Rewrite of the authentication and authorization system

2015-12-05 20:31:27 -05:00
parent 346b8312e5
commit e9fedf3e5c
255 changed files with 14114 additions and 9820 deletions
--- a/app/Controller/User.php
+++ b/app/Controller/User.php
@@ -3,6 +3,8 @@
 namespace Kanboard\Controller;

 use Kanboard\Notification\Mail as MailNotification;
+use Kanboard\Model\Project as ProjectModel;
+use Kanboard\Core\Security\Role;

 /**
 * User controller
@@ -24,7 +26,7 @@ class User extends Base
    {
        $content = $this->template->render($template, $params);
        $params['user_content_for_layout'] = $content;
-        $params['board_selector'] = $this->projectPermission->getAllowedProjects($this->userSession->getId());
+        $params['board_selector'] = $this->projectUserRole->getProjectsByUser($this->userSession->getId());

        if (isset($params['user'])) {
            $params['title'] = ($params['user']['name'] ?: $params['user']['username']).' (#'.$params['user']['id'].')';
@@ -49,7 +51,7 @@ class User extends Base

        $this->response->html(
            $this->template->layout('user/index', array(
-                'board_selector' => $this->projectPermission->getAllowedProjects($this->userSession->getId()),
+                'board_selector' => $this->projectUserRole->getProjectsByUser($this->userSession->getId()),
                'title' => t('Users').' ('.$paginator->getTotal().')',
                'paginator' => $paginator,
        )));
@@ -67,10 +69,11 @@ class User extends Base
        $this->response->html($this->template->layout($is_remote ? 'user/create_remote' : 'user/create_local', array(
            'timezones' => $this->config->getTimezones(true),
            'languages' => $this->config->getLanguages(true),
-            'board_selector' => $this->projectPermission->getAllowedProjects($this->userSession->getId()),
+            'roles' => $this->role->getApplicationRoles(),
+            'board_selector' => $this->projectUserRole->getProjectsByUser($this->userSession->getId()),
            'projects' => $this->project->getList(),
            'errors' => $errors,
-            'values' => $values,
+            'values' => $values + array('role' => Role::APP_USER),
            'title' => t('New user')
        )));
    }
@@ -92,7 +95,7 @@ class User extends Base
            $user_id = $this->user->create($values);

            if ($user_id !== false) {
-                $this->projectPermission->addMember($project_id, $user_id);
+                $this->projectUserRole->addUser($project_id, $user_id, Role::PROJECT_MEMBER);

                if (! empty($values['notifications_enabled'])) {
                    $this->userNotificationType->saveSelectedTypes($user_id, array(MailNotification::TYPE));
@@ -170,7 +173,7 @@ class User extends Base
    {
        $user = $this->getUser();
        $this->response->html($this->layout('user/sessions', array(
-            'sessions' => $this->authentication->backend('rememberMe')->getAll($user['id']),
+            'sessions' => $this->rememberMeSession->getAll($user['id']),
            'user' => $user,
        )));
    }
@@ -184,8 +187,8 @@ class User extends Base
    {
        $this->checkCSRFParam();
        $user = $this->getUser();
-        $this->authentication->backend('rememberMe')->remove($this->request->getIntegerParam('id'));
-        $this->response->redirect($this->helper->url->to('user', 'session', array('user_id' => $user['id'])));
+        $this->rememberMeSession->remove($this->request->getIntegerParam('id'));
+        $this->response->redirect($this->helper->url->to('user', 'sessions', array('user_id' => $user['id'])));
    }

    /**
@@ -205,7 +208,7 @@ class User extends Base
        }

        $this->response->html($this->layout('user/notifications', array(
-            'projects' => $this->projectPermission->getMemberProjects($user['id']),
+            'projects' => $this->projectUserRole->getProjectsByUser($user['id'], array(ProjectModel::ACTIVE)),
            'notifications' => $this->userNotification->readSettings($user['id']),
            'types' => $this->userNotificationType->getTypes(),
            'filters' => $this->userNotificationFilter->getFilters(),
@@ -326,16 +329,9 @@ class User extends Base
        if ($this->request->isPost()) {
            $values = $this->request->getValues();

-            if ($this->userSession->isAdmin()) {
-                $values += array('is_admin' => 0, 'is_project_admin' => 0);
-            } else {
-                // Regular users can't be admin
-                if (isset($values['is_admin'])) {
-                    unset($values['is_admin']);
-                }
-
-                if (isset($values['is_project_admin'])) {
-                    unset($values['is_project_admin']);
+            if (! $this->userSession->isAdmin()) {
+                if (isset($values['role'])) {
+                    unset($values['role']);
                }
            }

@@ -358,6 +354,7 @@ class User extends Base
            'user' => $user,
            'timezones' => $this->config->getTimezones(true),
            'languages' => $this->config->getLanguages(true),
+            'roles' => $this->role->getApplicationRoles(),
        )));
    }