Enforce restrictions for column menus

2016-09-18 22:05:20 -04:00 · 2016-09-18 22:05:20 -04:00 · c328bcf840
parent 3043163747
commit c328bcf840
2 changed files with 15 additions and 10 deletions
--- a/app/Controller/TaskBulkController.php
+++ b/app/Controller/TaskBulkController.php
@ -47,7 +47,12 @@ class TaskBulkController extends BaseController
        $values = $this->request->getValues();
        list($valid, $errors) = $this->taskValidator->validateBulkCreation($values);

-        if ($valid) {
+        if (! $valid) {
+            $this->show($values, $errors);
+        } else if (! $this->helper->projectRole->canCreateTaskInColumn($project['id'], $values['column_id'])) {
+            $this->flash->failure(t('You cannot create tasks in this column.'));
+            $this->response->redirect($this->helper->url->to('BoardViewController', 'show', array('project_id' => $project['id'])), true);
+        } else {
            $this->createTasks($project, $values);
            $this->response->redirect($this->helper->url->to(
                'BoardViewController',
@ -55,8 +60,6 @@ class TaskBulkController extends BaseController
                array('project_id' => $project['id']),
                'swimlane-'. $values['swimlane_id']
            ), true);
-        } else {
-            $this->show($values, $errors);
        }
    }

--- a/app/Template/board/table_column.php
+++ b/app/Template/board/table_column.php
@ -35,18 +35,20 @@
                                <i class="fa fa-minus-square fa-fw"></i>
                                <a href="#" class="board-toggle-column-view" data-column-id="<?= $column['id'] ?>"><?= t('Hide this column') ?></a>
                            </li>
-                            <?php if ($this->user->hasProjectAccess('TaskCreationController', 'show', $column['project_id'])): ?>
+                            <?php if ($this->projectRole->canCreateTaskInColumn($column['project_id'], $column['id'])): ?>
                                <li>
                                    <i class="fa fa-align-justify fa-fw" aria-hidden="true"></i>
                                    <?= $this->url->link(t('Create tasks in bulk'), 'TaskBulkController', 'show', array('project_id' => $column['project_id'], 'column_id' => $column['id'], 'swimlane_id' => $swimlane['id']), false, 'popover') ?>
                                </li>
-                                <?php if ($column['nb_tasks'] > 0): ?>
-                                    <li>
-                                        <i class="fa fa-close fa-fw"></i>
-                                        <?= $this->url->link(t('Close all tasks of this column'), 'BoardPopoverController', 'confirmCloseColumnTasks', array('project_id' => $column['project_id'], 'column_id' => $column['id'], 'swimlane_id' => $swimlane['id']), false, 'popover') ?>
-                                    </li>
-                                <?php endif ?>
                            <?php endif ?>
+
+                            <?php if ($column['nb_tasks'] > 0 && $this->projectRole->canChangeTaskStatusInColumn($column['project_id'], $column['id'])): ?>
+                                <li>
+                                    <i class="fa fa-close fa-fw"></i>
+                                    <?= $this->url->link(t('Close all tasks of this column'), 'BoardPopoverController', 'confirmCloseColumnTasks', array('project_id' => $column['project_id'], 'column_id' => $column['id'], 'swimlane_id' => $swimlane['id']), false, 'popover') ?>
+                                </li>
+                            <?php endif ?>
+
                            <?= $this->hook->render('template:board:column:dropdown', array('swimlane' => $swimlane, 'column' => $column)) ?>
                        </ul>
                    </span>