Custom project roles inherit from project members
This commit is contained in:
Frederic Guillot
parent
dded773749
commit
fedf4ea2de
|
|
@ -49,6 +49,18 @@ class Role
|
|||
);
|
||||
}
|
||||
|
||||
/**
|
||||
* Check if the given role is custom or not
|
||||
*
|
||||
* @access public
|
||||
* @param string $role
|
||||
* @return bool
|
||||
*/
|
||||
public function isCustomProjectRole($role)
|
||||
{
|
||||
return ! empty($role) && $role !== self::PROJECT_MANAGER && $role !== self::PROJECT_MEMBER && $role !== self::PROJECT_VIEWER;
|
||||
}
|
||||
|
||||
/**
|
||||
* Get role name
|
||||
*
|
||||
|
|
|
|||
|
|
@ -150,6 +150,11 @@ class UserHelper extends Base
|
|||
|
||||
if ($result === null) {
|
||||
$role = $this->getProjectUserRole($project_id);
|
||||
|
||||
if ($this->role->isCustomProjectRole($role)) {
|
||||
$role = Role::PROJECT_MEMBER;
|
||||
}
|
||||
|
||||
$result = $this->projectAuthorization->isAllowed($controller, $action, $role);
|
||||
$this->memoryCache->set($key, $result);
|
||||
}
|
||||
|
|
|
|||
|
|
@ -0,0 +1,37 @@
|
|||
<?php
|
||||
|
||||
use Kanboard\Core\Security\Role;
|
||||
|
||||
require_once __DIR__.'/../../Base.php';
|
||||
|
||||
class RoleTest extends Base
|
||||
{
|
||||
public function testIsCustomRole()
|
||||
{
|
||||
$role = new Role();
|
||||
$this->assertFalse($role->isCustomProjectRole(Role::PROJECT_MANAGER));
|
||||
$this->assertFalse($role->isCustomProjectRole(Role::PROJECT_MEMBER));
|
||||
$this->assertFalse($role->isCustomProjectRole(Role::PROJECT_VIEWER));
|
||||
$this->assertFalse($role->isCustomProjectRole(''));
|
||||
$this->assertTrue($role->isCustomProjectRole('Custom Role'));
|
||||
}
|
||||
|
||||
public function testGetRoleName()
|
||||
{
|
||||
$role = new Role();
|
||||
$this->assertEquals('Project Manager', $role->getRoleName(Role::PROJECT_MANAGER));
|
||||
$this->assertEquals('Project Member', $role->getRoleName(Role::PROJECT_MEMBER));
|
||||
$this->assertEquals('Project Viewer', $role->getRoleName(Role::PROJECT_VIEWER));
|
||||
$this->assertEquals('Administrator', $role->getRoleName(Role::APP_ADMIN));
|
||||
$this->assertEquals('Manager', $role->getRoleName(Role::APP_MANAGER));
|
||||
$this->assertEquals('User', $role->getRoleName(Role::APP_USER));
|
||||
$this->assertEquals('Unknown', $role->getRoleName('Foobar'));
|
||||
}
|
||||
|
||||
public function testGetters()
|
||||
{
|
||||
$role = new Role();
|
||||
$this->assertCount(3, $role->getApplicationRoles());
|
||||
$this->assertCount(3, $role->getProjectRoles());
|
||||
}
|
||||
}
|
||||
|
|
@ -5,6 +5,7 @@ require_once __DIR__.'/../Base.php';
|
|||
use Kanboard\Core\User\UserSession;
|
||||
use Kanboard\Helper\UserHelper;
|
||||
use Kanboard\Model\ProjectModel;
|
||||
use Kanboard\Model\ProjectRoleModel;
|
||||
use Kanboard\Model\ProjectUserRoleModel;
|
||||
use Kanboard\Model\TaskCreationModel;
|
||||
use Kanboard\Model\TaskFinderModel;
|
||||
|
|
@ -263,6 +264,37 @@ class UserHelperTest extends Base
|
|||
$this->assertFalse($helper->hasProjectAccess('TaskCreationController', 'save', 2));
|
||||
}
|
||||
|
||||
public function testHasProjectAccessForCustomProjectRole()
|
||||
{
|
||||
$helper = new UserHelper($this->container);
|
||||
$user = new UserModel($this->container);
|
||||
$project = new ProjectModel($this->container);
|
||||
$projectUserRole = new ProjectUserRoleModel($this->container);
|
||||
$projectRole = new ProjectRoleModel($this->container);
|
||||
|
||||
$this->container['sessionStorage']->user = array(
|
||||
'id' => 2,
|
||||
'role' => Role::APP_USER,
|
||||
);
|
||||
|
||||
$this->assertEquals(1, $project->create(array('name' => 'My project')));
|
||||
$this->assertEquals(2, $project->create(array('name' => 'My project')));
|
||||
$this->assertEquals(2, $user->create(array('username' => 'user')));
|
||||
$this->assertEquals(1, $projectRole->create(1, 'Custom Role'));
|
||||
|
||||
$this->assertTrue($projectUserRole->addUser(1, 2, 'Custom Role'));
|
||||
|
||||
$this->assertFalse($helper->hasProjectAccess('ProjectEditController', 'edit', 1));
|
||||
$this->assertTrue($helper->hasProjectAccess('BoardViewController', 'show', 1));
|
||||
$this->assertTrue($helper->hasProjectAccess('TaskViewController', 'show', 1));
|
||||
$this->assertTrue($helper->hasProjectAccess('TaskCreationController', 'save', 1));
|
||||
|
||||
$this->assertFalse($helper->hasProjectAccess('ProjectEditController', 'edit', 2));
|
||||
$this->assertFalse($helper->hasProjectAccess('BoardViewController', 'show', 2));
|
||||
$this->assertFalse($helper->hasProjectAccess('TaskViewController', 'show', 2));
|
||||
$this->assertFalse($helper->hasProjectAccess('TaskCreationController', 'save', 2));
|
||||
}
|
||||
|
||||
public function testCanRemoveTask()
|
||||
{
|
||||
$taskCreationModel = new TaskCreationModel($this->container);
|
||||
|
|
|
|||
Loading…
Reference in New Issue