AS1024/Kanboard-Prod
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Acl refactoring

Browse Source
This commit is contained in:
Frédéric Guillot
2014-12-31 12:37:15 -05:00
parent 66f150d887
commit 772804add8
93 changed files with 943 additions and 626 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
app/Controller/Action.php
View File

@@ -17,7 +17,7 @@ class Action extends Base
*/
public function index()
{
$project = $this->getProjectManagement();
$project = $this->getProject();
$this->response->html($this->projectLayout('action/index', array(
'values' => array('project_id' => $project['id']),
@@ -42,7 +42,7 @@ class Action extends Base
*/
public function event()
{
$project = $this->getProjectManagement();
$project = $this->getProject();
$values = $this->request->getValues();
if (empty($values['action_name']) || empty($values['project_id'])) {
@@ -64,7 +64,7 @@ class Action extends Base
*/
public function params()
{
$project = $this->getProjectManagement();
$project = $this->getProject();
$values = $this->request->getValues();
if (empty($values['action_name']) || empty($values['project_id']) || empty($values['event_name'])) {
@@ -101,7 +101,7 @@ class Action extends Base
*/
public function create()
{
$this->doCreation($this->getProjectManagement(), $this->request->getValues());
$this->doCreation($this->getProject(), $this->request->getValues());
}
/**
@@ -135,7 +135,7 @@ class Action extends Base
*/
public function confirm()
{
$project = $this->getProjectManagement();
$project = $this->getProject();
$this->response->html($this->projectLayout('action/remove', array(
'action' => $this->action->getById($this->request->getIntegerParam('action_id')),
@@ -154,7 +154,7 @@ class Action extends Base
public function remove()
{
$this->checkCSRFParam();
$project = $this->getProjectManagement();
$project = $this->getProject();
$action = $this->action->getById($this->request->getIntegerParam('action_id'));
if ($action && $this->action->remove($action['id'])) {

2
app/Controller/Analytic.php
View File

@@ -20,7 +20,7 @@ class Analytic extends Base
*/
private function layout($template, array $params)
{
$params['board_selector'] = $this->projectPermission->getAllowedProjects($this->acl->getUserId());
$params['board_selector'] = $this->projectPermission->getAllowedProjects($this->userSession->getId());
$params['analytic_content_for_layout'] = $this->template->render($template, $params);
return $this->template->layout('analytic/layout', $params);

7
app/Controller/App.php
View File

@@ -34,7 +34,7 @@ class App extends Base
$direction = $this->request->getStringParam('direction');
$order = $this->request->getStringParam('order');
$user_id = $this->acl->getUserId();
$user_id = $this->userSession->getId();
$projects = $this->projectPermission->getMemberProjects($user_id);
$project_ids = array_keys($projects);
@@ -191,8 +191,9 @@ class App extends Base
$this->response->html('<p>'.t('Nothing to preview...').'</p>');
}
else {
$this->response->html($this->template->markdown($payload['text']));
$this->response->html(
$this->template->markdown($payload['text'])
);
}
}
}

101
app/Controller/Base.php
View File

@@ -51,6 +51,7 @@ use Symfony\Component\EventDispatcher\Event;
* @property \Model\SubtaskHistory $subtaskHistory
* @property \Model\TimeTracking $timeTracking
* @property \Model\User $user
* @property \Model\UserSession $userSession
* @property \Model\Webhook $webhook
*/
abstract class Base
@@ -117,16 +118,12 @@ abstract class Base
}
/**
* Method executed before each action
* Send HTTP headers
*
* @access public
* @access private
*/
public function beforeAction($controller, $action)
private function sendHeaders($action)
{
// Start the session
$this->session->open(BASE_URL_DIRECTORY);
$this->container['dispatcher']->dispatch('session.bootstrap', new Event);
// HTTP secure headers
$this->response->csp(array('style-src' => "'self' 'unsafe-inline'"));
$this->response->nosniff();
@@ -140,8 +137,32 @@ abstract class Base
if (ENABLE_HSTS) {
$this->response->hsts();
}
}
// Authentication
/**
* Method executed before each action
*
* @access public
*/
public function beforeAction($controller, $action)
{
// Start the session
$this->session->open(BASE_URL_DIRECTORY);
$this->sendHeaders($action);
$this->container['dispatcher']->dispatch('session.bootstrap', new Event);
if (! $this->acl->isPublicAction($controller, $action)) {
$this->handleAuthenticatedUser($controller, $action);
}
}
/**
* Check page access and authentication
*
* @access public
*/
public function handleAuthenticatedUser($controller, $action)
{
if (! $this->authentication->isAuthenticated($controller, $action)) {
if ($this->request->isAjax()) {
@@ -151,9 +172,8 @@ abstract class Base
$this->response->redirect('?controller=user&action=login&redirect_query='.urlencode($this->request->getQueryString()));
}
// Check if the user is allowed to see this page
if (! $this->acl->isPageAccessAllowed($controller, $action)) {
$this->response->redirect('?controller=user&action=forbidden');
if (! $this->acl->isAllowed($controller, $action, $this->request->getIntegerParam('project_id', 0))) {
$this->forbidden();
}
}
@@ -197,33 +217,6 @@ abstract class Base
}
}
/**
* Check if the current user have access to the given project
*
* @access protected
* @param integer $project_id Project id
*/
protected function checkProjectPermissions($project_id)
{
if ($this->acl->isRegularUser() && ! $this->projectPermission->isUserAllowed($project_id, $this->acl->getUserId())) {
$this->forbidden();
}
}
/**
* Check if the current user is owner of the given project
*
* @access protected
* @param integer $project_id Project id
*/
protected function checkProjectOwnerPermissions($project_id)
{
if (! $this->acl->isAdminUser() &&
! ($this->acl->isRegularUser() && $this->projectPermission->isOwner($project_id, $this->acl->getUserId()))) {
$this->forbidden();
}
}
/**
* Redirection when there is no project in the database
*
@@ -252,7 +245,7 @@ abstract class Base
$content = $this->template->render($template, $params);
$params['task_content_for_layout'] = $content;
$params['title'] = $params['task']['project_name'].' &gt; '.$params['task']['title'];
$params['board_selector'] = $this->projectPermission->getAllowedProjects($this->acl->getUserId());
$params['board_selector'] = $this->projectPermission->getAllowedProjects($this->userSession->getId());
return $this->template->layout('task/layout', $params);
}
@@ -270,8 +263,7 @@ abstract class Base
$content = $this->template->render($template, $params);
$params['project_content_for_layout'] = $content;
$params['title'] = $params['project']['name'] === $params['title'] ? $params['title'] : $params['project']['name'].' &gt; '.$params['title'];
$params['board_selector'] = $this->projectPermission->getAllowedProjects($this->acl->getUserId());
$params['is_owner'] = $this->projectPermission->isOwner($params['project']['id'], $this->acl->getUserId());
$params['board_selector'] = $this->projectPermission->getAllowedProjects($this->userSession->getId());
return $this->template->layout('project/layout', $params);
}
@@ -286,12 +278,10 @@ abstract class Base
{
$task = $this->taskFinder->getDetails($this->request->getIntegerParam('task_id'));
if (! $task) {
if (! $task || $task['project_id'] != $this->request->getIntegerParam('project_id')) {
$this->notfound();
}
$this->checkProjectPermissions($task['project_id']);
return $task;
}
@@ -312,29 +302,6 @@ abstract class Base
$this->response->redirect('?controller=project');
}
$this->checkProjectPermissions($project['id']);
return $project;
}
/**
* Common method to get a project with administration rights
*
* @access protected
* @return array
*/
protected function getProjectManagement()
{
$project = $this->project->getById($this->request->getIntegerParam('project_id'));
if (! $project) {
$this->notfound();
}
if ($this->acl->isRegularUser() && ! $this->projectPermission->adminAllowed($project['id'], $this->acl->getUserId())) {
$this->forbidden();
}
return $project;
}
}

37
app/Controller/Board.php
View File

@@ -18,7 +18,7 @@ class Board extends Base
public function moveColumn()
{
$this->checkCSRFParam();
$project = $this->getProjectManagement();
$project = $this->getProject();
$column_id = $this->request->getIntegerParam('column_id');
$direction = $this->request->getStringParam('direction');
@@ -54,7 +54,6 @@ class Board extends Base
public function updateAssignee()
{
$values = $this->request->getValues();
$this->checkProjectPermissions($values['project_id']);
list($valid,) = $this->taskValidator->validateAssigneeModification($values);
@@ -93,7 +92,6 @@ class Board extends Base
public function updateCategory()
{
$values = $this->request->getValues();
$this->checkProjectPermissions($values['project_id']);
list($valid,) = $this->taskValidator->validateCategoryModification($values);
@@ -144,16 +142,16 @@ class Board extends Base
*/
public function index()
{
$last_seen_project_id = $this->user->getLastSeenProjectId();
$favorite_project_id = $this->user->getFavoriteProjectId();
$last_seen_project_id = $this->userSession->getLastSeenProjectId();
$favorite_project_id = $this->userSession->getFavoriteProjectId();
$project_id = $last_seen_project_id ?: $favorite_project_id;
if (! $project_id) {
$projects = $this->projectPermission->getAllowedProjects($this->acl->getUserId());
$projects = $this->projectPermission->getAllowedProjects($this->userSession->getId());
if (empty($projects)) {
if ($this->acl->isAdminUser()) {
if ($this->userSession->isAdmin()) {
$this->redirectNoProject();
}
@@ -175,12 +173,12 @@ class Board extends Base
public function show($project_id = 0)
{
$project = $this->getProject($project_id);
$projects = $this->projectPermission->getAllowedProjects($this->acl->getUserId());
$projects = $this->projectPermission->getAllowedProjects($this->userSession->getId());
$board_selector = $projects;
unset($board_selector[$project['id']]);
$this->user->storeLastSeenProjectId($project['id']);
$this->userSession->storeLastSeenProjectId($project['id']);
$this->response->html($this->template->layout('board/index', array(
'users' => $this->projectPermission->getMemberList($project['id'], true, true),
@@ -202,7 +200,7 @@ class Board extends Base
*/
public function edit()
{
$project = $this->getProjectManagement();
$project = $this->getProject();
$columns = $this->board->getColumns($project['id']);
$values = array();
@@ -227,7 +225,7 @@ class Board extends Base
*/
public function update()
{
$project = $this->getProjectManagement();
$project = $this->getProject();
$columns = $this->board->getColumns($project['id']);
$data = $this->request->getValues();
$values = $columns_list = array();
@@ -267,7 +265,7 @@ class Board extends Base
*/
public function add()
{
$project = $this->getProjectManagement();
$project = $this->getProject();
$columns = $this->board->getColumnsList($project['id']);
$data = $this->request->getValues();
$values = array();
@@ -305,7 +303,7 @@ class Board extends Base
*/
public function remove()
{
$project = $this->getProjectManagement();
$project = $this->getProject();
if ($this->request->getStringParam('remove') === 'yes') {
@@ -341,7 +339,7 @@ class Board extends Base
return $this->response->status(403);
}
if (! $this->projectPermission->isUserAllowed($project_id, $this->acl->getUserId())) {
if (! $this->projectPermission->isUserAllowed($project_id, $this->userSession->getId())) {
$this->response->text('Forbidden', 403);
}
@@ -385,7 +383,7 @@ class Board extends Base
$project_id = $this->request->getIntegerParam('project_id');
$timestamp = $this->request->getIntegerParam('timestamp');
if (! $this->projectPermission->isUserAllowed($project_id, $this->acl->getUserId())) {
if (! $this->projectPermission->isUserAllowed($project_id, $this->userSession->getId())) {
$this->response->text('Forbidden', 403);
}
@@ -413,7 +411,8 @@ class Board extends Base
{
$task = $this->getTask();
$this->response->html($this->template->render('board/subtasks', array(
'subtasks' => $this->subTask->getAll($task['id'])
'subtasks' => $this->subTask->getAll($task['id']),
'task' => $task,
)));
}
@@ -428,7 +427,8 @@ class Board extends Base
$this->subTask->toggleStatus($this->request->getIntegerParam('subtask_id'));
$this->response->html($this->template->render('board/subtasks', array(
'subtasks' => $this->subTask->getAll($task['id'])
'subtasks' => $this->subTask->getAll($task['id']),
'task' => $task,
)));
}
@@ -442,7 +442,8 @@ class Board extends Base
$task = $this->getTask();
$this->response->html($this->template->render('board/files', array(
'files' => $this->file->getAll($task['id'])
'files' => $this->file->getAll($task['id']),
'task' => $task,
)));
}

12
app/Controller/Category.php
View File

@@ -36,7 +36,7 @@ class Category extends Base
*/
public function index(array $values = array(), array $errors = array())
{
$project = $this->getProjectManagement();
$project = $this->getProject();
$this->response->html($this->projectLayout('category/index', array(
'categories' => $this->category->getList($project['id'], false),
@@ -54,7 +54,7 @@ class Category extends Base
*/
public function save()
{
$project = $this->getProjectManagement();
$project = $this->getProject();
$values = $this->request->getValues();
list($valid, $errors) = $this->category->validateCreation($values);
@@ -80,7 +80,7 @@ class Category extends Base
*/
public function edit(array $values = array(), array $errors = array())
{
$project = $this->getProjectManagement();
$project = $this->getProject();
$category = $this->getCategory($project['id']);
$this->response->html($this->projectLayout('category/edit', array(
@@ -98,7 +98,7 @@ class Category extends Base
*/
public function update()
{
$project = $this->getProjectManagement();
$project = $this->getProject();
$values = $this->request->getValues();
list($valid, $errors) = $this->category->validateModification($values);
@@ -124,7 +124,7 @@ class Category extends Base
*/
public function confirm()
{
$project = $this->getProjectManagement();
$project = $this->getProject();
$category = $this->getCategory($project['id']);
$this->response->html($this->projectLayout('category/remove', array(
@@ -142,7 +142,7 @@ class Category extends Base
public function remove()
{
$this->checkCSRFParam();
$project = $this->getProjectManagement();
$project = $this->getProject();
$category = $this->getCategory($project['id']);
if ($this->category->remove($category['id'])) {

10
app/Controller/Comment.php
View File

@@ -24,7 +24,7 @@ class Comment extends Base
$this->notfound();
}
if (! $this->acl->isAdminUser() && $comment['user_id'] != $this->acl->getUserId()) {
if (! $this->userSession->isAdmin() && $comment['user_id'] != $this->userSession->getId()) {
$this->response->html($this->template->layout('comment/forbidden', array(
'title' => t('Access Forbidden')
)));
@@ -44,7 +44,7 @@ class Comment extends Base
if (empty($values)) {
$values = array(
'user_id' => $this->acl->getUserId(),
'user_id' => $this->userSession->getId(),
'task_id' => $task['id'],
);
}
@@ -78,7 +78,7 @@ class Comment extends Base
$this->session->flashError(t('Unable to create your comment.'));
}
$this->response->redirect('?controller=task&action=show&task_id='.$task['id'].'#comments');
$this->response->redirect('?controller=task&action=show&task_id='.$task['id'].'&project_id='.$task['project_id'].'#comments');
}
$this->create($values, $errors);
@@ -125,7 +125,7 @@ class Comment extends Base
$this->session->flashError(t('Unable to update your comment.'));
}
$this->response->redirect('?controller=task&action=show&task_id='.$task['id'].'#comment-'.$comment['id']);
$this->response->redirect('?controller=task&action=show&task_id='.$task['id'].'&project_id='.$task['project_id'].'#comment-'.$comment['id']);
}
$this->edit($values, $errors);
@@ -166,6 +166,6 @@ class Comment extends Base
$this->session->flashError(t('Unable to remove this comment.'));
}
$this->response->redirect('?controller=task&action=show&task_id='.$task['id'].'#comments');
$this->response->redirect('?controller=task&action=show&task_id='.$task['id'].'&project_id='.$task['project_id'].'#comments');
}
}

2
app/Controller/Config.php
View File

@@ -20,7 +20,7 @@ class Config extends Base
*/
private function layout($template, array $params)
{
$params['board_selector'] = $this->projectPermission->getAllowedProjects($this->acl->getUserId());
$params['board_selector'] = $this->projectPermission->getAllowedProjects($this->userSession->getId());
$params['values'] = $this->config->getAll();
$params['errors'] = array();
$params['config_content_for_layout'] = $this->template->render($template, $params);

11
app/Controller/File.php
View File

@@ -37,11 +37,11 @@ class File extends Base
$task = $this->getTask();
if ($this->file->upload($task['project_id'], $task['id'], 'files') === true) {
$this->response->redirect('?controller=task&action=show&task_id='.$task['id'].'#attachments');
$this->response->redirect('?controller=task&action=show&task_id='.$task['id'].'&project_id='.$task['project_id'].'#attachments');
}
else {
$this->session->flashError(t('Unable to upload the file.'));
$this->response->redirect('?controller=file&action=create&task_id='.$task['id']);
$this->response->redirect('?controller=file&action=create&task_id='.$task['id'].'&project_id='.$task['project_id']);
}
}
@@ -61,7 +61,7 @@ class File extends Base
$this->response->binary(file_get_contents($filename));
}
$this->response->redirect('?controller=task&action=show&task_id='.$task['id']);
$this->response->redirect('?controller=task&action=show&task_id='.$task['id'].'&project_id='.$task['project_id']);
}
/**
@@ -76,7 +76,8 @@ class File extends Base
if ($file['task_id'] == $task['id']) {
$this->response->html($this->template->render('file/open', array(
'file' => $file
'file' => $file,
'task' => $task,
)));
}
}
@@ -119,7 +120,7 @@ class File extends Base
$this->session->flashError(t('Unable to remove this file.'));
}
$this->response->redirect('?controller=task&action=show&task_id='.$task['id']);
$this->response->redirect('?controller=task&action=show&task_id='.$task['id'].'&project_id='.$task['project_id']);
}
/**

53
app/Controller/Project.php
View File

@@ -17,7 +17,7 @@ class Project extends Base
*/
public function index()
{
$projects = $this->project->getAll($this->acl->isRegularUser());
$projects = $this->project->getAll(! $this->userSession->isAdmin());
$nb_projects = count($projects);
$active_projects = array();
$inactive_projects = array();
@@ -32,7 +32,7 @@ class Project extends Base
}
$this->response->html($this->template->layout('project/index', array(
'board_selector' => $this->projectPermission->getAllowedProjects($this->acl->getUserId()),
'board_selector' => $this->projectPermission->getAllowedProjects($this->userSession->getId()),
'active_projects' => $active_projects,
'inactive_projects' => $inactive_projects,
'nb_projects' => $nb_projects,
@@ -63,7 +63,7 @@ class Project extends Base
*/
public function exportTasks()
{
$project = $this->getProjectManagement();
$project = $this->getProject();
$from = $this->request->getStringParam('from');
$to = $this->request->getStringParam('to');
@@ -96,7 +96,7 @@ class Project extends Base
*/
public function exportDailyProjectSummary()
{
$project = $this->getProjectManagement();
$project = $this->getProject();
$from = $this->request->getStringParam('from');
$to = $this->request->getStringParam('to');
@@ -129,7 +129,7 @@ class Project extends Base
*/
public function share()
{
$project = $this->getProjectManagement();
$project = $this->getProject();
$switch = $this->request->getStringParam('switch');
if ($switch === 'enable' || $switch === 'disable') {
@@ -158,7 +158,7 @@ class Project extends Base
*/
public function integration()
{
$project = $this->getProjectManagement();
$project = $this->getProject();
$this->response->html($this->projectLayout('project/integrations', array(
'project' => $project,
@@ -174,7 +174,7 @@ class Project extends Base
*/
public function edit(array $values = array(), array $errors = array())
{
$project = $this->getProjectManagement();
$project = $this->getProject();
$this->response->html($this->projectLayout('project/edit', array(
'values' => empty($values) ? $project : $values,
@@ -191,7 +191,7 @@ class Project extends Base
*/
public function update()
{
$project = $this->getProjectManagement();
$project = $this->getProject();
$values = $this->request->getValues();
list($valid, $errors) = $this->project->validateModification($values);
@@ -216,7 +216,7 @@ class Project extends Base
*/
public function users()
{
$project = $this->getProjectManagement();
$project = $this->getProject();
$this->response->html($this->projectLayout('project/users', array(
'project' => $project,
@@ -232,7 +232,7 @@ class Project extends Base
*/
public function allowEverybody()
{
$project = $this->getProjectManagement();
$project = $this->getProject();
$values = $this->request->getValues() + array('is_everybody_allowed' => 0);
list($valid,) = $this->projectPermission->validateProjectModification($values);
@@ -257,12 +257,11 @@ class Project extends Base
public function allow()
{
$values = $this->request->getValues();
$this->checkProjectOwnerPermissions($values['project_id']);
list($valid,) = $this->projectPermission->validateUserModification($values);
if ($valid) {
if ($this->projectPermission->allowUser($values['project_id'], $values['user_id'])) {
if ($this->projectPermission->addMember($values['project_id'], $values['user_id'])) {
$this->session->flash(t('Project updated successfully.'));
}
else {
@@ -274,11 +273,11 @@ class Project extends Base
}
/**
* Set ownership for a specific user (admin only)
* Change the role of a project member
*
* @access public
*/
public function setOwner()
public function role()
{
$this->checkCSRFParam();
@@ -288,12 +287,11 @@ class Project extends Base
'is_owner' => $this->request->getIntegerParam('is_owner'),
);
$this->checkProjectOwnerPermissions($values['project_id']);
list($valid,) = $this->projectPermission->validateUserModification($values);
if ($valid) {
if ($this->projectPermission->setOwner($values['project_id'], $values['user_id'], $values['is_owner'])) {
if ($this->projectPermission->changeRole($values['project_id'], $values['user_id'], $values['is_owner'])) {
$this->session->flash(t('Project updated successfully.'));
}
else {
@@ -318,12 +316,11 @@ class Project extends Base
'user_id' => $this->request->getIntegerParam('user_id'),
);
$this->checkProjectOwnerPermissions($values['project_id']);
list($valid,) = $this->projectPermission->validateUserModification($values);
if ($valid) {
if ($this->projectPermission->revokeUser($values['project_id'], $values['user_id'])) {
if ($this->projectPermission->revokeMember($values['project_id'], $values['user_id'])) {
$this->session->flash(t('Project updated successfully.'));
}
else {
@@ -341,7 +338,7 @@ class Project extends Base
*/
public function remove()
{
$project = $this->getProjectManagement();
$project = $this->getProject();
if ($this->request->getStringParam('remove') === 'yes') {
@@ -370,7 +367,7 @@ class Project extends Base
*/
public function duplicate()
{
$project = $this->getProjectManagement();
$project = $this->getProject();
if ($this->request->getStringParam('duplicate') === 'yes') {
@@ -398,7 +395,7 @@ class Project extends Base
*/
public function disable()
{
$project = $this->getProjectManagement();
$project = $this->getProject();
if ($this->request->getStringParam('disable') === 'yes') {
@@ -426,7 +423,7 @@ class Project extends Base
*/
public function enable()
{
$project = $this->getProjectManagement();
$project = $this->getProject();
if ($this->request->getStringParam('enable') === 'yes') {
@@ -478,7 +475,7 @@ class Project extends Base
$project = $this->getProject();
$this->response->html($this->template->layout('project/activity', array(
'board_selector' => $this->projectPermission->getAllowedProjects($this->acl->getUserId()),
'board_selector' => $this->projectPermission->getAllowedProjects($this->userSession->getId()),
'events' => $this->projectActivity->getProject($project['id']),
'project' => $project,
'title' => t('%s\'s activity', $project['name'])
@@ -507,7 +504,7 @@ class Project extends Base
}
$this->response->html($this->template->layout('project/search', array(
'board_selector' => $this->projectPermission->getAllowedProjects($this->acl->getUserId()),
'board_selector' => $this->projectPermission->getAllowedProjects($this->userSession->getId()),
'tasks' => $tasks,
'nb_tasks' => $nb_tasks,
'pagination' => array(
@@ -550,7 +547,7 @@ class Project extends Base
$nb_tasks = $this->taskPaginator->countClosedTasks($project['id']);
$this->response->html($this->template->layout('project/tasks', array(
'board_selector' => $this->projectPermission->getAllowedProjects($this->acl->getUserId()),
'board_selector' => $this->projectPermission->getAllowedProjects($this->userSession->getId()),
'pagination' => array(
'controller' => 'project',
'action' => 'tasks',
@@ -577,10 +574,10 @@ class Project extends Base
*/
public function create(array $values = array(), array $errors = array())
{
$is_private = $this->request->getIntegerParam('private', $this->acl->isRegularUser());
$is_private = $this->request->getIntegerParam('private', ! $this->userSession->isAdmin());
$this->response->html($this->template->layout('project/new', array(
'board_selector' => $this->projectPermission->getAllowedProjects($this->acl->getUserId()),
'board_selector' => $this->projectPermission->getAllowedProjects($this->userSession->getId()),
'values' => empty($values) ? array('is_private' => $is_private) : $values,
'errors' => $errors,
'title' => $is_private ? t('New private project') : t('New project'),
@@ -599,7 +596,7 @@ class Project extends Base
if ($valid) {
$project_id = $this->project->create($values, $this->acl->getUserId(), true);
$project_id = $this->project->create($values, $this->userSession->getId(), true);
if ($project_id) {
$this->session->flash(t('Your project have been created successfully.'));

10
app/Controller/Subtask.php
View File

@@ -73,10 +73,10 @@ class Subtask extends Base
}
if (isset($values['another_subtask']) && $values['another_subtask'] == 1) {
$this->response->redirect('?controller=subtask&action=create&task_id='.$task['id'].'&another_subtask=1');
$this->response->redirect('?controller=subtask&action=create&task_id='.$task['id'].'&another_subtask=1&project_id='.$task['project_id']);
}
$this->response->redirect('?controller=task&action=show&task_id='.$task['id'].'#subtasks');
$this->response->redirect('?controller=task&action=show&task_id='.$task['id'].'&project_id='.$task['project_id'].'#subtasks');
}
$this->create($values, $errors);
@@ -124,7 +124,7 @@ class Subtask extends Base
$this->session->flashError(t('Unable to update your sub-task.'));
}
$this->response->redirect('?controller=task&action=show&task_id='.$task['id'].'#subtasks');
$this->response->redirect('?controller=task&action=show&task_id='.$task['id'].'&project_id='.$task['project_id'].'#subtasks');
}
$this->edit($values, $errors);
@@ -164,7 +164,7 @@ class Subtask extends Base
$this->session->flashError(t('Unable to remove this sub-task.'));
}
$this->response->redirect('?controller=task&action=show&task_id='.$task['id'].'#subtasks');
$this->response->redirect('?controller=task&action=show&task_id='.$task['id'].'&project_id='.$task['project_id'].'#subtasks');
}
/**
@@ -181,6 +181,6 @@ class Subtask extends Base
$this->session->flashError(t('Unable to update your sub-task.'));
}
$this->response->redirect('?controller=task&action=show&task_id='.$task['id'].'#subtasks');
$this->response->redirect('?controller=task&action=show&task_id='.$task['id'].'&project_id='.$task['project_id'].'#subtasks');
}
}

22
app/Controller/Swimlane.php
View File

@@ -38,7 +38,7 @@ class Swimlane extends Base
*/
public function index(array $values = array(), array $errors = array())
{
$project = $this->getProjectManagement();
$project = $this->getProject();
$this->response->html($this->projectLayout('swimlane/index', array(
'default_swimlane' => $this->swimlane->getDefault($project['id']),
@@ -58,7 +58,7 @@ class Swimlane extends Base
*/
public function save()
{
$project = $this->getProjectManagement();
$project = $this->getProject();
$values = $this->request->getValues();
list($valid, $errors) = $this->swimlane->validateCreation($values);
@@ -84,7 +84,7 @@ class Swimlane extends Base
*/
public function change()
{
$project = $this->getProjectManagement();
$project = $this->getProject();
$values = $this->request->getValues();
list($valid, $errors) = $this->swimlane->validateDefaultModification($values);
@@ -110,7 +110,7 @@ class Swimlane extends Base
*/
public function edit(array $values = array(), array $errors = array())
{
$project = $this->getProjectManagement();
$project = $this->getProject();
$swimlane = $this->getSwimlane($project['id']);
$this->response->html($this->projectLayout('swimlane/edit', array(
@@ -128,7 +128,7 @@ class Swimlane extends Base
*/
public function update()
{
$project = $this->getProjectManagement();
$project = $this->getProject();
$values = $this->request->getValues();
list($valid, $errors) = $this->swimlane->validateModification($values);
@@ -154,7 +154,7 @@ class Swimlane extends Base
*/
public function confirm()
{
$project = $this->getProjectManagement();
$project = $this->getProject();
$swimlane = $this->getSwimlane($project['id']);
$this->response->html($this->projectLayout('swimlane/remove', array(
@@ -172,7 +172,7 @@ class Swimlane extends Base
public function remove()
{
$this->checkCSRFParam();
$project = $this->getProjectManagement();
$project = $this->getProject();
$swimlane_id = $this->request->getIntegerParam('swimlane_id');
if ($this->swimlane->remove($project['id'], $swimlane_id)) {
@@ -192,7 +192,7 @@ class Swimlane extends Base
public function disable()
{
$this->checkCSRFParam();
$project = $this->getProjectManagement();
$project = $this->getProject();
$swimlane_id = $this->request->getIntegerParam('swimlane_id');
if ($this->swimlane->disable($project['id'], $swimlane_id)) {
@@ -212,7 +212,7 @@ class Swimlane extends Base
public function enable()
{
$this->checkCSRFParam();
$project = $this->getProjectManagement();
$project = $this->getProject();
$swimlane_id = $this->request->getIntegerParam('swimlane_id');
if ($this->swimlane->enable($project['id'], $swimlane_id)) {
@@ -232,7 +232,7 @@ class Swimlane extends Base
public function moveup()
{
$this->checkCSRFParam();
$project = $this->getProjectManagement();
$project = $this->getProject();
$swimlane_id = $this->request->getIntegerParam('swimlane_id');
$this->swimlane->moveUp($project['id'], $swimlane_id);
@@ -247,7 +247,7 @@ class Swimlane extends Base
public function movedown()
{
$this->checkCSRFParam();
$project = $this->getProjectManagement();
$project = $this->getProject();
$swimlane_id = $this->request->getIntegerParam('swimlane_id');
$this->swimlane->moveDown($project['id'], $swimlane_id);

26
app/Controller/Task.php
View File

@@ -126,9 +126,7 @@ class Task extends Base
{
$project = $this->getProject();
$values = $this->request->getValues();
$values['creator_id'] = $this->acl->getUserId();
$this->checkProjectPermissions($project['id']);
$values['creator_id'] = $this->userSession->getId();
list($valid, $errors) = $this->taskValidator->validateCreation($values);
@@ -207,7 +205,7 @@ class Task extends Base
$this->response->redirect('?controller=board&action=show&project_id='.$task['project_id']);
}
else {
$this->response->redirect('?controller=task&action=show&task_id='.$task['id']);
$this->response->redirect('?controller=task&action=show&task_id='.$task['id'].'&project_id='.$task['project_id']);
}
}
else {
@@ -248,7 +246,7 @@ class Task extends Base
$this->session->flashError(t('Unable to update your task.'));
}
$this->response->redirect('?controller=task&action=show&task_id='.$task['id']);
$this->response->redirect('?controller=task&action=show&task_id='.$task['id'].'&project_id='.$task['project_id']);
}
/**
@@ -270,7 +268,7 @@ class Task extends Base
$this->session->flashError(t('Unable to close this task.'));
}
$this->response->redirect('?controller=task&action=show&task_id='.$task['id']);
$this->response->redirect('?controller=task&action=show&task_id='.$task['id'].'&project_id='.$task['project_id']);
}
$this->response->html($this->taskLayout('task/close', array(
@@ -297,7 +295,7 @@ class Task extends Base
$this->session->flashError(t('Unable to open this task.'));
}
$this->response->redirect('?controller=task&action=show&task_id='.$task['id']);
$this->response->redirect('?controller=task&action=show&task_id='.$task['id'].'&project_id='.$task['project_id']);
}
$this->response->html($this->taskLayout('task/open', array(
@@ -352,10 +350,10 @@ class Task extends Base
if ($task_id) {
$this->session->flash(t('Task created successfully.'));
$this->response->redirect('?controller=task&action=show&task_id='.$task_id);
$this->response->redirect('?controller=task&action=show&task_id='.$task_id.'&project_id='.$task['project_id']);
} else {
$this->session->flashError(t('Unable to create this task.'));
$this->response->redirect('?controller=task&action=duplicate&task_id='.$task['id']);
$this->response->redirect('?controller=task&action=duplicate&task_id='.$task['id'].'&project_id='.$task['project_id']);
}
}
@@ -393,7 +391,7 @@ class Task extends Base
$this->response->redirect('?controller=board&action=show&project_id='.$task['project_id']);
}
else {
$this->response->redirect('?controller=task&action=show&task_id='.$task['id']);
$this->response->redirect('?controller=task&action=show&task_id='.$task['id'].'&project_id='.$task['project_id']);
}
}
}
@@ -427,7 +425,7 @@ class Task extends Base
$task = $this->getTask();
$values = $task;
$errors = array();
$projects_list = $this->projectPermission->getMemberProjects($this->acl->getUserId());
$projects_list = $this->projectPermission->getMemberProjects($this->userSession->getId());
unset($projects_list[$task['project_id']]);
@@ -440,7 +438,7 @@ class Task extends Base
if ($this->taskDuplication->moveToProject($task['id'], $values['project_id'])) {
$this->session->flash(t('Task updated successfully.'));
$this->response->redirect('?controller=task&action=show&task_id='.$task['id']);
$this->response->redirect('?controller=task&action=show&task_id='.$task['id'].'&project_id='.$task['project_id']);
}
else {
$this->session->flashError(t('Unable to update your task.'));
@@ -466,7 +464,7 @@ class Task extends Base
$task = $this->getTask();
$values = $task;
$errors = array();
$projects_list = $this->projectPermission->getMemberProjects($this->acl->getUserId());
$projects_list = $this->projectPermission->getMemberProjects($this->userSession->getId());
unset($projects_list[$task['project_id']]);
@@ -479,7 +477,7 @@ class Task extends Base
$task_id = $this->taskDuplication->duplicateToProject($task['id'], $values['project_id']);
if ($task_id) {
$this->session->flash(t('Task created successfully.'));
$this->response->redirect('?controller=task&action=show&task_id='.$task_id);
$this->response->redirect('?controller=task&action=show&task_id='.$task_id.'&project_id='.$task['project_id']);
}
else {
$this->session->flashError(t('Unable to create your task.'));

34
app/Controller/User.php
View File

@@ -18,7 +18,7 @@ class User extends Base
public function logout()
{
$this->checkCSRFParam();
$this->authentication->backend('rememberMe')->destroy($this->acl->getUserId());
$this->authentication->backend('rememberMe')->destroy($this->userSession->getId());
$this->session->close();
$this->response->redirect('?controller=user&action=login');
}
@@ -30,7 +30,7 @@ class User extends Base
*/
public function login(array $values = array(), array $errors = array())
{
if ($this->acl->isLogged()) {
if ($this->userSession->isLogged()) {
$this->response->redirect('?controller=app');
}
@@ -78,7 +78,7 @@ class User extends Base
{
$content = $this->template->render($template, $params);
$params['user_content_for_layout'] = $content;
$params['board_selector'] = $this->projectPermission->getAllowedProjects($this->acl->getUserId());
$params['board_selector'] = $this->projectPermission->getAllowedProjects($this->userSession->getId());
if (isset($params['user'])) {
$params['title'] = ($params['user']['name'] ?: $params['user']['username']).' (#'.$params['user']['id'].')';
@@ -101,7 +101,7 @@ class User extends Base
$this->notfound();
}
if ($this->acl->isRegularUser() && $this->acl->getUserId() != $user['id']) {
if (! $this->userSession->isAdmin() && $this->userSession->getId() != $user['id']) {
$this->forbidden();
}
@@ -125,7 +125,7 @@ class User extends Base
$this->response->html(
$this->template->layout('user/index', array(
'board_selector' => $this->projectPermission->getAllowedProjects($this->acl->getUserId()),
'board_selector' => $this->projectPermission->getAllowedProjects($this->userSession->getId()),
'projects' => $this->project->getList(),
'nb_users' => $nb_users,
'users' => $users,
@@ -151,7 +151,7 @@ class User extends Base
public function create(array $values = array(), array $errors = array())
{
$this->response->html($this->template->layout('user/new', array(
'board_selector' => $this->projectPermission->getAllowedProjects($this->acl->getUserId()),
'board_selector' => $this->projectPermission->getAllowedProjects($this->userSession->getId()),
'projects' => $this->project->getList(),
'errors' => $errors,
'values' => $values,
@@ -328,7 +328,7 @@ class User extends Base
$values = $this->request->getValues();
if ($this->acl->isAdminUser()) {
if ($this->userSession->isAdmin()) {
$values += array('is_admin' => 0);
}
else {
@@ -404,16 +404,16 @@ class User extends Base
if (is_array($profile)) {
// If the user is already logged, link the account otherwise authenticate
if ($this->acl->isLogged()) {
if ($this->userSession->isLogged()) {
if ($this->authentication->backend('google')->updateUser($this->acl->getUserId(), $profile)) {
if ($this->authentication->backend('google')->updateUser($this->userSession->getId(), $profile)) {
$this->session->flash(t('Your Google Account is linked to your profile successfully.'));
}
else {
$this->session->flashError(t('Unable to link your Google Account.'));
}
$this->response->redirect('?controller=user&action=external&user_id='.$this->acl->getUserId());
$this->response->redirect('?controller=user&action=external&user_id='.$this->userSession->getId());
}
else if ($this->authentication->backend('google')->authenticate($profile['id'])) {
$this->response->redirect('?controller=app');
@@ -441,14 +441,14 @@ class User extends Base
public function unlinkGoogle()
{
$this->checkCSRFParam();
if ($this->authentication->backend('google')->unlink($this->acl->getUserId())) {
if ($this->authentication->backend('google')->unlink($this->userSession->getId())) {
$this->session->flash(t('Your Google Account is not linked anymore to your profile.'));
}
else {
$this->session->flashError(t('Unable to unlink your Google Account.'));
}
$this->response->redirect('?controller=user&action=external&user_id='.$this->acl->getUserId());
$this->response->redirect('?controller=user&action=external&user_id='.$this->userSession->getId());
}
/**
@@ -466,16 +466,16 @@ class User extends Base
if (is_array($profile)) {
// If the user is already logged, link the account otherwise authenticate
if ($this->acl->isLogged()) {
if ($this->userSession->isLogged()) {
if ($this->authentication->backend('gitHub')->updateUser($this->acl->getUserId(), $profile)) {
if ($this->authentication->backend('gitHub')->updateUser($this->userSession->getId(), $profile)) {
$this->session->flash(t('Your GitHub account was successfully linked to your profile.'));
}
else {
$this->session->flashError(t('Unable to link your GitHub Account.'));
}
$this->response->redirect('?controller=user&action=external&user_id='.$this->acl->getUserId());
$this->response->redirect('?controller=user&action=external&user_id='.$this->userSession->getId());
}
else if ($this->authentication->backend('gitHub')->authenticate($profile['id'])) {
$this->response->redirect('?controller=app');
@@ -506,13 +506,13 @@ class User extends Base
$this->authentication->backend('gitHub')->revokeGitHubAccess();
if ($this->authentication->backend('gitHub')->unlink($this->acl->getUserId())) {
if ($this->authentication->backend('gitHub')->unlink($this->userSession->getId())) {
$this->session->flash(t('Your GitHub account is no longer linked to your profile.'));
}
else {
$this->session->flashError(t('Unable to unlink your GitHub Account.'));
}
$this->response->redirect('?controller=user&action=external&user_id='.$this->acl->getUserId());
$this->response->redirect('?controller=user&action=external&user_id='.$this->userSession->getId());
}
}