Rewrite of the authentication and authorization system
This commit is contained in:
@@ -3,6 +3,8 @@
|
||||
namespace Kanboard\Controller;
|
||||
|
||||
use Kanboard\Notification\Mail as MailNotification;
|
||||
use Kanboard\Model\Project as ProjectModel;
|
||||
use Kanboard\Core\Security\Role;
|
||||
|
||||
/**
|
||||
* User controller
|
||||
@@ -24,7 +26,7 @@ class User extends Base
|
||||
{
|
||||
$content = $this->template->render($template, $params);
|
||||
$params['user_content_for_layout'] = $content;
|
||||
$params['board_selector'] = $this->projectPermission->getAllowedProjects($this->userSession->getId());
|
||||
$params['board_selector'] = $this->projectUserRole->getProjectsByUser($this->userSession->getId());
|
||||
|
||||
if (isset($params['user'])) {
|
||||
$params['title'] = ($params['user']['name'] ?: $params['user']['username']).' (#'.$params['user']['id'].')';
|
||||
@@ -49,7 +51,7 @@ class User extends Base
|
||||
|
||||
$this->response->html(
|
||||
$this->template->layout('user/index', array(
|
||||
'board_selector' => $this->projectPermission->getAllowedProjects($this->userSession->getId()),
|
||||
'board_selector' => $this->projectUserRole->getProjectsByUser($this->userSession->getId()),
|
||||
'title' => t('Users').' ('.$paginator->getTotal().')',
|
||||
'paginator' => $paginator,
|
||||
)));
|
||||
@@ -67,10 +69,11 @@ class User extends Base
|
||||
$this->response->html($this->template->layout($is_remote ? 'user/create_remote' : 'user/create_local', array(
|
||||
'timezones' => $this->config->getTimezones(true),
|
||||
'languages' => $this->config->getLanguages(true),
|
||||
'board_selector' => $this->projectPermission->getAllowedProjects($this->userSession->getId()),
|
||||
'roles' => $this->role->getApplicationRoles(),
|
||||
'board_selector' => $this->projectUserRole->getProjectsByUser($this->userSession->getId()),
|
||||
'projects' => $this->project->getList(),
|
||||
'errors' => $errors,
|
||||
'values' => $values,
|
||||
'values' => $values + array('role' => Role::APP_USER),
|
||||
'title' => t('New user')
|
||||
)));
|
||||
}
|
||||
@@ -92,7 +95,7 @@ class User extends Base
|
||||
$user_id = $this->user->create($values);
|
||||
|
||||
if ($user_id !== false) {
|
||||
$this->projectPermission->addMember($project_id, $user_id);
|
||||
$this->projectUserRole->addUser($project_id, $user_id, Role::PROJECT_MEMBER);
|
||||
|
||||
if (! empty($values['notifications_enabled'])) {
|
||||
$this->userNotificationType->saveSelectedTypes($user_id, array(MailNotification::TYPE));
|
||||
@@ -170,7 +173,7 @@ class User extends Base
|
||||
{
|
||||
$user = $this->getUser();
|
||||
$this->response->html($this->layout('user/sessions', array(
|
||||
'sessions' => $this->authentication->backend('rememberMe')->getAll($user['id']),
|
||||
'sessions' => $this->rememberMeSession->getAll($user['id']),
|
||||
'user' => $user,
|
||||
)));
|
||||
}
|
||||
@@ -184,8 +187,8 @@ class User extends Base
|
||||
{
|
||||
$this->checkCSRFParam();
|
||||
$user = $this->getUser();
|
||||
$this->authentication->backend('rememberMe')->remove($this->request->getIntegerParam('id'));
|
||||
$this->response->redirect($this->helper->url->to('user', 'session', array('user_id' => $user['id'])));
|
||||
$this->rememberMeSession->remove($this->request->getIntegerParam('id'));
|
||||
$this->response->redirect($this->helper->url->to('user', 'sessions', array('user_id' => $user['id'])));
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -205,7 +208,7 @@ class User extends Base
|
||||
}
|
||||
|
||||
$this->response->html($this->layout('user/notifications', array(
|
||||
'projects' => $this->projectPermission->getMemberProjects($user['id']),
|
||||
'projects' => $this->projectUserRole->getProjectsByUser($user['id'], array(ProjectModel::ACTIVE)),
|
||||
'notifications' => $this->userNotification->readSettings($user['id']),
|
||||
'types' => $this->userNotificationType->getTypes(),
|
||||
'filters' => $this->userNotificationFilter->getFilters(),
|
||||
@@ -326,16 +329,9 @@ class User extends Base
|
||||
if ($this->request->isPost()) {
|
||||
$values = $this->request->getValues();
|
||||
|
||||
if ($this->userSession->isAdmin()) {
|
||||
$values += array('is_admin' => 0, 'is_project_admin' => 0);
|
||||
} else {
|
||||
// Regular users can't be admin
|
||||
if (isset($values['is_admin'])) {
|
||||
unset($values['is_admin']);
|
||||
}
|
||||
|
||||
if (isset($values['is_project_admin'])) {
|
||||
unset($values['is_project_admin']);
|
||||
if (! $this->userSession->isAdmin()) {
|
||||
if (isset($values['role'])) {
|
||||
unset($values['role']);
|
||||
}
|
||||
}
|
||||
|
||||
@@ -358,6 +354,7 @@ class User extends Base
|
||||
'user' => $user,
|
||||
'timezones' => $this->config->getTimezones(true),
|
||||
'languages' => $this->config->getLanguages(true),
|
||||
'roles' => $this->role->getApplicationRoles(),
|
||||
)));
|
||||
}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user