Define only what is allowed for column restrictions

2016-09-10 23:12:38 -04:00 · 2016-09-10 23:12:38 -04:00 · a0227cad69
parent 44f680cf2f
commit a0227cad69
12 changed files with 31 additions and 24 deletions
--- a/app/Controller/AppController.php
+++ b/app/Controller/AppController.php
@ -16,18 +16,19 @@ class AppController extends Base
     * Forbidden page
     *
     * @access public
-     * @param  bool $withoutLayout
+     * @param  bool   $withoutLayout
+     * @param  string $message
     */
-    public function accessForbidden($withoutLayout = false)
+    public function accessForbidden($withoutLayout = false, $message = '')
    {
        if ($this->request->isAjax()) {
-            $this->response->json(array('message' => 'Access Forbidden'), 403);
+            $this->response->json(array('message' => $message ?: t('Access Forbidden')), 403);
+        } else {
+            $this->response->html($this->helper->layout->app('app/forbidden', array(
+                'title' => t('Access Forbidden'),
+                'no_layout' => $withoutLayout,
+            )));
        }
-
-        $this->response->html($this->helper->layout->app('app/forbidden', array(
-            'title' => t('Access Forbidden'),
-            'no_layout' => $withoutLayout,
-        )));
    }

    /**
--- a/app/Controller/BoardAjaxController.php
+++ b/app/Controller/BoardAjaxController.php
@ -36,7 +36,7 @@ class BoardAjaxController extends BaseController
        );

        if (! $canMoveTask) {
-            throw new AccessForbiddenException("You don't have the permission to move this task");
+            throw new AccessForbiddenException(e("You don't have the permission to move this task"));
        }

        $result =$this->taskPositionModel->movePosition(
--- a/app/Core/Controller/Runner.php
+++ b/app/Core/Controller/Runner.php
@ -35,7 +35,7 @@ class Runner extends Base
            $controllerObject->notFound($e->hasLayout());
        } catch (AccessForbiddenException $e) {
            $controllerObject = new AppController($this->container);
-            $controllerObject->accessForbidden($e->hasLayout());
+            $controllerObject->accessForbidden($e->hasLayout(), $e->getMessage());
        }
    }

--- a/app/Helper/BoardHelper.php
+++ b/app/Helper/BoardHelper.php
@ -38,7 +38,7 @@ class BoardHelper extends Base

            if ($this->role->isCustomProjectRole($role)) {
                $srcColumnIds = $this->columnMoveRestrictionCacheDecorator->getAllSrcColumns($task['project_id'], $role);
-                return ! isset($srcColumnIds[$task['column_id']]);
+                return isset($srcColumnIds[$task['column_id']]);
            }

            return true;
--- a/app/Middleware/PostAuthenticationMiddleware.php
+++ b/app/Middleware/PostAuthenticationMiddleware.php
@ -26,9 +26,9 @@ class PostAuthenticationMiddleware extends BaseMiddleware

            if ($this->request->isAjax()) {
                $this->response->text('Not Authorized', 401);
+            } else {
+                $this->response->redirect($this->helper->url->to('TwoFactorController', 'code'));
            }
-
-            $this->response->redirect($this->helper->url->to('TwoFactorController', 'code'));
        }

        $this->next();
--- a/app/Model/ColumnMoveRestrictionModel.php
+++ b/app/Model/ColumnMoveRestrictionModel.php
@ -25,7 +25,7 @@ class ColumnMoveRestrictionModel extends Base
     */
    public function isAllowed($project_id, $role, $src_column_id, $dst_column_id)
    {
-        return ! $this->db->table(self::TABLE)
+        return $this->db->table(self::TABLE)
            ->left(ProjectRoleModel::TABLE, 'pr', 'role_id', self::TABLE, 'role_id')
            ->eq(self::TABLE.'.project_id', $project_id)
            ->eq(self::TABLE.'.src_column_id', $src_column_id)
--- a/app/Template/column_move_restriction/create.php
+++ b/app/Template/column_move_restriction/create.php
@ -19,6 +19,6 @@
            <?= $this->url->link(t('cancel'), 'ProjectRoleController', 'show', array(), false, 'close-popover') ?>
        </div>

-        <p class="alert alert-info"><?= t('People belonging to this role won\'t be able to move tasks between the source and the destination column.') ?></p>
+        <p class="alert alert-info"><?= t('People belonging to this role will be able to move tasks only between the source and the destination column.') ?></p>
    </form>
 </section>
--- a/app/Template/project_role/show.php
+++ b/app/Template/project_role/show.php
@ -16,7 +16,7 @@
        <tr>
            <th>
                <div class="dropdown">
-                    <a href="#" class="dropdown-menu"><?= t('Column restrictions for the role "%s"', $role['role']) ?> <i class="fa fa-caret-down"></i></a>
+                    <a href="#" class="dropdown-menu"><?= t('Restrictions for the role "%s"', $role['role']) ?> <i class="fa fa-caret-down"></i></a>
                    <ul>
                        <li>
                            <i class="fa fa-plus fa-fw" aria-hidden="true"></i>
@ -41,10 +41,7 @@
            <?php foreach ($role['restrictions'] as $restriction): ?>
                <tr>
                    <td>
-                        <i class="fa fa-ban fa-fw" aria-hidden="true"></i>
-                        <?= $this->text->e($restriction['src_column_title']) ?>
-                        <i class="fa fa-arrow-right fa-fw" aria-hidden="true"></i>
-                        <?= $this->text->e($restriction['dst_column_title']) ?>
+                        <?= t('Moving task from the column "%s" to "%s" is permitted', $restriction['src_column_title'], $restriction['dst_column_title']) ?>
                    </td>
                    <td>
                        <i class="fa fa-trash-o fa-fw" aria-hidden="true"></i>
--- a/assets/js/app.min.js
+++ b/assets/js/app.min.js
--- a/assets/js/src/BoardDragAndDrop.js
+++ b/assets/js/src/BoardDragAndDrop.js
@ -87,6 +87,12 @@ Kanboard.BoardDragAndDrop.prototype.save = function(taskId, srcColumnId, dstColu
        error: function() {
            self.app.hideLoadingIcon();
            self.savingInProgress = false;
+        },
+        statusCode: {
+            403: function(data) {
+                window.alert(data.responseJSON.message);
+                document.location.reload(true);
+            }
        }
    });
 };
--- a/tests/units/Helper/BoardHelperTest.php
+++ b/tests/units/Helper/BoardHelperTest.php
@ -87,8 +87,12 @@ class BoardHelperTest extends Base

        $this->assertTrue($projectUserRole->addUser(1, 2, 'Custom Role'));
        $this->assertEquals(1, $taskCreationModel->create(array('project_id' => 1, 'title' => 'test', 'column_id' => 2)));
+        $this->assertEquals(2, $taskCreationModel->create(array('project_id' => 1, 'title' => 'test', 'column_id' => 3)));

        $task = $taskFinderModel->getById(1);
+        $this->assertTrue($boardHelper->isDraggable($task));
+
+        $task = $taskFinderModel->getById(2);
        $this->assertFalse($boardHelper->isDraggable($task));
    }
 }
--- a/tests/units/Model/ColumnMoveRestrictionModelTest.php
+++ b/tests/units/Model/ColumnMoveRestrictionModelTest.php
@ -132,8 +132,7 @@ class ColumnMoveRestrictionModelTest extends Base
        $this->assertEquals(1, $columnMoveRestrictionModel->create(1, 1, 2, 3));
        $this->assertEquals(2, $columnMoveRestrictionModel->create(1, 2, 3, 4));

-        $this->assertTrue($columnMoveRestrictionModel->isAllowed(1, 'Role D', 1, 2));
-        $this->assertTrue($columnMoveRestrictionModel->isAllowed(1, 'Role A', 1, 2));
-        $this->assertFalse($columnMoveRestrictionModel->isAllowed(1, 'Role A', 2, 3));
+        $this->assertFalse($columnMoveRestrictionModel->isAllowed(1, 'Role A', 1, 2));
+        $this->assertTrue($columnMoveRestrictionModel->isAllowed(1, 'Role A', 2, 3));
    }
 }