AS1024/Kanboard-Prod
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Add acl and access list for projects

Browse Source
This commit is contained in:
Frédéric Guillot
2014-03-01 19:51:09 -05:00
parent e7db71b593
commit 28bc4246bf
22 changed files with 647 additions and 105 deletions
Download Patch File Download Diff File Expand all files Collapse all files

64
models/acl.php Normal file
View File

@@ -0,0 +1,64 @@
<?php
namespace Model;
class Acl extends Base
{
// Controllers and actions allowed from outside
private $public_actions = array(
'user' => array('login', 'check'),
'task' => array('add'),
'board' => array('readonly'),
);
// Controllers and actions allowed for regular users
private $user_actions = array(
'app' => array('index'),
'board' => array('index', 'show', 'assign', 'assigntask', 'save'),
'project' => array('tasks', 'index', 'forbidden'),
'task' => array('show', 'create', 'save', 'edit', 'update', 'close', 'confirmclose', 'open', 'confirmopen'),
'user' => array('index', 'edit', 'update', 'forbidden', 'logout', 'index'),
'config' => array('index'),
);
public function isAllowedAction(array $acl, $controller, $action)
{
if (isset($acl[$controller])) {
return in_array($action, $acl[$controller]);
}
return false;
}
public function isPublicAction($controller, $action)
{
return $this->isAllowedAction($this->public_actions, $controller, $action);
}
public function isUserAction($controller, $action)
{
return $this->isAllowedAction($this->user_actions, $controller, $action);
}
public function isAdminUser()
{
return isset($_SESSION['user']['is_admin']) && $_SESSION['user']['is_admin'] === '1';
}
public function isRegularUser()
{
return isset($_SESSION['user']['is_admin']) && $_SESSION['user']['is_admin'] === '0';
}
public function getUserId()
{
return isset($_SESSION['user']['id']) ? (int) $_SESSION['user']['id'] : 0;
}
public function isPageAccessAllowed($controller, $action)
{
return $this->isPublicAction($controller, $action) ||
$this->isAdminUser() ||
($this->isRegularUser() && $this->isUserAction($controller, $action));
}
}

5
models/base.php
View File

@@ -18,8 +18,7 @@ require __DIR__.'/schema.php';
abstract class Base
{
const APP_VERSION = 'master';
const DB_VERSION = 6;
const DB_FILENAME = 'data/db.sqlite';
const DB_VERSION = 7;
private static $dbInstance = null;
protected $db;
@@ -37,7 +36,7 @@ abstract class Base
{
$db = new \PicoDb\Database(array(
'driver' => 'sqlite',
'filename' => self::DB_FILENAME
'filename' => DB_FILENAME
));
if ($db->schema()->check(self::DB_VERSION)) {

4
models/config.php
View File

@@ -79,11 +79,11 @@ class Config extends Base
public function downloadDatabase()
{
return gzencode(file_get_contents(self::DB_FILENAME));
return gzencode(file_get_contents(DB_FILENAME));
}
public function getDatabaseSize()
{
return filesize(self::DB_FILENAME);
return filesize(DB_FILENAME);
}
}

144
models/project.php
View File

@@ -8,10 +8,89 @@ use \SimpleValidator\Validators;
class Project extends Base
{
const TABLE = 'projects';
const TABLE_USERS = 'project_has_users';
const ACTIVE = 1;
const INACTIVE = 0;
public function get($project_id)
public function getUsersList($project_id)
{
$allowed_users = $this->getAllowedUsers($project_id);
if (empty($allowed_users)) {
$userModel = new User;
$allowed_users = $userModel->getList();
}
return array(t('Unassigned')) + $allowed_users;
}
public function getAllowedUsers($project_id)
{
return $this->db
->table(self::TABLE_USERS)
->join(\Model\User::TABLE, 'id', 'user_id')
->eq('project_id', $project_id)
->asc('username')
->listing('user_id', 'username');
}
public function getAllUsers($project_id)
{
$users = array(
'allowed' => array(),
'not_allowed' => array(),
);
$userModel = new User;
$all_users = $userModel->getList();
$users['allowed'] = $this->getAllowedUsers($project_id);
foreach ($all_users as $user_id => $username) {
if (! isset($users['allowed'][$user_id])) {
$users['not_allowed'][$user_id] = $username;
}
}
return $users;
}
public function allowUser($project_id, $user_id)
{
return $this->db
->table(self::TABLE_USERS)
->save(array('project_id' => $project_id, 'user_id' => $user_id));
}
public function revokeUser($project_id, $user_id)
{
return $this->db
->table(self::TABLE_USERS)
->eq('project_id', $project_id)
->eq('user_id', $user_id)
->remove();
}
public function isUserAllowed($project_id, $user_id)
{
// If there is nobody specified, everybody have access to the project
$nb_users = $this->db
->table(self::TABLE_USERS)
->eq('project_id', $project_id)
->count();
if ($nb_users < 1) return true;
// Otherwise, allow only specific users
return (bool) $this->db
->table(self::TABLE_USERS)
->eq('project_id', $project_id)
->eq('user_id', $user_id)
->count();
}
public function getById($project_id)
{
return $this->db->table(self::TABLE)->eq('id', $project_id)->findOne();
}
@@ -26,7 +105,7 @@ class Project extends Base
return $this->db->table(self::TABLE)->findOne();
}
public function getAll($fetch_stats = false)
public function getAll($fetch_stats = false, $check_permissions = false)
{
if (! $fetch_stats) {
return $this->db->table(self::TABLE)->asc('name')->findAll();
@@ -41,20 +120,27 @@ class Project extends Base
$taskModel = new \Model\Task;
$boardModel = new \Model\Board;
$aclModel = new \Model\Acl;
foreach ($projects as &$project) {
foreach ($projects as $pkey => &$project) {
$columns = $boardModel->getcolumns($project['id']);
$project['nb_active_tasks'] = 0;
foreach ($columns as &$column) {
$column['nb_active_tasks'] = $taskModel->countByColumnId($project['id'], $column['id']);
$project['nb_active_tasks'] += $column['nb_active_tasks'];
if ($check_permissions && ! $this->isUserAllowed($project['id'], $aclModel->getUserId())) {
unset($projects[$pkey]);
}
else {
$project['columns'] = $columns;
$project['nb_tasks'] = $taskModel->countByProjectId($project['id']);
$project['nb_inactive_tasks'] = $project['nb_tasks'] - $project['nb_active_tasks'];
$columns = $boardModel->getcolumns($project['id']);
$project['nb_active_tasks'] = 0;
foreach ($columns as &$column) {
$column['nb_active_tasks'] = $taskModel->countByColumnId($project['id'], $column['id']);
$project['nb_active_tasks'] += $column['nb_active_tasks'];
}
$project['columns'] = $columns;
$project['nb_tasks'] = $taskModel->countByProjectId($project['id']);
$project['nb_inactive_tasks'] = $project['nb_tasks'] - $project['nb_active_tasks'];
}
}
$this->db->closeTransaction();
@@ -93,12 +179,27 @@ class Project extends Base
->count();
}
public function filterListByAccess(array $projects, $user_id)
{
foreach ($projects as $project_id => $project_name) {
if (! $this->isUserAllowed($project_id, $user_id)) {
unset($projects[$project_id]);
}
}
return $projects;
}
public function create(array $values)
{
$this->db->startTransaction();
$values['token'] = self::generateToken();
$this->db->table(self::TABLE)->save($values);
if (! $this->db->table(self::TABLE)->save($values)) {
$this->db->cancelTransaction();
return false;
}
$project_id = $this->db->getConnection()->getLastId();
@@ -112,7 +213,7 @@ class Project extends Base
$this->db->closeTransaction();
return $project_id;
return (int) $project_id;
}
public function update(array $values)
@@ -170,4 +271,19 @@ class Project extends Base
$v->getErrors()
);
}
public function validateUserAccess(array $values)
{
$v = new Validator($values, array(
new Validators\Required('project_id', t('The project id is required')),
new Validators\Integer('project_id', t('This value must be an integer')),
new Validators\Required('user_id', t('The user id is required')),
new Validators\Integer('user_id', t('This value must be an integer')),
));
return array(
$v->execute(),
$v->getErrors()
);
}
}

14
models/schema.php
View File

@@ -2,6 +2,20 @@
namespace Schema;
function version_7($pdo)
{
$pdo->exec("
CREATE TABLE project_has_users (
id INTEGER PRIMARY KEY,
project_id INTEGER,
user_id INTEGER,
FOREIGN KEY(project_id) REFERENCES projects(id) ON DELETE CASCADE,
FOREIGN KEY(user_id) REFERENCES users(id) ON DELETE CASCADE,
UNIQUE(project_id, user_id)
)
");
}
function version_6($pdo)
{
$pdo->exec("ALTER TABLE columns ADD COLUMN task_limit INTEGER DEFAULT '0'");

4
models/user.php
View File

@@ -30,12 +30,12 @@ class User extends Base
public function getList()
{
return array(t('Unassigned')) + $this->db->table(self::TABLE)->asc('username')->listing('id', 'username');
return $this->db->table(self::TABLE)->asc('username')->listing('id', 'username');
}
public function create(array $values)
{
unset($values['confirmation']);
if (isset($values['confirmation'])) unset($values['confirmation']);
$values['password'] = \password_hash($values['password'], PASSWORD_BCRYPT);
return $this->db->table(self::TABLE)->save($values);