Add project restrictions for custom roles

2016-09-11 16:08:03 -04:00
parent a0227cad69
commit d8f6d85683
25 changed files with 700 additions and 288 deletions
--- a/app/Controller/BoardAjaxController.php
+++ b/app/Controller/BoardAjaxController.php
@@ -28,14 +28,8 @@ class BoardAjaxController extends BaseController
        }

        $values = $this->request->getJson();
-        $canMoveTask = $this->columnMoveRestrictionModel->isAllowed(
-            $project_id,
-            $this->helper->user->getProjectUserRole($project_id),
-            $values['src_column_id'],
-            $values['dst_column_id']
-        );

-        if (! $canMoveTask) {
+        if (! $this->helper->projectRole->canMoveTask($project_id, $values['src_column_id'], $values['dst_column_id'])) {
            throw new AccessForbiddenException(e("You don't have the permission to move this task"));
        }

--- a/app/Controller/ColumnMoveRestrictionController.php
+++ b/app/Controller/ColumnMoveRestrictionController.php
@@ -45,14 +45,14 @@ class ColumnMoveRestrictionController extends BaseController
        list($valid, $errors) = $this->columnMoveRestrictionValidator->validateCreation($values);

        if ($valid) {
-            $role_id = $this->columnMoveRestrictionModel->create(
+            $restriction_id = $this->columnMoveRestrictionModel->create(
                $project['id'],
                $values['role_id'],
                $values['src_column_id'],
                $values['dst_column_id']
            );

-            if ($role_id !== false) {
+            if ($restriction_id !== false) {
                $this->flash->success(t('The column restriction has been created successfully.'));
            } else {
                $this->flash->failure(t('Unable to create this column restriction.'));
--- a/app/Controller/ProjectRoleRestrictionController.php
+++ b/app/Controller/ProjectRoleRestrictionController.php
@@ -0,0 +1,96 @@
+<?php
+
+namespace Kanboard\Controller;
+
+use Kanboard\Core\Controller\AccessForbiddenException;
+
+/**
+ * Class ProjectRoleRestrictionController
+ *
+ * @package Kanboard\Controller
+ * @author  Frederic Guillot
+ */
+class ProjectRoleRestrictionController extends BaseController
+{
+    /**
+     * Show form to create a new project restriction
+     *
+     * @param  array $values
+     * @param  array $errors
+     * @throws AccessForbiddenException
+     */
+    public function create(array $values = array(), array $errors = array())
+    {
+        $project = $this->getProject();
+        $role_id = $this->request->getIntegerParam('role_id');
+        $role = $this->projectRoleModel->getById($project['id'], $role_id);
+
+        $this->response->html($this->template->render('project_role_restriction/create', array(
+            'project' => $project,
+            'role' => $role,
+            'values' => $values + array('project_id' => $project['id'], 'role_id' => $role['role_id']),
+            'errors' => $errors,
+            'restrictions' => $this->projectRoleRestrictionModel->getRules(),
+        )));
+    }
+
+    /**
+     * Save new restriction
+     */
+    public function save()
+    {
+        $project = $this->getProject();
+        $values = $this->request->getValues();
+
+        $restriction_id = $this->projectRoleRestrictionModel->create(
+            $project['id'],
+            $values['role_id'],
+            $values['rule']
+        );
+
+        if ($restriction_id !== false) {
+            $this->flash->success(t('The project restriction has been created successfully.'));
+        } else {
+            $this->flash->failure(t('Unable to create this project restriction.'));
+        }
+
+        $this->response->redirect($this->helper->url->to('ProjectRoleController', 'show', array('project_id' => $project['id'])));
+    }
+
+    /**
+     * Confirm suppression
+     *
+     * @access public
+     */
+    public function confirm()
+    {
+        $project = $this->getProject();
+        $restriction_id = $this->request->getIntegerParam('restriction_id');
+
+        $this->response->html($this->helper->layout->project('project_role_restriction/remove', array(
+            'project' => $project,
+            'restriction' => $this->projectRoleRestrictionModel->getById($project['id'], $restriction_id),
+            'restrictions' => $this->projectRoleRestrictionModel->getRules(),
+        )));
+    }
+
+    /**
+     * Remove a restriction
+     *
+     * @access public
+     */
+    public function remove()
+    {
+        $project = $this->getProject();
+        $this->checkCSRFParam();
+        $restriction_id = $this->request->getIntegerParam('restriction_id');
+
+        if ($this->projectRoleRestrictionModel->remove($restriction_id)) {
+            $this->flash->success(t('Project restriction removed successfully.'));
+        } else {
+            $this->flash->failure(t('Unable to remove this restriction.'));
+        }
+
+        $this->response->redirect($this->helper->url->to('ProjectRoleController', 'show', array('project_id' => $project['id'])));
+    }
+}
--- a/app/Controller/TaskSuppressionController.php
+++ b/app/Controller/TaskSuppressionController.php
@@ -19,7 +19,7 @@ class TaskSuppressionController extends BaseController
    {
        $task = $this->getTask();

-        if (! $this->helper->user->canRemoveTask($task)) {
+        if (! $this->helper->projectRole->canRemoveTask($task)) {
            throw new AccessForbiddenException();
        }

@@ -37,7 +37,7 @@ class TaskSuppressionController extends BaseController
        $task = $this->getTask();
        $this->checkCSRFParam();

-        if (! $this->helper->user->canRemoveTask($task)) {
+        if (! $this->helper->projectRole->canRemoveTask($task)) {
            throw new AccessForbiddenException();
        }