Projects are not anymore visible to everybody by default
This commit is contained in:
Frédéric Guillot
parent
bae57838c2
commit
7f5a871f84
|
|
@ -23,7 +23,7 @@ Features
|
|||
- Boards customization, rename/add/remove columns
|
||||
- Tasks with different colors, categories, sub-tasks, attachments, comments and Markdown support for the description
|
||||
- Automatic actions based on events
|
||||
- Users management with a basic privileges separation (administrator or regular user)
|
||||
- User management with a basic privileges separation (administrator or regular user)
|
||||
- Email notifications
|
||||
- External authentication: Google, GitHub, LDAP/ActiveDirectory and Reverse-Proxy
|
||||
- Webhooks to create tasks from an external software
|
||||
|
|
|
|||
|
|
@ -196,7 +196,7 @@ return array(
|
|||
'revoke' => 'entfernen',
|
||||
'List of authorized users' => 'Liste der autorisierten Benutzer',
|
||||
'User' => 'Benutzer',
|
||||
'Everybody have access to this project.' => 'Jeder hat Zugang zu diesem Projekt.',
|
||||
// 'Nobody have access to this project.' => '',
|
||||
'You are not allowed to access to this project.' => 'Unzureichende Zugriffsrechte zu diesem Projekt.',
|
||||
'Comments' => 'Kommentare',
|
||||
'Post comment' => 'Kommentieren',
|
||||
|
|
@ -421,7 +421,7 @@ return array(
|
|||
// 'view the task on Kanboard' => '',
|
||||
// 'Public access' => '',
|
||||
// 'Categories management' => '',
|
||||
// 'Users management' => '',
|
||||
// 'User management' => '',
|
||||
// 'Active tasks' => '',
|
||||
// 'Disable public access' => '',
|
||||
// 'Enable public access' => '',
|
||||
|
|
|
|||
|
|
@ -196,7 +196,7 @@ return array(
|
|||
'revoke' => 'revocar',
|
||||
'List of authorized users' => 'Lista de los usuarios autorizados',
|
||||
'User' => 'Usuario',
|
||||
'Everybody have access to this project.' => 'Todo el mundo tiene acceso al proyecto.',
|
||||
// 'Nobody have access to this project.' => '',
|
||||
'You are not allowed to access to this project.' => 'No está autorizado a acceder a este proyecto.',
|
||||
'Comments' => 'Comentarios',
|
||||
'Post comment' => 'Commentar',
|
||||
|
|
@ -421,7 +421,7 @@ return array(
|
|||
'view the task on Kanboard' => 'ver la tarea en Kanboard',
|
||||
'Public access' => 'Acceso público',
|
||||
'Categories management' => 'Gestión de Categorías',
|
||||
'Users management' => 'Gestión de Usuarios',
|
||||
'User management' => 'Gestión de Usuarios',
|
||||
'Active tasks' => 'Tareas activas',
|
||||
'Disable public access' => 'Desactivar acceso público',
|
||||
'Enable public access' => 'Activar acceso público',
|
||||
|
|
|
|||
|
|
@ -196,7 +196,7 @@ return array(
|
|||
'revoke' => 'poista',
|
||||
'List of authorized users' => 'Sallittujen käyttäjien lista',
|
||||
'User' => 'Käyttäjät',
|
||||
'Everybody have access to this project.' => 'Kaikilla on pääsy tähän projektiin.',
|
||||
// 'Nobody have access to this project.' => '',
|
||||
'You are not allowed to access to this project.' => 'Sinulla ei ole pääsyä tähän projektiin.',
|
||||
'Comments' => 'Kommentit',
|
||||
'Post comment' => 'Lisää kommentti',
|
||||
|
|
@ -421,7 +421,7 @@ return array(
|
|||
// 'view the task on Kanboard' => '',
|
||||
// 'Public access' => '',
|
||||
// 'Categories management' => '',
|
||||
// 'Users management' => '',
|
||||
// 'User management' => '',
|
||||
// 'Active tasks' => '',
|
||||
// 'Disable public access' => '',
|
||||
// 'Enable public access' => '',
|
||||
|
|
|
|||
|
|
@ -196,7 +196,7 @@ return array(
|
|||
'revoke' => 'révoquer',
|
||||
'List of authorized users' => 'Liste des utilisateurs autorisés',
|
||||
'User' => 'Utilisateur',
|
||||
'Everybody have access to this project.' => 'Tout le monde a accès au projet.',
|
||||
'Nobody have access to this project.' => 'Personne n\'est autorisé à accéder au projet.',
|
||||
'You are not allowed to access to this project.' => 'Vous n\'êtes pas autorisé à accéder à ce projet.',
|
||||
'Comments' => 'Commentaires',
|
||||
'Post comment' => 'Commenter',
|
||||
|
|
@ -421,7 +421,7 @@ return array(
|
|||
'view the task on Kanboard' => 'voir la tâche sur Kanboard',
|
||||
'Public access' => 'Accès public',
|
||||
'Categories management' => 'Gestion des catégories',
|
||||
'Users management' => 'Gestion des utilisateurs',
|
||||
'User management' => 'Gestion des utilisateurs',
|
||||
'Active tasks' => 'Tâches actives',
|
||||
'Disable public access' => 'Désactiver l\'accès public',
|
||||
'Enable public access' => 'Activer l\'accès public',
|
||||
|
|
|
|||
|
|
@ -196,7 +196,7 @@ return array(
|
|||
'revoke' => 'revocare',
|
||||
'List of authorized users' => 'Lista di utenti autorizzati',
|
||||
'User' => 'Utente',
|
||||
'Everybody have access to this project.' => 'Tutti hanno accesso a questo progetto.',
|
||||
// 'Nobody have access to this project.' => '',
|
||||
'You are not allowed to access to this project.' => 'Non hai l\'accesso a questo progetto.',
|
||||
'Comments' => 'Commenti',
|
||||
'Post comment' => 'Mandare commento',
|
||||
|
|
@ -421,7 +421,7 @@ return array(
|
|||
'view the task on Kanboard' => 'vedi il compito su Kanboard',
|
||||
// 'Public access' => '',
|
||||
// 'Categories management' => '',
|
||||
// 'Users management' => '',
|
||||
// 'User management' => '',
|
||||
// 'Active tasks' => '',
|
||||
// 'Disable public access' => '',
|
||||
// 'Enable public access' => '',
|
||||
|
|
|
|||
|
|
@ -196,7 +196,7 @@ return array(
|
|||
'revoke' => 'odbierz dostęp',
|
||||
'List of authorized users' => 'Lista użytkowników mających dostęp',
|
||||
'User' => 'Użytkownik',
|
||||
'Everybody have access to this project.' => 'Każdy ma dostęp do tego projektu.',
|
||||
// 'Nobody have access to this project.' => '',
|
||||
'You are not allowed to access to this project.' => 'Nie masz dostępu do tego projektu.',
|
||||
'Comments' => 'Komentarze',
|
||||
'Post comment' => 'Dodaj komentarz',
|
||||
|
|
@ -421,7 +421,7 @@ return array(
|
|||
// 'view the task on Kanboard' => '',
|
||||
// 'Public access' => '',
|
||||
// 'Categories management' => '',
|
||||
// 'Users management' => '',
|
||||
// 'User management' => '',
|
||||
// 'Active tasks' => '',
|
||||
// 'Disable public access' => '',
|
||||
// 'Enable public access' => '',
|
||||
|
|
|
|||
|
|
@ -196,7 +196,7 @@ return array(
|
|||
'revoke' => 'revogar',
|
||||
'List of authorized users' => 'Lista de usuários autorizados',
|
||||
'User' => 'Usuário',
|
||||
'Everybody have access to this project.' => 'Todos têm acesso a este projeto.',
|
||||
// 'Nobody have access to this project.' => '',
|
||||
'You are not allowed to access to this project.' => 'Você não está autorizado a acessar este projeto.',
|
||||
'Comments' => 'Comentários',
|
||||
'Post comment' => 'Postar comentário',
|
||||
|
|
@ -421,7 +421,7 @@ return array(
|
|||
// 'view the task on Kanboard' => '',
|
||||
// 'Public access' => '',
|
||||
// 'Categories management' => '',
|
||||
// 'Users management' => '',
|
||||
// 'User management' => '',
|
||||
// 'Active tasks' => '',
|
||||
// 'Disable public access' => '',
|
||||
// 'Enable public access' => '',
|
||||
|
|
|
|||
|
|
@ -196,7 +196,7 @@ return array(
|
|||
'revoke' => 'отозвать',
|
||||
'List of authorized users' => 'Список авторизованных пользователей',
|
||||
'User' => 'Пользователь',
|
||||
'Everybody have access to this project.' => 'Кто угодно имеет доступ к этому проекту.',
|
||||
// 'Nobody have access to this project.' => '',
|
||||
'You are not allowed to access to this project.' => 'Вам запрешен доступ к этому проекту.',
|
||||
'Comments' => 'Комментарии',
|
||||
'Post comment' => 'Оставить комментарий',
|
||||
|
|
@ -421,7 +421,7 @@ return array(
|
|||
'view the task on Kanboard' => 'посмотреть задачу на Kanboard',
|
||||
'Public access' => 'Общий доступ',
|
||||
'Categories management' => 'Управление категориями',
|
||||
'Users management' => 'Управление пользователями',
|
||||
'User management' => 'Управление пользователями',
|
||||
'Active tasks' => 'Активные задачи',
|
||||
'Disable public access' => 'Отключить общий доступ',
|
||||
'Enable public access' => 'Включить общий доступ',
|
||||
|
|
|
|||
|
|
@ -196,7 +196,7 @@ return array(
|
|||
'revoke' => 'Dra tillbaka behörighet',
|
||||
'List of authorized users' => 'Lista med behöriga användare',
|
||||
'User' => 'Användare',
|
||||
'Everybody have access to this project.' => 'Alla har tillgång till detta projekt.',
|
||||
// 'Nobody have access to this project.' => '',
|
||||
'You are not allowed to access to this project.' => 'Du har inte tillgång till detta projekt.',
|
||||
'Comments' => 'Kommentarer',
|
||||
'Post comment' => 'Ladda upp kommentar',
|
||||
|
|
@ -421,7 +421,7 @@ return array(
|
|||
'view the task on Kanboard' => 'Visa uppgiften på Kanboard',
|
||||
// 'Public access' => '',
|
||||
// 'Categories management' => '',
|
||||
// 'Users management' => '',
|
||||
// 'User management' => '',
|
||||
// 'Active tasks' => '',
|
||||
// 'Disable public access' => '',
|
||||
// 'Enable public access' => '',
|
||||
|
|
|
|||
|
|
@ -196,7 +196,7 @@ return array(
|
|||
'revoke' => '撤销',
|
||||
'List of authorized users' => '已授权的用户列表',
|
||||
'User' => '用户',
|
||||
'Everybody have access to this project.' => '任何人都有该项目权限。',
|
||||
// 'Nobody have access to this project.' => '',
|
||||
'You are not allowed to access to this project.' => '您对该项目没有权限。',
|
||||
'Comments' => '评论',
|
||||
'Post comment' => '发表评论',
|
||||
|
|
@ -421,7 +421,7 @@ return array(
|
|||
// 'view the task on Kanboard' => '',
|
||||
// 'Public access' => '',
|
||||
// 'Categories management' => '',
|
||||
// 'Users management' => '',
|
||||
// 'User management' => '',
|
||||
// 'Active tasks' => '',
|
||||
// 'Disable public access' => '',
|
||||
// 'Enable public access' => '',
|
||||
|
|
|
|||
|
|
@ -33,10 +33,6 @@ class ProjectPermission extends Base
|
|||
{
|
||||
$allowed_users = $this->getAllowedUsers($project_id);
|
||||
|
||||
if (empty($allowed_users)) {
|
||||
$allowed_users = $this->user->getList();
|
||||
}
|
||||
|
||||
if ($prepend_unassigned) {
|
||||
$allowed_users = array(t('Unassigned')) + $allowed_users;
|
||||
}
|
||||
|
|
@ -146,22 +142,10 @@ class ProjectPermission extends Base
|
|||
*/
|
||||
public function isUserAllowed($project_id, $user_id)
|
||||
{
|
||||
// If there is nobody specified, everybody have access to the project
|
||||
$nb_users = $this->db
|
||||
->table(self::TABLE)
|
||||
->eq('project_id', $project_id)
|
||||
->count();
|
||||
|
||||
if ($nb_users < 1) return true;
|
||||
|
||||
// Check if user has admin rights
|
||||
$nb_users = $this->db
|
||||
->table(User::TABLE)
|
||||
->eq('id', $user_id)
|
||||
->eq('is_admin', 1)
|
||||
->count();
|
||||
|
||||
if ($nb_users > 0) return true;
|
||||
// Check if the user has admin rights
|
||||
if ($this->user->isAdmin($user_id)) {
|
||||
return true;
|
||||
}
|
||||
|
||||
// Otherwise, allow only specific users
|
||||
return (bool) $this->db
|
||||
|
|
|
|||
|
|
@ -28,6 +28,24 @@ class User extends Base
|
|||
*/
|
||||
const EVERYBODY_ID = -1;
|
||||
|
||||
/**
|
||||
* Return true is the given user id is administrator
|
||||
*
|
||||
* @access public
|
||||
* @param integer $user_id User id
|
||||
* @return boolean
|
||||
*/
|
||||
public function isAdmin($user_id)
|
||||
{
|
||||
$result = $this->db
|
||||
->table(User::TABLE)
|
||||
->eq('id', $user_id)
|
||||
->eq('is_admin', 1)
|
||||
->count();
|
||||
|
||||
return $result > 0;
|
||||
}
|
||||
|
||||
/**
|
||||
* Get the default project from the session
|
||||
*
|
||||
|
|
|
|||
|
|
@ -23,7 +23,7 @@
|
|||
<a href="?controller=category&action=index&project_id=<?= $project['id'] ?>"><?= t('Categories management') ?></a>
|
||||
</li>
|
||||
<li>
|
||||
<a href="?controller=project&action=users&project_id=<?= $project['id'] ?>"><?= t('Users management') ?></a>
|
||||
<a href="?controller=project&action=users&project_id=<?= $project['id'] ?>"><?= t('User management') ?></a>
|
||||
</li>
|
||||
<li>
|
||||
<a href="?controller=action&action=index&project_id=<?= $project['id'] ?>"><?= t('Automatic actions') ?></a>
|
||||
|
|
|
|||
|
|
@ -3,7 +3,7 @@
|
|||
</div>
|
||||
|
||||
<?php if (empty($users['allowed'])): ?>
|
||||
<div class="alert alert-info"><?= t('Everybody have access to this project.') ?></div>
|
||||
<div class="alert alert-info"><?= t('Nobody have access to this project.') ?></div>
|
||||
<?php else: ?>
|
||||
<div class="listing">
|
||||
<p><?= t('Only those users have access to this project:') ?></p>
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
Users management
|
||||
================
|
||||
User management
|
||||
===============
|
||||
|
||||
Type of users
|
||||
-------------
|
||||
|
|
|
|||
|
|
@ -8,7 +8,7 @@ use Model\User;
|
|||
|
||||
class ProjectPermissionTest extends Base
|
||||
{
|
||||
public function testAllowEverybody()
|
||||
public function testDisallowEverybody()
|
||||
{
|
||||
// We create a regular user
|
||||
$user = new User($this->registry);
|
||||
|
|
@ -20,8 +20,8 @@ class ProjectPermissionTest extends Base
|
|||
$this->assertEquals(1, $p->create(array('name' => 'UnitTest')));
|
||||
|
||||
$this->assertEmpty($pp->getAllowedUsers(1)); // Nobody is specified for the given project
|
||||
$this->assertTrue($pp->isUserAllowed(1, 1)); // Everybody should be allowed
|
||||
$this->assertTrue($pp->isUserAllowed(1, 2)); // Everybody should be allowed
|
||||
$this->assertTrue($pp->isUserAllowed(1, 1)); // Admin should be allowed
|
||||
$this->assertFalse($pp->isUserAllowed(1, 2)); // Regular user should be denied
|
||||
}
|
||||
|
||||
public function testAllowUser()
|
||||
|
|
@ -37,6 +37,7 @@ class ProjectPermissionTest extends Base
|
|||
|
||||
// We allow the admin user
|
||||
$this->assertTrue($pp->allowUser(1, 1));
|
||||
$this->assertTrue($pp->allowUser(1, 2));
|
||||
|
||||
// Non-existant project
|
||||
$this->assertFalse($pp->allowUser(50, 1));
|
||||
|
|
@ -44,12 +45,10 @@ class ProjectPermissionTest extends Base
|
|||
// Non-existant user
|
||||
$this->assertFalse($pp->allowUser(1, 50));
|
||||
|
||||
// Our admin user should be allowed
|
||||
$this->assertEquals(array('1' => 'admin'), $pp->getAllowedUsers(1));
|
||||
// Both users should be allowed
|
||||
$this->assertEquals(array('1' => 'admin', '2' => 'unittest'), $pp->getAllowedUsers(1));
|
||||
$this->assertTrue($pp->isUserAllowed(1, 1));
|
||||
|
||||
// Our regular user should be forbidden
|
||||
$this->assertFalse($pp->isUserAllowed(1, 2));
|
||||
$this->assertTrue($pp->isUserAllowed(1, 2));
|
||||
}
|
||||
|
||||
public function testRevokeUser()
|
||||
|
|
@ -69,9 +68,9 @@ class ProjectPermissionTest extends Base
|
|||
// We should have nobody in the users list
|
||||
$this->assertEmpty($pp->getAllowedUsers(1));
|
||||
|
||||
// Our admin user and our regular user should be allowed
|
||||
// Only admin is allowed
|
||||
$this->assertTrue($pp->isUserAllowed(1, 1));
|
||||
$this->assertTrue($pp->isUserAllowed(1, 2));
|
||||
$this->assertFalse($pp->isUserAllowed(1, 2));
|
||||
|
||||
// We allow only the regular user
|
||||
$this->assertTrue($pp->allowUser(1, 2));
|
||||
|
|
@ -103,9 +102,9 @@ class ProjectPermissionTest extends Base
|
|||
$this->assertTrue($pp->revokeUser(1, 1));
|
||||
$this->assertEmpty($pp->getAllowedUsers(1));
|
||||
|
||||
// Everybody should be allowed again
|
||||
// Only admin should be allowed again
|
||||
$this->assertTrue($pp->isUserAllowed(1, 1));
|
||||
$this->assertTrue($pp->isUserAllowed(1, 2));
|
||||
$this->assertFalse($pp->isUserAllowed(1, 2));
|
||||
}
|
||||
|
||||
public function testUsersList()
|
||||
|
|
@ -119,9 +118,9 @@ class ProjectPermissionTest extends Base
|
|||
// We create project
|
||||
$this->assertEquals(1, $p->create(array('name' => 'UnitTest')));
|
||||
|
||||
// No restriction, we should have everybody
|
||||
// No restriction, we should have no body
|
||||
$this->assertEquals(
|
||||
array('Unassigned', 'admin', 'unittest'),
|
||||
array('Unassigned'),
|
||||
$pp->getUsersList(1)
|
||||
);
|
||||
|
||||
|
|
@ -153,7 +152,7 @@ class ProjectPermissionTest extends Base
|
|||
$this->assertTrue($pp->revokeUser(1, 1));
|
||||
|
||||
$this->assertEquals(
|
||||
array(0 => 'Unassigned', 1 => 'admin', 2 => 'unittest'),
|
||||
array(0 => 'Unassigned'),
|
||||
$pp->getUsersList(1)
|
||||
);
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in New Issue