Regular users are able to create private projects

app/Model/Acl.php

@@ -32,13 +32,15 @@ class Acl extends Base
      */
     private $user_actions = array(
         'app' => array('index'),
-        'board' => array('index', 'show', 'save', 'check', 'changeassignee', 'updateassignee', 'changecategory', 'updatecategory'),
-        'project' => array('tasks', 'index', 'forbidden', 'search', 'export', 'show', 'activity'),
+        'board' => array('index', 'show', 'save', 'check', 'changeassignee', 'updateassignee', 'changecategory', 'updatecategory', 'movecolumn', 'edit', 'update', 'add', 'confirm', 'remove'),
+        'project' => array('index', 'show', 'export', 'share', 'edit', 'update', 'users', 'remove', 'duplicate', 'disable', 'enable', 'activity', 'search', 'tasks', 'create', 'save'),
         'user' => array('edit', 'forbidden', 'logout', 'show', 'external', 'unlinkgoogle', 'unlinkgithub', 'sessions', 'removesession', 'last', 'notifications', 'password'),
         'comment' => array('create', 'save', 'confirm', 'remove', 'update', 'edit', 'forbidden'),
         'file' => array('create', 'save', 'download', 'confirm', 'remove', 'open', 'image'),
         'subtask' => array('create', 'save', 'edit', 'update', 'confirm', 'remove'),
         'task' => array('show', 'create', 'save', 'edit', 'update', 'close', 'open', 'duplicate', 'remove', 'description', 'move', 'copy'),
+        'category' => array('index', 'save', 'edit', 'update', 'confirm', 'remove'),
+        'action' => array('index', 'event', 'params', 'create', 'confirm', 'remove'),
     );
 
     /**

app/Model/Board.php

@@ -31,6 +31,29 @@ class Board extends Base
         return array(t('Backlog'), t('Ready'), t('Work in progress'), t('Done'));
     }
 
+    /**
+     * Get user default columns
+     *
+     * @access public
+     * @return array
+     */
+    public function getUserColumns()
+    {
+        $column_names = explode(',', $this->config->get('board_columns', implode(',', $this->getDefaultColumns())));
+        $columns = array();
+
+        foreach ($column_names as $column_name) {
+
+            $column_name = trim($column_name);
+
+            if (! empty($column_name)) {
+                $columns[] = array('title' => $column_name, 'task_limit' => 0);
+            }
+        }
+
+        return $columns;
+    }
+
     /**
      * Create a board with default columns, must be executed inside a transaction
      *

app/Model/Project.php

@@ -83,6 +83,18 @@ class Project extends Base
         return $this->db->table(self::TABLE)->findOne();
     }
 
+    /**
+     * Return true if the project is private
+     *
+     * @access public
+     * @param  integer   $project_id    Project id
+     * @return boolean
+     */
+    public function isPrivate($project_id)
+    {
+        return (bool) $this->db->table(self::TABLE)->eq('id', $project_id)->eq('is_private', 1)->count();
+    }
+
     /**
      * Get all projects, optionaly fetch stats for each project and can check users permissions
      *
@@ -204,16 +216,18 @@ class Project extends Base
      */
     public function createProjectFromAnotherProject($project_id)
     {
-        $project_name = $this->db->table(self::TABLE)->eq('id', $project_id)->findOneColumn('name');
+        $project = $this->getById($project_id);
 
-        $project = array(
-            'name' => $project_name.' ('.t('Clone').')',
+        $values = array(
+            'name' => $project['name'].' ('.t('Clone').')',
             'is_active' => true,
             'last_modified' => 0,
             'token' => '',
+            'is_public' => 0,
+            'is_private' => empty($project['is_private']) ? 0 : 1,
         );
 
-        if (! $this->db->table(self::TABLE)->save($project)) {
+        if (! $this->db->table(self::TABLE)->save($values)) {
             return false;
         }
 
@@ -233,33 +247,18 @@ class Project extends Base
 
         // Get the cloned project Id
         $clone_project_id = $this->createProjectFromAnotherProject($project_id);
+
         if (! $clone_project_id) {
             $this->db->cancelTransaction();
             return false;
         }
 
-        // Clone Board
-        if (! $this->board->duplicate($project_id, $clone_project_id)) {
-            $this->db->cancelTransaction();
-            return false;
-        }
+        foreach (array('board', 'category', 'projectPermission', 'action') as $model) {
 
-        // Clone Categories
-        if (! $this->category->duplicate($project_id, $clone_project_id)) {
-            $this->db->cancelTransaction();
-            return false;
-        }
-
-        // Clone Allowed Users
-        if (! $this->projectPermission->duplicate($project_id, $clone_project_id)) {
-            $this->db->cancelTransaction();
-            return false;
-        }
-
-        // Clone Actions
-        if (! $this->action->duplicate($project_id, $clone_project_id)) {
-            $this->db->cancelTransaction();
-            return false;
+            if (! $this->$model->duplicate($project_id, $clone_project_id)) {
+                $this->db->cancelTransaction();
+                return false;
+            }
         }
 
         $this->db->closeTransaction();
@@ -272,14 +271,16 @@ class Project extends Base
      *
      * @access public
      * @param  array    $values   Form values
+     * @param  integer  $user_id  User who create the project
      * @return integer            Project id
      */
-    public function create(array $values)
+    public function create(array $values, $user_id = 0)
     {
         $this->db->startTransaction();
 
         $values['token'] = '';
         $values['last_modified'] = time();
+        $values['is_private'] = empty($values['is_private']) ? 0 : 1;
 
         if (! $this->db->table(self::TABLE)->save($values)) {
             $this->db->cancelTransaction();
@@ -287,19 +288,16 @@ class Project extends Base
         }
 
         $project_id = $this->db->getConnection()->getLastId();
-        $column_names = explode(',', $this->config->get('board_columns', implode(',', $this->board->getDefaultColumns())));
-        $columns = array();
 
-        foreach ($column_names as $column_name) {
-
-            $column_name = trim($column_name);
-
-            if (! empty($column_name)) {
-                $columns[] = array('title' => $column_name, 'task_limit' => 0);
-            }
+        if (! $this->board->create($project_id, $this->board->getUserColumns())) {
+            $this->db->cancelTransaction();
+            return false;
+        }
+
+        if ($values['is_private'] && $user_id) {
+            $this->projectPermission->allowUser($project_id, $user_id);
         }
 
-        $this->board->create($project_id, $columns);
         $this->db->closeTransaction();
 
         return (int) $project_id;

app/Model/ProjectPermission.php

@@ -142,12 +142,10 @@ class ProjectPermission extends Base
      */
     public function isUserAllowed($project_id, $user_id)
     {
-        // Check if the user has admin rights
         if ($this->user->isAdmin($user_id)) {
             return true;
         }
 
-        // Otherwise, allow only specific users
         return (bool) $this->db
                     ->table(self::TABLE)
                     ->eq('project_id', $project_id)
@@ -155,6 +153,23 @@ class ProjectPermission extends Base
                     ->count();
     }
 
+    /**
+     * Check if a specific user is allowed to manage a project
+     *
+     * @access public
+     * @param  integer   $project_id   Project id
+     * @param  integer   $user_id      User id
+     * @return bool
+     */
+    public function adminAllowed($project_id, $user_id)
+    {
+        if ($this->isUserAllowed($project_id, $user_id) && $this->project->isPrivate($project_id)) {
+            return true;
+        }
+
+        return false;
+    }
+
     /**
      * Filter a list of projects for a given user
      *