AS1024/Kanboard-Prod
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Regular users are able to create private projects

Browse Source
This commit is contained in:
Frédéric Guillot
2014-10-05 19:40:57 -04:00
parent 7f5a871f84
commit d138834dcf
39 changed files with 379 additions and 319 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
app/Controller/Action.php
View File

@@ -17,7 +17,7 @@ class Action extends Base
*/
public function index()
{
$project = $this->getProject();
$project = $this->getProjectManagement();
$this->response->html($this->projectLayout('action_index', array(
'values' => array('project_id' => $project['id']),
@@ -43,7 +43,7 @@ class Action extends Base
*/
public function event()
{
$project = $this->getProject();
$project = $this->getProjectManagement();
$values = $this->request->getValues();
if (empty($values['action_name']) || empty($values['project_id'])) {
@@ -66,7 +66,7 @@ class Action extends Base
*/
public function params()
{
$project = $this->getProject();
$project = $this->getProjectManagement();
$values = $this->request->getValues();
if (empty($values['action_name']) || empty($values['project_id']) || empty($values['event_name'])) {
@@ -104,7 +104,7 @@ class Action extends Base
*/
public function create()
{
$this->doCreation($this->getProject(), $this->request->getValues());
$this->doCreation($this->getProjectManagement(), $this->request->getValues());
}
/**
@@ -138,7 +138,7 @@ class Action extends Base
*/
public function confirm()
{
$project = $this->getProject();
$project = $this->getProjectManagement();
$this->response->html($this->projectLayout('action_remove', array(
'action' => $this->action->getById($this->request->getIntegerParam('action_id')),
@@ -158,6 +158,7 @@ class Action extends Base
public function remove()
{
$this->checkCSRFParam();
$project = $this->getProjectManagement();
$action = $this->action->getById($this->request->getIntegerParam('action_id'));
if ($action && $this->action->remove($action['id'])) {
@@ -166,6 +167,6 @@ class Action extends Base
$this->session->flashError(t('Unable to remove this action.'));
}
$this->response->redirect('?controller=action&action=index&project_id='.$action['project_id']);
$this->response->redirect('?controller=action&action=index&project_id='.$project['id']);
}
}

29
app/Controller/Base.php
View File

@@ -209,11 +209,8 @@ abstract class Base
*/
protected function checkProjectPermissions($project_id)
{
if ($this->acl->isRegularUser()) {
if ($project_id > 0 && ! $this->projectPermission->isUserAllowed($project_id, $this->acl->getUserId())) {
$this->forbidden();
}
if ($this->acl->isRegularUser() && ! $this->projectPermission->isUserAllowed($project_id, $this->acl->getUserId())) {
$this->forbidden();
}
}
@@ -260,6 +257,7 @@ abstract class Base
{
$content = $this->template->load($template, $params);
$params['project_content_for_layout'] = $content;
$params['menu'] = 'projects';
return $this->template->layout('project_layout', $params);
}
@@ -304,4 +302,25 @@ abstract class Base
return $project;
}
/**
* Common method to get a project with administration rights
*
* @access protected
* @return array
*/
protected function getProjectManagement()
{
$project = $this->project->getById($this->request->getIntegerParam('project_id'));
if (! $project) {
$this->notfound();
}
if ($this->acl->isRegularUser() && ! $this->projectPermission->adminAllowed($project['id'], $this->acl->getUserId())) {
$this->forbidden();
}
return $project;
}
}

78
app/Controller/Board.php
View File

@@ -15,35 +15,22 @@ use Core\Security;
class Board extends Base
{
/**
* Move a column up
* Move a column down or up
*
* @access public
*/
public function moveUp()
public function moveColumn()
{
$this->checkCSRFParam();
$project_id = $this->request->getIntegerParam('project_id');
$project = $this->getProjectManagement();
$column_id = $this->request->getIntegerParam('column_id');
$direction = $this->request->getStringParam('direction');
$this->board->moveUp($project_id, $column_id);
if ($direction === 'up' || $direction === 'down') {
$this->board->{'move'.$direction}($project['id'], $column_id);
}
$this->response->redirect('?controller=board&action=edit&project_id='.$project_id);
}
/**
* Move a column down
*
* @access public
*/
public function moveDown()
{
$this->checkCSRFParam();
$project_id = $this->request->getIntegerParam('project_id');
$column_id = $this->request->getIntegerParam('column_id');
$this->board->moveDown($project_id, $column_id);
$this->response->redirect('?controller=board&action=edit&project_id='.$project_id);
$this->response->redirect('?controller=board&action=edit&project_id='.$project['id']);
}
/**
@@ -232,11 +219,11 @@ class Board extends Base
'filters' => array('user_id' => UserModel::EVERYBODY_ID),
'projects' => $projects,
'current_project_id' => $project['id'],
'current_project_name' => $projects[$project['id']],
'current_project_name' => $project['name'],
'board' => $this->board->get($project['id']),
'categories' => $this->category->getList($project['id'], true, true),
'menu' => 'boards',
'title' => $projects[$project['id']],
'title' => $project['name'],
'board_selector' => $board_selector,
'board_private_refresh_interval' => $this->config->get('board_private_refresh_interval'),
'board_highlight_period' => $this->config->get('board_highlight_period'),
@@ -250,7 +237,7 @@ class Board extends Base
*/
public function edit()
{
$project = $this->getProject();
$project = $this->getProjectManagement();
$columns = $this->board->getColumns($project['id']);
$values = array();
@@ -276,7 +263,7 @@ class Board extends Base
*/
public function update()
{
$project = $this->getProject();
$project = $this->getProjectManagement();
$columns = $this->board->getColumns($project['id']);
$data = $this->request->getValues();
$values = $columns_list = array();
@@ -317,7 +304,7 @@ class Board extends Base
*/
public function add()
{
$project = $this->getProject();
$project = $this->getProjectManagement();
$columns = $this->board->getColumnsList($project['id']);
$data = $this->request->getValues();
$values = array();
@@ -350,13 +337,27 @@ class Board extends Base
}
/**
* Confirmation dialog before removing a column
* Remove a column
*
* @access public
*/
public function confirm()
public function remove()
{
$project = $this->getProject();
$project = $this->getProjectManagement();
if ($this->request->getStringParam('remove') === 'yes') {
$this->checkCSRFParam();
$column = $this->board->getColumn($this->request->getIntegerParam('column_id'));
if ($column && $this->board->removeColumn($column['id'])) {
$this->session->flash(t('Column removed successfully.'));
} else {
$this->session->flashError(t('Unable to remove this column.'));
}
$this->response->redirect('?controller=board&action=edit&project_id='.$project['id']);
}
$this->response->html($this->projectLayout('board_remove', array(
'column' => $this->board->getColumn($this->request->getIntegerParam('column_id')),
@@ -366,25 +367,6 @@ class Board extends Base
)));
}
/**
* Remove a column
*
* @access public
*/
public function remove()
{
$this->checkCSRFParam();
$column = $this->board->getColumn($this->request->getIntegerParam('column_id'));
if ($column && $this->board->removeColumn($column['id'])) {
$this->session->flash(t('Column removed successfully.'));
} else {
$this->session->flashError(t('Unable to remove this column.'));
}
$this->response->redirect('?controller=board&action=edit&project_id='.$column['project_id']);
}
/**
* Save the board (Ajax request made by the drag and drop)
*

14
app/Controller/Category.php
View File

@@ -3,7 +3,7 @@
namespace Controller;
/**
* Categories management
* Category management
*
* @package controller
* @author Frederic Guillot
@@ -36,7 +36,7 @@ class Category extends Base
*/
public function index()
{
$project = $this->getProject();
$project = $this->getProjectManagement();
$this->response->html($this->projectLayout('category_index', array(
'categories' => $this->category->getList($project['id'], false),
@@ -55,7 +55,7 @@ class Category extends Base
*/
public function save()
{
$project = $this->getProject();
$project = $this->getProjectManagement();
$values = $this->request->getValues();
list($valid, $errors) = $this->category->validateCreation($values);
@@ -88,7 +88,7 @@ class Category extends Base
*/
public function edit()
{
$project = $this->getProject();
$project = $this->getProjectManagement();
$category = $this->getCategory($project['id']);
$this->response->html($this->projectLayout('category_edit', array(
@@ -107,7 +107,7 @@ class Category extends Base
*/
public function update()
{
$project = $this->getProject();
$project = $this->getProjectManagement();
$values = $this->request->getValues();
list($valid, $errors) = $this->category->validateModification($values);
@@ -139,7 +139,7 @@ class Category extends Base
*/
public function confirm()
{
$project = $this->getProject();
$project = $this->getProjectManagement();
$category = $this->getCategory($project['id']);
$this->response->html($this->projectLayout('category_remove', array(
@@ -158,7 +158,7 @@ class Category extends Base
public function remove()
{
$this->checkCSRFParam();
$project = $this->getProject();
$project = $this->getProjectManagement();
$category = $this->getCategory($project['id']);
if ($this->category->remove($category['id'])) {

229
app/Controller/Project.php
View File

@@ -3,7 +3,6 @@
namespace Controller;
use Model\Task as TaskModel;
use Core\Translator;
/**
* Project controller
@@ -55,7 +54,6 @@ class Project extends Base
$this->response->html($this->projectLayout('project_show', array(
'project' => $project,
'stats' => $this->project->getStats($project['id']),
'menu' => 'projects',
'title' => $project['name'],
)));
}
@@ -67,7 +65,7 @@ class Project extends Base
*/
public function export()
{
$project = $this->getProject();
$project = $this->getProjectManagement();
$from = $this->request->getStringParam('from');
$to = $this->request->getStringParam('to');
@@ -88,7 +86,6 @@ class Project extends Base
'errors' => array(),
'date_format' => $this->config->get('application_date_format'),
'date_formats' => $this->dateParser->getAvailableFormats(),
'menu' => 'projects',
'project' => $project,
'title' => t('Tasks Export')
)));
@@ -101,53 +98,28 @@ class Project extends Base
*/
public function share()
{
$project = $this->getProject();
$project = $this->getProjectManagement();
$switch = $this->request->getStringParam('switch');
if ($switch === 'enable' || $switch === 'disable') {
$this->checkCSRFParam();
if ($this->project->{$switch.'PublicAccess'}($project['id'])) {
$this->session->flash(t('Project updated successfully.'));
} else {
$this->session->flashError(t('Unable to update this project.'));
}
$this->response->redirect('?controller=project&action=share&project_id='.$project['id']);
}
$this->response->html($this->projectLayout('project_share', array(
'project' => $project,
'menu' => 'projects',
'title' => t('Public access'),
)));
}
/**
* Enable public access for a project
*
* @access public
*/
public function enablePublic()
{
$this->checkCSRFParam();
$project_id = $this->request->getIntegerParam('project_id');
if ($project_id && $this->project->enablePublicAccess($project_id)) {
$this->session->flash(t('Project updated successfully.'));
} else {
$this->session->flashError(t('Unable to update this project.'));
}
$this->response->redirect('?controller=project&action=share&project_id='.$project_id);
}
/**
* Disable public access for a project
*
* @access public
*/
public function disablePublic()
{
$this->checkCSRFParam();
$project_id = $this->request->getIntegerParam('project_id');
if ($project_id && $this->project->disablePublicAccess($project_id)) {
$this->session->flash(t('Project updated successfully.'));
} else {
$this->session->flashError(t('Unable to update this project.'));
}
$this->response->redirect('?controller=project&action=share&project_id='.$project_id);
}
/**
* Display a form to edit a project
*
@@ -155,13 +127,12 @@ class Project extends Base
*/
public function edit()
{
$project = $this->getProject();
$project = $this->getProjectManagement();
$this->response->html($this->projectLayout('project_edit', array(
'errors' => array(),
'values' => $project,
'project' => $project,
'menu' => 'projects',
'title' => t('Edit project')
)));
}
@@ -173,7 +144,7 @@ class Project extends Base
*/
public function update()
{
$project = $this->getProject();
$project = $this->getProjectManagement();
$values = $this->request->getValues() + array('is_active' => 0);
list($valid, $errors) = $this->project->validateModification($values);
@@ -192,30 +163,28 @@ class Project extends Base
'errors' => $errors,
'values' => $values,
'project' => $project,
'menu' => 'projects',
'title' => t('Edit Project')
)));
}
/**
/**
* Users list for the selected project
*
* @access public
*/
public function users()
{
$project = $this->getProject();
$project = $this->getProjectManagement();
$this->response->html($this->projectLayout('project_users', array(
'project' => $project,
'users' => $this->projectPermission->getAllUsers($project['id']),
'menu' => 'projects',
'title' => t('Edit project access list')
)));
}
/**
* Allow a specific user for the selected project
* Allow a specific user (admin only)
*
* @access public
*/
@@ -238,7 +207,7 @@ class Project extends Base
}
/**
* Revoke user access
* Revoke user access (admin only)
*
* @access public
*/
@@ -266,22 +235,6 @@ class Project extends Base
$this->response->redirect('?controller=project&action=users&project_id='.$values['project_id']);
}
/**
* Confirmation dialog before to remove a project
*
* @access public
*/
public function confirmRemove()
{
$project = $this->getProject();
$this->response->html($this->projectLayout('project_remove', array(
'project' => $project,
'menu' => 'projects',
'title' => t('Remove project')
)));
}
/**
* Remove a project
*
@@ -289,31 +242,24 @@ class Project extends Base
*/
public function remove()
{
$this->checkCSRFParam();
$project_id = $this->request->getIntegerParam('project_id');
$project = $this->getProjectManagement();
if ($project_id && $this->project->remove($project_id)) {
$this->session->flash(t('Project removed successfully.'));
} else {
$this->session->flashError(t('Unable to remove this project.'));
if ($this->request->getStringParam('remove') === 'yes') {
$this->checkCSRFParam();
if ($this->project->remove($project['id'])) {
$this->session->flash(t('Project removed successfully.'));
} else {
$this->session->flashError(t('Unable to remove this project.'));
}
$this->response->redirect('?controller=project');
}
$this->response->redirect('?controller=project');
}
/**
* Confirmation dialog before to clone a project
*
* @access public
*/
public function confirmDuplicate()
{
$project = $this->getProject();
$this->response->html($this->projectLayout('project_duplicate', array(
$this->response->html($this->projectLayout('project_remove', array(
'project' => $project,
'menu' => 'projects',
'title' => t('Clone this project')
'title' => t('Remove project')
)));
}
@@ -325,31 +271,24 @@ class Project extends Base
*/
public function duplicate()
{
$this->checkCSRFParam();
$project_id = $this->request->getIntegerParam('project_id');
$project = $this->getProjectManagement();
if ($project_id && $this->project->duplicate($project_id)) {
$this->session->flash(t('Project cloned successfully.'));
} else {
$this->session->flashError(t('Unable to clone this project.'));
if ($this->request->getStringParam('duplicate') === 'yes') {
$this->checkCSRFParam();
if ($this->project->duplicate($project['id'])) {
$this->session->flash(t('Project cloned successfully.'));
} else {
$this->session->flashError(t('Unable to clone this project.'));
}
$this->response->redirect('?controller=project');
}
$this->response->redirect('?controller=project');
}
/**
* Confirmation dialog before to disable a project
*
* @access public
*/
public function confirmDisable()
{
$project = $this->getProject();
$this->response->html($this->projectLayout('project_disable', array(
$this->response->html($this->projectLayout('project_duplicate', array(
'project' => $project,
'menu' => 'projects',
'title' => t('Project activation')
'title' => t('Clone this project')
)));
}
@@ -360,30 +299,23 @@ class Project extends Base
*/
public function disable()
{
$this->checkCSRFParam();
$project_id = $this->request->getIntegerParam('project_id');
$project = $this->getProjectManagement();
if ($project_id && $this->project->disable($project_id)) {
$this->session->flash(t('Project disabled successfully.'));
} else {
$this->session->flashError(t('Unable to disable this project.'));
if ($this->request->getStringParam('disable') === 'yes') {
$this->checkCSRFParam();
if ($this->project->disable($project['id'])) {
$this->session->flash(t('Project disabled successfully.'));
} else {
$this->session->flashError(t('Unable to disable this project.'));
}
$this->response->redirect('?controller=project&action=show&project_id='.$project['id']);
}
$this->response->redirect('?controller=project&action=show&project_id='.$project_id);
}
/**
* Confirmation dialog before to enable a project
*
* @access public
*/
public function confirmEnable()
{
$project = $this->getProject();
$this->response->html($this->projectLayout('project_enable', array(
$this->response->html($this->projectLayout('project_disable', array(
'project' => $project,
'menu' => 'projects',
'title' => t('Project activation')
)));
}
@@ -395,20 +327,29 @@ class Project extends Base
*/
public function enable()
{
$this->checkCSRFParam();
$project_id = $this->request->getIntegerParam('project_id');
$project = $this->getProjectManagement();
if ($project_id && $this->project->enable($project_id)) {
$this->session->flash(t('Project activated successfully.'));
} else {
$this->session->flashError(t('Unable to activate this project.'));
if ($this->request->getStringParam('enable') === 'yes') {
$this->checkCSRFParam();
if ($this->project->enable($project['id'])) {
$this->session->flash(t('Project activated successfully.'));
} else {
$this->session->flashError(t('Unable to activate this project.'));
}
$this->response->redirect('?controller=project&action=show&project_id='.$project['id']);
}
$this->response->redirect('?controller=project&action=show&project_id='.$project_id);
$this->response->html($this->projectLayout('project_enable', array(
'project' => $project,
'title' => t('Project activation')
)));
}
/**
* RSS feed for a project
* RSS feed for a project (public)
*
* @access public
*/
@@ -480,7 +421,6 @@ class Project extends Base
'action' => 'search',
'project_id' => $project['id'],
),
'menu' => 'projects',
'project' => $project,
'columns' => $this->board->getColumnsList($project['id']),
'categories' => $this->category->getList($project['id'], false),
@@ -506,7 +446,6 @@ class Project extends Base
$nb_tasks = count($tasks);
$this->response->html($this->template->layout('project_tasks', array(
'menu' => 'projects',
'project' => $project,
'columns' => $this->board->getColumnsList($project['id']),
'categories' => $this->category->getList($project['id'], false),
@@ -525,8 +464,9 @@ class Project extends Base
{
$this->response->html($this->template->layout('project_new', array(
'errors' => array(),
'values' => array(),
'menu' => 'projects',
'values' => array(
'is_private' => $this->request->getIntegerParam('private', $this->acl->isRegularUser()),
),
'title' => t('New project')
)));
}
@@ -543,7 +483,7 @@ class Project extends Base
if ($valid) {
if ($this->project->create($values)) {
if ($this->project->create($values, $this->acl->getUserId())) {
$this->session->flash(t('Your project have been created successfully.'));
$this->response->redirect('?controller=project');
}
@@ -555,7 +495,6 @@ class Project extends Base
$this->response->html($this->template->layout('project_new', array(
'errors' => $errors,
'values' => $values,
'menu' => 'projects',
'title' => t('New Project')
)));
}