
'colors_list' => $this->color->getList(),
'categories_list' => $this->category->getList($task['project_id']),
'ajax' => $this->request->isAjax(),
@@ -248,7 +248,7 @@ class Task extends Base
'errors' => $errors,
'task' => $task,
'columns_list' => $this->board->getColumnsList($values['project_id']),
'users_list' => $this->project->getUsersList($values['project_id']),
'users_list' => $this->projectPermission->getUsersList($values['project_id']),
'colors_list' => $this->color->getList(),
'categories_list' => $this->category->getList($values['project_id']),
'menu' => 'tasks',
@@ -458,7 +458,7 @@ class Task extends Base
$task = $this->getTask();
$values = $task;
$errors = array();
$projects_list = $this->project->getAvailableList($this->acl->getUserId());
$projects_list = $this->projectPermission->getAllowedProjects($this->acl->getUserId());
unset($projects_list[$task['project_id']]);

6
app/Controller/User.php
View File

@@ -189,7 +189,7 @@ class User extends Base
{
$user = $this->getUser();
$this->response->html($this->layout('user_show', array(
'projects' => $this->project->getAvailableList($user['id']),
'projects' => $this->projectPermission->getAllowedProjects($user['id']),
'user' => $user,
)));
}
@@ -252,7 +252,7 @@ class User extends Base
}
$this->response->html($this->layout('user_notifications', array(
'projects' => $this->project->getAvailableList($user['id']),
'projects' => $this->projectPermission->getAllowedProjects($user['id']),
'notifications' => $this->notification->readSettings($user['id']),
'user' => $user,
)));
@@ -353,7 +353,7 @@ class User extends Base
$this->response->html($this->layout('user_edit', array(
'values' => $values,
'errors' => $errors,
'projects' => $this->project->filterListByAccess($this->project->getList(), $user['id']),
'projects' => $this->projectPermission->getAllowedProjects($user['id']),
'user' => $user,
)));
}

1
app/Model/Base.php
View File

@@ -26,6 +26,7 @@ use PicoDb\Database;
* @property \Model\LastLogin $lastLogin
* @property \Model\Notification $notification
* @property \Model\Project $project
* @property \Model\ProjectPermission $projectPermission
* @property \Model\SubTask $subTask
* @property \Model\Task $task
* @property \Model\TaskExport $taskExport

236
app/Model/Project.php
View File

@@ -22,13 +22,6 @@ class Project extends Base
*/
const TABLE = 'projects';
/**
* SQL table name for users
*
* @var string
*/
const TABLE_USERS = 'project_has_users';
/**
* Value for active project
*
@@ -43,157 +36,6 @@ class Project extends Base
*/
const INACTIVE = 0;
/**
* Get a list of people that can be assigned for tasks
*
* @access public
* @param integer $project_id Project id
* @param bool $prepend_unassigned Prepend the 'Unassigned' value
* @param bool $prepend_everybody Prepend the 'Everbody' value
* @return array
*/
public function getUsersList($project_id, $prepend_unassigned = true, $prepend_everybody = false)
{
$allowed_users = $this->getAllowedUsers($project_id);
if (empty($allowed_users)) {
$allowed_users = $this->user->getList();
}
if ($prepend_unassigned) {
$allowed_users = array(t('Unassigned')) + $allowed_users;
}
if ($prepend_everybody) {
$allowed_users = array(User::EVERYBODY_ID => t('Everybody')) + $allowed_users;
}
return $allowed_users;
}
/**
* Get a list of allowed people for a project
*
* @access public
* @param integer $project_id Project id
* @return array
*/
public function getAllowedUsers($project_id)
{
$users = $this->db
->table(self::TABLE_USERS)
->join(User::TABLE, 'id', 'user_id')
->eq('project_id', $project_id)
->asc('username')
->columns(User::TABLE.'.id', User::TABLE.'.username', User::TABLE.'.name')
->findAll();
$result = array();
foreach ($users as $user) {
$result[$user['id']] = $user['name'] ?: $user['username'];
}
asort($result);
return $result;
}
/**
* Get allowed and not allowed users for a project
*
* @access public
* @param integer $project_id Project id
* @return array
*/
public function getAllUsers($project_id)
{
$users = array(
'allowed' => array(),
'not_allowed' => array(),
);
$all_users = $this->user->getList();
$users['allowed'] = $this->getAllowedUsers($project_id);
foreach ($all_users as $user_id => $username) {
if (! isset($users['allowed'][$user_id])) {
$users['not_allowed'][$user_id] = $username;
}
}
return $users;
}
/**
* Allow a specific user for a given project
*
* @access public
* @param integer $project_id Project id
* @param integer $user_id User id
* @return bool
*/
public function allowUser($project_id, $user_id)
{
return $this->db
->table(self::TABLE_USERS)
->save(array('project_id' => $project_id, 'user_id' => $user_id));
}
/**
* Revoke a specific user for a given project
*
* @access public
* @param integer $project_id Project id
* @param integer $user_id User id
* @return bool
*/
public function revokeUser($project_id, $user_id)
{
return $this->db
->table(self::TABLE_USERS)
->eq('project_id', $project_id)
->eq('user_id', $user_id)
->remove();
}
/**
* Check if a specific user is allowed to access to a given project
*
* @access public
* @param integer $project_id Project id
* @param integer $user_id User id
* @return bool
*/
public function isUserAllowed($project_id, $user_id)
{
// If there is nobody specified, everybody have access to the project
$nb_users = $this->db
->table(self::TABLE_USERS)
->eq('project_id', $project_id)
->count();
if ($nb_users < 1) return true;
// Check if user has admin rights
$nb_users = $this->db
->table(User::TABLE)
->eq('id', $user_id)
->eq('is_admin', 1)
->count();
if ($nb_users > 0) return true;
// Otherwise, allow only specific users
return (bool) $this->db
->table(self::TABLE_USERS)
->eq('project_id', $project_id)
->eq('user_id', $user_id)
->count();
}
/**
* Get a project by the id
*
@@ -256,7 +98,7 @@ class Project extends Base
foreach ($projects as $key => $project) {
if (! $this->isUserAllowed($project['id'], $this->acl->getUserId())) {
if (! $this->projectPermission->isUserAllowed($project['id'], $this->acl->getUserId())) {
unset($projects[$key]);
}
}
@@ -328,37 +170,6 @@ class Project extends Base
->count();
}
/**
* Filter a list of projects for a given user
*
* @access public
* @param array $projects Project list: ['project_id' => 'project_name']
* @param integer $user_id User id
* @return array
*/
public function filterListByAccess(array $projects, $user_id)
{
foreach ($projects as $project_id => $project_name) {
if (! $this->isUserAllowed($project_id, $user_id)) {
unset($projects[$project_id]);
}
}
return $projects;
}
/**
* Return a list of projects for a given user
*
* @access public
* @param integer $user_id User id
* @return array
*/
public function getAvailableList($user_id)
{
return $this->filterListByAccess($this->getListByStatus(self::ACTIVE), $user_id);
}
/**
* Gather some task metrics for a given project
*
@@ -409,27 +220,6 @@ class Project extends Base
return $this->db->getConnection()->getLastId();
}
/**
* Copy user access from a project to another one
*
* @author Antonio Rabelo
* @param integer $project_from Project Template
* @return integer $project_to Project that receives the copy
* @return boolean
*/
public function duplicateUsers($project_from, $project_to)
{
$users = $this->getAllowedUsers($project_from);
foreach ($users as $user_id => $name) {
if (! $this->allowUser($project_to, $user_id)) {
return false;
}
}
return true;
}
/**
* Clone a project
*
@@ -461,7 +251,7 @@ class Project extends Base
}
// Clone Allowed Users
if (! $this->duplicateUsers($project_id, $clone_project_id)) {
if (! $this->projectPermission->duplicate($project_id, $clone_project_id)) {
$this->db->cancelTransaction();
return false;
}
@@ -701,28 +491,6 @@ class Project extends Base
);
}
/**
* Validate allowed users
*
* @access public
* @param array $values Form values
* @return array $valid, $errors [0] = Success or not, [1] = List of errors
*/
public function validateUserAccess(array $values)
{
$v = new Validator($values, array(
new Validators\Required('project_id', t('The project id is required')),
new Validators\Integer('project_id', t('This value must be an integer')),
new Validators\Required('user_id', t('The user id is required')),
new Validators\Integer('user_id', t('This value must be an integer')),
));
return array(
$v->execute(),
$v->getErrors()
);
}
/**
* Attach events
*

247
app/Model/ProjectPermission.php Normal file
View File

@@ -0,0 +1,247 @@
<?php
namespace Model;
use SimpleValidator\Validator;
use SimpleValidator\Validators;
/**
* Project permission model
*
* @package model
* @author Frederic Guillot
*/
class ProjectPermission extends Base
{
/**
* SQL table name for permissions
*
* @var string
*/
const TABLE = 'project_has_users';
/**
* Get a list of people that can be assigned for tasks
*
* @access public
* @param integer $project_id Project id
* @param bool $prepend_unassigned Prepend the 'Unassigned' value
* @param bool $prepend_everybody Prepend the 'Everbody' value
* @return array
*/
public function getUsersList($project_id, $prepend_unassigned = true, $prepend_everybody = false)
{
$allowed_users = $this->getAllowedUsers($project_id);
if (empty($allowed_users)) {
$allowed_users = $this->user->getList();
}
if ($prepend_unassigned) {
$allowed_users = array(t('Unassigned')) + $allowed_users;
}
if ($prepend_everybody) {
$allowed_users = array(User::EVERYBODY_ID => t('Everybody')) + $allowed_users;
}
return $allowed_users;
}
/**
* Get a list of allowed people for a project
*
* @access public
* @param integer $project_id Project id
* @return array
*/
public function getAllowedUsers($project_id)
{
$users = $this->db
->table(self::TABLE)
->join(User::TABLE, 'id', 'user_id')
->eq('project_id', $project_id)
->asc('username')
->columns(User::TABLE.'.id', User::TABLE.'.username', User::TABLE.'.name')
->findAll();
$result = array();
foreach ($users as $user) {
$result[$user['id']] = $user['name'] ?: $user['username'];
}
asort($result);
return $result;
}
/**
* Get allowed and not allowed users for a project
*
* @access public
* @param integer $project_id Project id
* @return array
*/
public function getAllUsers($project_id)
{
$users = array(
'allowed' => array(),
'not_allowed' => array(),
);
$all_users = $this->user->getList();
$users['allowed'] = $this->getAllowedUsers($project_id);
foreach ($all_users as $user_id => $username) {
if (! isset($users['allowed'][$user_id])) {
$users['not_allowed'][$user_id] = $username;
}
}
return $users;
}
/**
* Allow a specific user for a given project
*
* @access public
* @param integer $project_id Project id
* @param integer $user_id User id
* @return bool
*/
public function allowUser($project_id, $user_id)
{
return $this->db
->table(self::TABLE)
->save(array('project_id' => $project_id, 'user_id' => $user_id));
}
/**
* Revoke a specific user for a given project
*
* @access public
* @param integer $project_id Project id
* @param integer $user_id User id
* @return bool
*/
public function revokeUser($project_id, $user_id)
{
return $this->db
->table(self::TABLE)
->eq('project_id', $project_id)
->eq('user_id', $user_id)
->remove();
}
/**
* Check if a specific user is allowed to access to a given project
*
* @access public
* @param integer $project_id Project id
* @param integer $user_id User id
* @return bool
*/
public function isUserAllowed($project_id, $user_id)
{
// If there is nobody specified, everybody have access to the project
$nb_users = $this->db
->table(self::TABLE)
->eq('project_id', $project_id)
->count();
if ($nb_users < 1) return true;
// Check if user has admin rights
$nb_users = $this->db
->table(User::TABLE)
->eq('id', $user_id)
->eq('is_admin', 1)
->count();
if ($nb_users > 0) return true;
// Otherwise, allow only specific users
return (bool) $this->db
->table(self::TABLE)
->eq('project_id', $project_id)
->eq('user_id', $user_id)
->count();
}
/**
* Filter a list of projects for a given user
*
* @access public
* @param array $projects Project list: ['project_id' => 'project_name']
* @param integer $user_id User id
* @return array
*/
public function filterProjects(array $projects, $user_id)
{
foreach ($projects as $project_id => $project_name) {
if (! $this->isUserAllowed($project_id, $user_id)) {
unset($projects[$project_id]);
}
}
return $projects;
}
/**
* Return a list of projects for a given user
*
* @access public
* @param integer $user_id User id
* @return array
*/
public function getAllowedProjects($user_id)
{
return $this->filterProjects($this->project->getListByStatus(Project::ACTIVE), $user_id);
}
/**
* Copy user access from a project to another one
*
* @author Antonio Rabelo
* @param integer $project_from Project Template
* @return integer $project_to Project that receives the copy
* @return boolean
*/
public function duplicate($project_from, $project_to)
{
$users = $this->getAllowedUsers($project_from);
foreach ($users as $user_id => $name) {
if (! $this->allowUser($project_to, $user_id)) {
return false;
}
}
return true;
}
/**
* Validate allowed users
*
* @access public
* @param array $values Form values
* @return array $valid, $errors [0] = Success or not, [1] = List of errors
*/
public function validateModification(array $values)
{
$v = new Validator($values, array(
new Validators\Required('project_id', t('The project id is required')),
new Validators\Integer('project_id', t('This value must be an integer')),
new Validators\Required('user_id', t('The user id is required')),
new Validators\Integer('user_id', t('This value must be an integer')),
));
return array(
$v->execute(),
$v->getErrors()
);
}
}

4
app/Model/Task.php
View File

@@ -279,7 +279,7 @@ class Task extends Base
$values['category_id'] = 0;
// Check if the assigned user is allowed for the new project
if ($task['owner_id'] && $this->project->isUserAllowed($values['project_id'], $task['owner_id'])) {
if ($task['owner_id'] && $this->projectPermission->isUserAllowed($values['project_id'], $task['owner_id'])) {
$values['owner_id'] = $task['owner_id'];
}
@@ -673,7 +673,7 @@ class Task extends Base
$values['owner_id'] = 0;
// Check if the assigned user is allowed for the new project
if ($task['owner_id'] && $this->project->isUserAllowed($project_id, $task['owner_id'])) {
if ($task['owner_id'] && $this->projectPermission->isUserAllowed($project_id, $task['owner_id'])) {
$values['owner_id'] = $task['owner_id'];
}