AS1024
/
Kanboard-Prod
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Restrict actions for project viewers

This commit is contained in:
Frederic Guillot 2015-12-06 17:39:21 -05:00
parent bd849ff655
commit f0651c48c1
13 changed files with 87 additions and 47 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
app/Helper/Subtask.php
View File

@ -14,12 +14,17 @@ class Subtask extends \Kanboard\Core\Base
* Get the link to toggle subtask status
*
* @access public
* @param array $subtask
* @param string $redirect
* @param array $subtask
* @param string $redirect
* @param integer $project_id
* @return string
*/
public function toggleStatus(array $subtask, $redirect)
public function toggleStatus(array $subtask, $redirect, $project_id = 0)
{
if ($project_id > 0 && ! $this->helper->user->hasProjectAccess('subtask', 'edit', $project_id)) {
return trim($this->template->render('subtask/icons', array('subtask' => $subtask))) . $this->helper->e($subtask['title']);
}
if ($subtask['status'] == 0 && isset($this->sessionStorage->hasSubtaskInProgress) && $this->sessionStorage->hasSubtaskInProgress === true) {
return $this->helper->url->link(
trim($this->template->render('subtask/icons', array('subtask' => $subtask))) . $this->helper->e($subtask['title']),

2
app/ServiceProvider/AuthenticationProvider.php
View File

@ -134,7 +134,7 @@ class AuthenticationProvider implements ServiceProviderInterface
$acl->add('Config', '*', Role::APP_ADMIN);
$acl->add('Currency', '*', Role::APP_ADMIN);
$acl->add('Gantt', '*', Role::APP_MANAGER);
$acl->add('Gantt', array('projects', 'saveProjectDate'), Role::APP_MANAGER);
$acl->add('Group', '*', Role::APP_ADMIN);
$acl->add('Link', '*', Role::APP_ADMIN);
$acl->add('Project', array('users', 'allowEverybody', 'allow', 'role', 'revoke', 'create'), Role::APP_MANAGER);

22
app/Template/board/task_private.php
View File

@ -41,15 +41,19 @@
<?php if (! empty($task['owner_id'])): ?>
<span class="task-board-user <?= $this->user->isCurrentUser($task['owner_id']) ? 'task-board-current-user' : '' ?>">
<?= $this->url->link(
$task['assignee_name'] ?: $task['assignee_username'],
'board',
'changeAssignee',
array('task_id' => $task['id'], 'project_id' => $task['project_id']),
false,
'popover',
t('Change assignee')
) ?>
<?php if ($this->user->hasProjectAccess('taskmodification', 'edit', $task['project_id'])): ?>
<?= $this->url->link(
$task['assignee_name'] ?: $task['assignee_username'],
'BoardPopover',
'changeAssignee',
array('task_id' => $task['id'], 'project_id' => $task['project_id']),
false,
'popover',
t('Change assignee')
) ?>
<?php else: ?>
<?= $this->e($task['assignee_name'] ?: $task['assignee_username']) ?>
<?php endif ?>
</span>
<?php endif ?>

2
app/Template/board/tooltip_subtasks.php
View File

@ -1,6 +1,6 @@
<section id="tooltip-subtasks">
<?php foreach ($subtasks as $subtask): ?>
<?= $this->subtask->toggleStatus($subtask, 'board') ?>
<?= $this->subtask->toggleStatus($subtask, 'board', $task['project_id']) ?>
<?= $this->e(empty($subtask['username']) ? '' : ' ['.$this->user->getFullname($subtask).']') ?>
<br/>
<?php endforeach ?>

2
app/Template/comment/show.php
View File

@ -16,7 +16,7 @@
<?php if (! isset($preview)): ?>
<ul class="comment-actions">
<li><a href="#comment-<?= $comment['id'] ?>"><?= t('link') ?></a></li>
<?php if ((! isset($not_editable) || ! $not_editable) && ($this->user->isAdmin() || $this->user->isCurrentUser($comment['user_id']))): ?>
<?php if ($editable && ($this->user->isAdmin() || $this->user->isCurrentUser($comment['user_id']))): ?>
<li>
<?= $this->url->link(t('remove'), 'comment', 'confirm', array('task_id' => $task['id'], 'project_id' => $task['project_id'], 'comment_id' => $comment['id'])) ?>
</li>

10
app/Template/file/show.php
View File

@ -9,11 +9,9 @@
<ul class="task-show-images">
<?php foreach ($images as $file): ?>
<li>
<?php if (function_exists('imagecreatetruecolor')): ?>
<div class="img_container">
<img src="<?= $this->url->href('file', 'thumbnail', array('file_id' => $file['id'], 'project_id' => $task['project_id'], 'task_id' => $file['task_id'])) ?>" alt="<?= $this->e($file['name']) ?>"/>
</div>
<?php endif ?>
<p>
<?= $this->e($file['name']) ?>
<span class="tooltip" title='<?= t('uploaded by: %s', $file['user_name'] ?: $file['username']).'<br>'.t('uploaded on: %s', dt('%B %e, %Y at %k:%M %p', $file['date'])).'<br>'.t('size: %s', $this->text->bytes($file['size'])) ?>'>
@ -22,7 +20,9 @@
</p>
<span class="task-show-file-actions task-show-image-actions">
<i class="fa fa-eye"></i> <?= $this->url->link(t('open file'), 'file', 'open', array('task_id' => $task['id'], 'project_id' => $task['project_id'], 'file_id' => $file['id']), false, 'popover') ?>
<i class="fa fa-trash"></i> <?= $this->url->link(t('remove'), 'file', 'confirm', array('task_id' => $task['id'], 'project_id' => $task['project_id'], 'file_id' => $file['id'])) ?>
<?php if ($this->user->hasProjectAccess('file', 'remove', $task['project_id'])): ?>
<i class="fa fa-trash"></i> <?= $this->url->link(t('remove'), 'file', 'confirm', array('task_id' => $task['id'], 'project_id' => $task['project_id'], 'file_id' => $file['id'])) ?>
<?php endif ?>
<i class="fa fa-download"></i> <?= $this->url->link(t('download'), 'file', 'download', array('task_id' => $task['id'], 'project_id' => $task['project_id'], 'file_id' => $file['id'])) ?>
</span>
</li>
@ -44,7 +44,9 @@
</td>
<td>
<span class="task-show-file-actions">
<i class="fa fa-trash"></i> <?= $this->url->link(t('remove'), 'file', 'confirm', array('task_id' => $task['id'], 'project_id' => $task['project_id'], 'file_id' => $file['id'])) ?>
<?php if ($this->user->hasProjectAccess('file', 'remove', $task['project_id'])): ?>
<i class="fa fa-trash"></i> <?= $this->url->link(t('remove'), 'file', 'confirm', array('task_id' => $task['id'], 'project_id' => $task['project_id'], 'file_id' => $file['id'])) ?>
<?php endif ?>
<i class="fa fa-download"></i> <?= $this->url->link(t('download'), 'file', 'download', array('task_id' => $task['id'], 'project_id' => $task['project_id'], 'file_id' => $file['id'])) ?>
</span>
</td>

2
app/Template/project/sidebar.php
View File

@ -4,9 +4,11 @@
<li <?= $this->app->getRouterAction() === 'show' ? 'class="active"' : '' ?>>
<?= $this->url->link(t('Summary'), 'project', 'show', array('project_id' => $project['id'])) ?>
</li>
<?php if ($this->user->hasProjectAccess('customfilter', 'index', $project['id'])): ?>
<li <?= $this->app->getRouterController() === 'customfilter' && $this->app->getRouterAction() === 'index' ? 'class="active"' : '' ?>>
<?= $this->url->link(t('Custom filters'), 'customfilter', 'index', array('project_id' => $project['id'])) ?>
</li>
<?php endif ?>
<?php if ($this->user->hasProjectAccess('project', 'edit', $project['id'])): ?>
<li <?= $this->app->getRouterController() === 'project' && $this->app->getRouterAction() === 'share' ? 'class="active"' : '' ?>>

13
app/Template/subtask/show.php
View File

@ -1,4 +1,3 @@
<div id="subtasks" class="task-show-section">
<?php if (! empty($subtasks)): ?>
@ -13,14 +12,14 @@
<th class="column-40"><?= t('Title') ?></th>
<th><?= t('Assignee') ?></th>
<th><?= t('Time tracking') ?></th>
<?php if (! isset($not_editable)): ?>
<?php if ($editable): ?>
<th><?= t('Actions') ?></th>
<?php endif ?>
</tr>
<?php foreach ($subtasks as $subtask): ?>
<tr>
<td>
<?php if (! isset($not_editable)): ?>
<?php if ($editable): ?>
<?= $this->subtask->toggleStatus($subtask, 'task') ?>
<?php else: ?>
<?= $this->render('subtask/icons', array('subtask' => $subtask)) . $this->e($subtask['title']) ?>
@ -28,7 +27,7 @@
</td>
<td>
<?php if (! empty($subtask['username'])): ?>
<?php if (! isset($not_editable)): ?>
<?php if ($editable): ?>
<?= $this->url->link($this->e($subtask['name'] ?: $subtask['username']), 'user', 'show', array('user_id' => $subtask['user_id'])) ?>
<?php else: ?>
<?= $this->e($subtask['name'] ?: $subtask['username']) ?>
@ -46,7 +45,7 @@
<strong><?= $this->e($subtask['time_estimated']).'h' ?></strong> <?= t('estimated') ?>
<?php endif ?>
</li>
<?php if (! isset($not_editable) && $subtask['user_id'] == $this->user->getId()): ?>
<?php if ($editable && $subtask['user_id'] == $this->user->getId()): ?>
<li>
<?php if ($subtask['is_timer_started']): ?>
<i class="fa fa-pause"></i>
@ -60,7 +59,7 @@
<?php endif ?>
</ul>
</td>
<?php if (! isset($not_editable)): ?>
<?php if ($editable): ?>
<td>
<ul>
<?php if ($subtask['position'] != $first_position): ?>
@ -87,7 +86,7 @@
</table>
<?php endif ?>
<?php if (! isset($not_editable) && $this->user->hasProjectAccess('subtask', 'save', $task['project_id'])): ?>
<?php if ($editable && $this->user->hasProjectAccess('subtask', 'save', $task['project_id'])): ?>
<?php if (empty($subtasks)): ?>
<div class="page-header">

4
app/Template/task/comments.php
View File

@ -15,12 +15,12 @@
'comment' => $comment,
'task' => $task,
'project' => $project,
'not_editable' => isset($not_editable) && $not_editable,
'editable' => $editable,
'is_public' => isset($is_public) && $is_public,
)) ?>
<?php endforeach ?>
<?php if (! isset($not_editable)): ?>
<?php if ($editable): ?>
<?= $this->render('comment/create', array(
'skip_cancel' => true,
'values' => array(

2
app/Template/task/details.php
View File

@ -86,7 +86,7 @@
</li>
<?php endif ?>
<?php if (! isset($not_editable) && $task['recurrence_status'] != \Kanboard\Model\Task::RECURRING_STATUS_NONE): ?>
<?php if ($editable && $task['recurrence_status'] != \Kanboard\Model\Task::RECURRING_STATUS_NONE): ?>
<li>
<strong><?= t('Recurring information') ?></strong>
<?= $this->render('task/recurring_info', array(

11
app/Template/task/public.php
View File

@ -1,33 +1,34 @@
<section id="main" class="public-task">
<?= $this->render('task/details', array('task' => $task, 'project' => $project, 'not_editable' => true)) ?>
<?= $this->render('task/details', array('task' => $task, 'project' => $project, 'editable' => false)) ?>
<p class="pull-right"><?= $this->url->link(t('Back to the board'), 'board', 'readonly', array('token' => $project['token'])) ?></p>
<?= $this->render('task/description', array(
'task' => $task,
'project' => $project,
'is_public' => true
'is_public' => true,
)) ?>
<?= $this->render('tasklink/show', array(
'task' => $task,
'links' => $links,
'project' => $project,
'not_editable' => true
'editable' => false,
'is_public' => true,
)) ?>
<?= $this->render('subtask/show', array(
'task' => $task,
'subtasks' => $subtasks,
'not_editable' => true
'editable' => false
)) ?>
<?= $this->render('task/comments', array(
'task' => $task,
'comments' => $comments,
'project' => $project,
'not_editable' => true,
'editable' => false,
'is_public' => true,
)) ?>

35
app/Template/task/show.php
View File

@ -4,6 +4,7 @@
'recurrence_trigger_list' => $this->task->recurrenceTriggers(),
'recurrence_timeframe_list' => $this->task->recurrenceTimeframes(),
'recurrence_basedate_list' => $this->task->recurrenceBasedates(),
'editable' => $this->user->hasProjectAccess('taskmodification', 'edit', $project['id']),
)) ?>
<?php if ($this->user->hasProjectAccess('taskmodification', 'edit', $project['id'])): ?>
@ -11,8 +12,34 @@
<?php endif ?>
<?= $this->render('task/description', array('task' => $task)) ?>
<?= $this->render('tasklink/show', array('task' => $task, 'links' => $links, 'link_label_list' => $link_label_list)) ?>
<?= $this->render('subtask/show', array('task' => $task, 'subtasks' => $subtasks, 'project' => $project, 'users_list' => isset($users_list) ? $users_list : array())) ?>
<?= $this->render('tasklink/show', array(
'task' => $task,
'links' => $links,
'link_label_list' => $link_label_list,
'editable' => $this->user->hasProjectAccess('tasklink', 'edit', $project['id']),
'is_public' => false,
)) ?>
<?= $this->render('subtask/show', array(
'task' => $task,
'subtasks' => $subtasks,
'project' => $project,
'users_list' => isset($users_list) ? $users_list : array(),
'editable' => $this->user->hasProjectAccess('subtask', 'edit', $project['id']),
)) ?>
<?= $this->render('task/time_tracking_summary', array('task' => $task)) ?>
<?= $this->render('file/show', array('task' => $task, 'files' => $files, 'images' => $images)) ?>
<?= $this->render('task/comments', array('task' => $task, 'comments' => $comments, 'project' => $project)) ?>
<?= $this->render('file/show', array(
'task' => $task,
'files' => $files,
'images' => $images
)) ?>
<?= $this->render('task/comments', array(
'task' => $task,
'comments' => $comments,
'project' => $project,
'editable' => $this->user->hasProjectAccess('comment', 'edit', $project['id']),
)) ?>

18
app/Template/tasklink/show.php
View File

@ -9,7 +9,7 @@
<th class="column-20"><?= t('Project') ?></th>
<th><?= t('Column') ?></th>
<th><?= t('Assignee') ?></th>
<?php if (! isset($not_editable)): ?>
<?php if ($editable): ?>
<th><?= t('Action') ?></th>
<?php endif ?>
</tr>
@ -23,12 +23,12 @@
<?php endif ?>
<td>
<?php if (! isset($not_editable)): ?>
<?php if ($is_public): ?>
<?= $this->url->link(
$this->e('#'.$link['task_id'].' '.$link['title']),
'task',
'show',
array('task_id' => $link['task_id'], 'project_id' => $link['project_id']),
'readonly',
array('task_id' => $link['task_id'], 'token' => $project['token']),
false,
$link['is_active'] ? '' : 'task-link-closed'
) ?>
@ -36,8 +36,8 @@
<?= $this->url->link(
$this->e('#'.$link['task_id'].' '.$link['title']),
'task',
'readonly',
array('task_id' => $link['task_id'], 'token' => $project['token']),
'show',
array('task_id' => $link['task_id'], 'project_id' => $link['project_id']),
false,
$link['is_active'] ? '' : 'task-link-closed'
) ?>
@ -57,14 +57,14 @@
<td><?= $this->e($link['column_title']) ?></td>
<td>
<?php if (! empty($link['task_assignee_username'])): ?>
<?php if (! isset($not_editable)): ?>
<?php if ($editable): ?>
<?= $this->url->link($this->e($link['task_assignee_name'] ?: $link['task_assignee_username']), 'user', 'show', array('user_id' => $link['task_assignee_id'])) ?>
<?php else: ?>
<?= $this->e($link['task_assignee_name'] ?: $link['task_assignee_username']) ?>
<?php endif ?>
<?php endif ?>
</td>
<?php if (! isset($not_editable)): ?>
<?php if ($editable): ?>
<td>
<ul>
<li><?= $this->url->link(t('Edit'), 'tasklink', 'edit', array('link_id' => $link['id'], 'task_id' => $task['id'], 'project_id' => $task['project_id'])) ?></li>
@ -77,7 +77,7 @@
<?php endforeach ?>
</table>
<?php if (! isset($not_editable) && isset($link_label_list)): ?>
<?php if ($editable && isset($link_label_list)): ?>
<form action="<?= $this->url->href('tasklink', 'save', array('task_id' => $task['id'], 'project_id' => $task['project_id'])) ?>" method="post" autocomplete="off">
<?= $this->form->csrf() ?>