AS1024/Kanboard-Prod
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Add new role Project Administrator

Browse Source
This commit is contained in:
Frederic Guillot
2015-08-14 15:43:08 -04:00
parent 80fb3bc9aa
commit b2cce5a3a1
49 changed files with 337 additions and 78 deletions
Download Patch File Download Diff File Expand all files Collapse all files

89
app/Model/Acl.php
View File

@@ -32,7 +32,7 @@ class Acl extends Base
* @access private
* @var array
*/
private $member_acl = array(
private $project_member_acl = array(
'board' => '*',
'comment' => '*',
'file' => '*',
@@ -56,17 +56,27 @@ class Acl extends Base
* @access private
* @var array
*/
private $manager_acl = array(
private $project_manager_acl = array(
'action' => '*',
'analytic' => '*',
'category' => '*',
'column' => '*',
'export' => array('tasks', 'subtasks', 'summary'),
'export' => '*',
'project' => array('edit', 'update', 'share', 'integration', 'users', 'alloweverybody', 'allow', 'setowner', 'revoke', 'duplicate', 'disable', 'enable'),
'swimlane' => '*',
'budget' => '*',
);
/**
* Controllers and actions for project admins
*
* @access private
* @var array
*/
private $project_admin_acl = array(
'project' => array('remove'),
);
/**
* Controllers and actions for admins
*
@@ -77,8 +87,6 @@ class Acl extends Base
'user' => array('index', 'create', 'save', 'remove', 'authentication'),
'config' => '*',
'link' => '*',
'project' => array('remove'),
'hourlyrate' => '*',
'currency' => '*',
'twofactor' => array('disable'),
);
@@ -149,9 +157,22 @@ class Acl extends Base
* @param string $action Action name
* @return bool
*/
public function isManagerAction($controller, $action)
public function isProjectManagerAction($controller, $action)
{
return $this->matchAcl($this->manager_acl, $controller, $action);
return $this->matchAcl($this->project_manager_acl, $controller, $action);
}
/**
* Return true if the given action is for application managers
*
* @access public
* @param string $controller Controller name
* @param string $action Action name
* @return bool
*/
public function isProjectAdminAction($controller, $action)
{
return $this->matchAcl($this->project_admin_acl, $controller, $action);
}
/**
@@ -162,9 +183,9 @@ class Acl extends Base
* @param string $action Action name
* @return bool
*/
public function isMemberAction($controller, $action)
public function isProjectMemberAction($controller, $action)
{
return $this->matchAcl($this->member_acl, $controller, $action);
return $this->matchAcl($this->project_member_acl, $controller, $action);
}
/**
@@ -189,13 +210,18 @@ class Acl extends Base
return false;
}
// Check project admin permissions
if ($this->isProjectAdminAction($controller, $action)) {
return $this->handleProjectAdminPermissions($project_id);
}
// Check project manager permissions
if ($this->isManagerAction($controller, $action)) {
return $this->isManagerActionAllowed($project_id);
if ($this->isProjectManagerAction($controller, $action)) {
return $this->handleProjectManagerPermissions($project_id);
}
// Check project member permissions
if ($this->isMemberAction($controller, $action)) {
if ($this->isProjectMemberAction($controller, $action)) {
return $project_id > 0 && $this->projectPermission->isMember($project_id, $this->userSession->getId());
}
@@ -203,12 +229,43 @@ class Acl extends Base
return true;
}
public function isManagerActionAllowed($project_id)
/**
* Handle permission for project manager
*
* @access public
* @param integer $project_id
* @return boolean
*/
public function handleProjectManagerPermissions($project_id)
{
if ($this->userSession->isAdmin()) {
return true;
if ($project_id > 0) {
if ($this->userSession->isProjectAdmin()) {
return $this->projectPermission->isMember($project_id, $this->userSession->getId());
}
return $this->projectPermission->isManager($project_id, $this->userSession->getId());
}
return $project_id > 0 && $this->projectPermission->isManager($project_id, $this->userSession->getId());
return false;
}
/**
* Handle permission for project admins
*
* @access public
* @param integer $project_id
* @return boolean
*/
public function handleProjectAdminPermissions($project_id)
{
if (! $this->userSession->isProjectAdmin()) {
return false;
}
if ($project_id > 0) {
return $this->projectPermission->isMember($project_id, $this->userSession->getId());
}
return true;
}
}

4
app/Model/User.php
View File

@@ -57,6 +57,7 @@ class User extends Base
'name',
'email',
'is_admin',
'is_project_admin',
'is_ldap_user',
'notifications_enabled',
'google_id',
@@ -254,7 +255,7 @@ class User extends Base
}
$this->removeFields($values, array('confirmation', 'current_password'));
$this->resetFields($values, array('is_admin', 'is_ldap_user'));
$this->resetFields($values, array('is_admin', 'is_ldap_user', 'is_project_admin'));
}
/**
@@ -442,6 +443,7 @@ class User extends Base
new Validators\Unique('username', t('The username must be unique'), $this->db->getConnection(), self::TABLE, 'id'),
new Validators\Email('email', t('Email address invalid')),
new Validators\Integer('is_admin', t('This value must be an integer')),
new Validators\Integer('is_project_admin', t('This value must be an integer')),
new Validators\Integer('is_ldap_user', t('This value must be an integer')),
);
}

12
app/Model/UserSession.php
View File

@@ -34,6 +34,7 @@ class UserSession extends Base
$user['id'] = (int) $user['id'];
$user['is_admin'] = (bool) $user['is_admin'];
$user['is_project_admin'] = (bool) $user['is_project_admin'];
$user['is_ldap_user'] = (bool) $user['is_ldap_user'];
$user['twofactor_activated'] = (bool) $user['twofactor_activated'];
@@ -73,6 +74,17 @@ class UserSession extends Base
return isset($this->session['user']['is_admin']) && $this->session['user']['is_admin'] === true;
}
/**
* Return true if the logged user is project admin
*
* @access public
* @return bool
*/
public function isProjectAdmin()
{
return isset($this->session['user']['is_project_admin']) && $this->session['user']['is_project_admin'] === true;
}
/**
* Get the connected user id
*