Add project restrictions for custom roles

2016-09-11 16:08:03 -04:00
parent a0227cad69
commit d8f6d85683
25 changed files with 700 additions and 288 deletions
--- a/app/Helper/UserHelper.php
+++ b/app/Helper/UserHelper.php
@@ -3,7 +3,6 @@
 namespace Kanboard\Helper;

 use Kanboard\Core\Base;
-use Kanboard\Core\Security\Role;

 /**
 * User helpers
@@ -133,66 +132,14 @@ class UserHelper extends Base
     */
    public function hasProjectAccess($controller, $action, $project_id)
    {
-        if (! $this->userSession->isLogged()) {
-            return false;
-        }
-
-        if ($this->userSession->isAdmin()) {
-            return true;
-        }
-
-        if (! $this->hasAccess($controller, $action)) {
-            return false;
-        }
-
        $key = 'project_access:'.$controller.$action.$project_id;
        $result = $this->memoryCache->get($key);

        if ($result === null) {
-            $role = $this->getProjectUserRole($project_id);
-
-            if ($this->role->isCustomProjectRole($role)) {
-                $role = Role::PROJECT_MEMBER;
-            }
-
-            $result = $this->projectAuthorization->isAllowed($controller, $action, $role);
+            $result = $this->helper->projectRole->checkProjectAccess($controller, $action, $project_id);
            $this->memoryCache->set($key, $result);
        }

        return $result;
    }
-
-    /**
-     * Get project role for the current user
-     *
-     * @access public
-     * @param  integer $project_id
-     * @return string
-     */
-    public function getProjectUserRole($project_id)
-    {
-        return $this->memoryCache->proxy($this->projectUserRoleModel, 'getUserRole', $project_id, $this->userSession->getId());
-    }
-
-    /**
-     * Return true if the user can remove a task
-     *
-     * Regular users can't remove tasks from other people
-     *
-     * @public
-     * @param  array $task
-     * @return bool
-     */
-    public function canRemoveTask(array $task)
-    {
-        if (isset($task['creator_id']) && $task['creator_id'] == $this->userSession->getId()) {
-            return true;
-        }
-
-        if ($this->userSession->isAdmin() || $this->getProjectUserRole($task['project_id']) === Role::PROJECT_MANAGER) {
-            return true;
-        }
-
-        return false;
-    }
 }