Allow urls without project_id
This commit is contained in:
Frederic Guillot
parent
29606b34cb
commit
0f6a4e9de9
|
|
@ -165,16 +165,17 @@ abstract class Base
|
|||
$this->container['dispatcher']->dispatch('session.bootstrap', new Event);
|
||||
|
||||
if (! $this->acl->isPublicAction($controller, $action)) {
|
||||
$this->handleAuthenticatedUser($controller, $action);
|
||||
$this->handleAuthentication($controller, $action);
|
||||
$this->handleAuthorization($controller, $action);
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Check page access and authentication
|
||||
* Check authentication
|
||||
*
|
||||
* @access public
|
||||
*/
|
||||
public function handleAuthenticatedUser($controller, $action)
|
||||
public function handleAuthentication($controller, $action)
|
||||
{
|
||||
if (! $this->authentication->isAuthenticated()) {
|
||||
|
||||
|
|
@ -184,8 +185,24 @@ abstract class Base
|
|||
|
||||
$this->response->redirect('?controller=user&action=login&redirect_query='.urlencode($this->request->getQueryString()));
|
||||
}
|
||||
}
|
||||
|
||||
if (! $this->acl->isAllowed($controller, $action, $this->request->getIntegerParam('project_id', 0))) {
|
||||
/**
|
||||
* Check page access and authorization
|
||||
*
|
||||
* @access public
|
||||
*/
|
||||
public function handleAuthorization($controller, $action)
|
||||
{
|
||||
$project_id = $this->request->getIntegerParam('project_id');
|
||||
$task_id = $this->request->getIntegerParam('task_id');
|
||||
|
||||
// Allow urls without "project_id"
|
||||
if ($task_id > 0 && $project_id === 0) {
|
||||
$project_id = $this->taskFinder->getProjectId($task_id);
|
||||
}
|
||||
|
||||
if (! $this->acl->isAllowed($controller, $action, $project_id)) {
|
||||
$this->forbidden();
|
||||
}
|
||||
}
|
||||
|
|
@ -287,7 +304,7 @@ abstract class Base
|
|||
{
|
||||
$task = $this->taskFinder->getDetails($this->request->getIntegerParam('task_id'));
|
||||
|
||||
if (! $task || $task['project_id'] != $this->request->getIntegerParam('project_id')) {
|
||||
if (! $task) {
|
||||
$this->notfound();
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -172,6 +172,18 @@ class TaskFinder extends Base
|
|||
return $tasks;
|
||||
}
|
||||
|
||||
/**
|
||||
* Get project id for a given task
|
||||
*
|
||||
* @access public
|
||||
* @param integer $task_id Task id
|
||||
* @return integer
|
||||
*/
|
||||
public function getProjectId($task_id)
|
||||
{
|
||||
return (int) $this->db->table(Task::TABLE)->eq('id', $task_id)->findOneColumn('project_id') ?: 0;
|
||||
}
|
||||
|
||||
/**
|
||||
* Fetch a task by the id
|
||||
*
|
||||
|
|
|
|||
Loading…
Reference in New Issue