diff options
author | Frédéric Guillot <fred@kanboard.net> | 2014-09-20 12:52:48 +0200 |
---|---|---|
committer | Frédéric Guillot <fred@kanboard.net> | 2014-09-20 12:52:48 +0200 |
commit | 00cdc609d113fedf977da1d55136dc4d699fb308 (patch) | |
tree | 3e54049861fb2698cd4501bae829c62093d4c982 | |
parent | 5f96af82f26967f4614b89322a82a59cb48bd2a3 (diff) |
Extract project permissions to a separate class
-rw-r--r-- | app/Controller/Action.php | 4 | ||||
-rw-r--r-- | app/Controller/Base.php | 3 | ||||
-rw-r--r-- | app/Controller/Board.php | 16 | ||||
-rw-r--r-- | app/Controller/Project.php | 10 | ||||
-rw-r--r-- | app/Controller/Subtask.php | 8 | ||||
-rw-r--r-- | app/Controller/Task.php | 10 | ||||
-rw-r--r-- | app/Controller/User.php | 6 | ||||
-rw-r--r-- | app/Model/Base.php | 1 | ||||
-rw-r--r-- | app/Model/Project.php | 236 | ||||
-rw-r--r-- | app/Model/ProjectPermission.php | 247 | ||||
-rw-r--r-- | app/Model/Task.php | 4 | ||||
-rw-r--r-- | jsonrpc.php | 14 | ||||
-rw-r--r-- | tests/units/ProjectPermissionTest.php | 160 | ||||
-rw-r--r-- | tests/units/ProjectTest.php | 142 | ||||
-rw-r--r-- | tests/units/TaskTest.php | 4 |
15 files changed, 452 insertions, 413 deletions
diff --git a/app/Controller/Action.php b/app/Controller/Action.php index 0bf8ff0c..64d77aab 100644 --- a/app/Controller/Action.php +++ b/app/Controller/Action.php @@ -27,7 +27,7 @@ class Action extends Base 'available_events' => $this->action->getAvailableEvents(), 'available_params' => $this->action->getAllActionParameters(), 'columns_list' => $this->board->getColumnsList($project['id']), - 'users_list' => $this->project->getUsersList($project['id']), + 'users_list' => $this->projectPermission->getUsersList($project['id']), 'projects_list' => $this->project->getList(false), 'colors_list' => $this->color->getList(), 'categories_list' => $this->category->getList($project['id']), @@ -51,7 +51,7 @@ class Action extends Base 'values' => $values, 'action_params' => $action->getActionRequiredParameters(), 'columns_list' => $this->board->getColumnsList($project['id']), - 'users_list' => $this->project->getUsersList($project['id']), + 'users_list' => $this->projectPermission->getUsersList($project['id']), 'projects_list' => $this->project->getList(false), 'colors_list' => $this->color->getList(), 'categories_list' => $this->category->getList($project['id']), diff --git a/app/Controller/Base.php b/app/Controller/Base.php index 383b22d1..cc180158 100644 --- a/app/Controller/Base.php +++ b/app/Controller/Base.php @@ -26,6 +26,7 @@ use Model\LastLogin; * @property \Model\LastLogin $lastLogin * @property \Model\Notification $notification * @property \Model\Project $project + * @property \Model\ProjectPermission $projectPermission * @property \Model\SubTask $subTask * @property \Model\Task $task * @property \Model\TaskHistory $taskHistory @@ -211,7 +212,7 @@ abstract class Base { if ($this->acl->isRegularUser()) { - if ($project_id > 0 && ! $this->project->isUserAllowed($project_id, $this->acl->getUserId())) { + if ($project_id > 0 && ! $this->projectPermission->isUserAllowed($project_id, $this->acl->getUserId())) { $this->forbidden(); } } diff --git a/app/Controller/Board.php b/app/Controller/Board.php index e002ce3b..b56adca0 100644 --- a/app/Controller/Board.php +++ b/app/Controller/Board.php @@ -55,11 +55,11 @@ class Board extends Base { $task = $this->getTask(); $project = $this->project->getById($task['project_id']); - $projects = $this->project->getAvailableList($this->acl->getUserId()); + $projects = $this->projectPermission->getAllowedProjects($this->acl->getUserId()); $params = array( 'errors' => array(), 'values' => $task, - 'users_list' => $this->project->getUsersList($project['id']), + 'users_list' => $this->projectPermission->getUsersList($project['id']), 'projects' => $projects, 'current_project_id' => $project['id'], 'current_project_name' => $project['name'], @@ -109,7 +109,7 @@ class Board extends Base { $task = $this->getTask(); $project = $this->project->getById($task['project_id']); - $projects = $this->project->getAvailableList($this->acl->getUserId()); + $projects = $this->projectPermission->getAllowedProjects($this->acl->getUserId()); $params = array( 'errors' => array(), 'values' => $task, @@ -194,7 +194,7 @@ class Board extends Base $project_id = $last_seen_project_id ?: $favorite_project_id; if (! $project_id) { - $projects = $this->project->getAvailableList($this->acl->getUserId()); + $projects = $this->projectPermission->getAllowedProjects($this->acl->getUserId()); if (empty($projects)) { @@ -220,7 +220,7 @@ class Board extends Base public function show($project_id = 0) { $project = $this->getProject($project_id); - $projects = $this->project->getAvailableList($this->acl->getUserId()); + $projects = $this->projectPermission->getAllowedProjects($this->acl->getUserId()); $board_selector = $projects; unset($board_selector[$project['id']]); @@ -228,7 +228,7 @@ class Board extends Base $this->user->storeLastSeenProjectId($project['id']); $this->response->html($this->template->layout('board_index', array( - 'users' => $this->project->getUsersList($project['id'], true, true), + 'users' => $this->projectPermission->getUsersList($project['id'], true, true), 'filters' => array('user_id' => UserModel::EVERYBODY_ID), 'projects' => $projects, 'current_project_id' => $project['id'], @@ -394,7 +394,7 @@ class Board extends Base if ($project_id > 0 && $this->request->isAjax()) { - if (! $this->project->isUserAllowed($project_id, $this->acl->getUserId())) { + if (! $this->projectPermission->isUserAllowed($project_id, $this->acl->getUserId())) { $this->response->status(401); } @@ -433,7 +433,7 @@ class Board extends Base $project_id = $this->request->getIntegerParam('project_id'); $timestamp = $this->request->getIntegerParam('timestamp'); - if ($project_id > 0 && ! $this->project->isUserAllowed($project_id, $this->acl->getUserId())) { + if ($project_id > 0 && ! $this->projectPermission->isUserAllowed($project_id, $this->acl->getUserId())) { $this->response->text('Not Authorized', 401); } diff --git a/app/Controller/Project.php b/app/Controller/Project.php index 2459f094..7b174ef4 100644 --- a/app/Controller/Project.php +++ b/app/Controller/Project.php @@ -206,7 +206,7 @@ class Project extends Base $this->response->html($this->projectLayout('project_users', array( 'project' => $project, - 'users' => $this->project->getAllUsers($project['id']), + 'users' => $this->projectPermission->getAllUsers($project['id']), 'menu' => 'projects', 'title' => t('Edit project access list') ))); @@ -220,11 +220,11 @@ class Project extends Base public function allow() { $values = $this->request->getValues(); - list($valid,) = $this->project->validateUserAccess($values); + list($valid,) = $this->projectPermission->validateModification($values); if ($valid) { - if ($this->project->allowUser($values['project_id'], $values['user_id'])) { + if ($this->projectPermission->allowUser($values['project_id'], $values['user_id'])) { $this->session->flash(t('Project updated successfully.')); } else { @@ -249,11 +249,11 @@ class Project extends Base 'user_id' => $this->request->getIntegerParam('user_id'), ); - list($valid,) = $this->project->validateUserAccess($values); + list($valid,) = $this->projectPermission->validateModification($values); if ($valid) { - if ($this->project->revokeUser($values['project_id'], $values['user_id'])) { + if ($this->projectPermission->revokeUser($values['project_id'], $values['user_id'])) { $this->session->flash(t('Project updated successfully.')); } else { diff --git a/app/Controller/Subtask.php b/app/Controller/Subtask.php index ec2e6948..a103f999 100644 --- a/app/Controller/Subtask.php +++ b/app/Controller/Subtask.php @@ -41,7 +41,7 @@ class Subtask extends Base 'task_id' => $task['id'], ), 'errors' => array(), - 'users_list' => $this->project->getUsersList($task['project_id']), + 'users_list' => $this->projectPermission->getUsersList($task['project_id']), 'task' => $task, 'menu' => 'tasks', 'title' => t('Add a sub-task') @@ -79,7 +79,7 @@ class Subtask extends Base $this->response->html($this->taskLayout('subtask_create', array( 'values' => $values, 'errors' => $errors, - 'users_list' => $this->project->getUsersList($task['project_id']), + 'users_list' => $this->projectPermission->getUsersList($task['project_id']), 'task' => $task, 'menu' => 'tasks', 'title' => t('Add a sub-task') @@ -99,7 +99,7 @@ class Subtask extends Base $this->response->html($this->taskLayout('subtask_edit', array( 'values' => $subtask, 'errors' => array(), - 'users_list' => $this->project->getUsersList($task['project_id']), + 'users_list' => $this->projectPermission->getUsersList($task['project_id']), 'status_list' => $this->subTask->getStatusList(), 'subtask' => $subtask, 'task' => $task, @@ -136,7 +136,7 @@ class Subtask extends Base $this->response->html($this->taskLayout('subtask_edit', array( 'values' => $values, 'errors' => $errors, - 'users_list' => $this->project->getUsersList($task['project_id']), + 'users_list' => $this->projectPermission->getUsersList($task['project_id']), 'status_list' => $this->subTask->getStatusList(), 'subtask' => $subtask, 'task' => $task, diff --git a/app/Controller/Task.php b/app/Controller/Task.php index d958c248..5de25a0e 100644 --- a/app/Controller/Task.php +++ b/app/Controller/Task.php @@ -123,7 +123,7 @@ class Task extends Base ), 'projects_list' => $this->project->getListByStatus(ProjectModel::ACTIVE), 'columns_list' => $this->board->getColumnsList($project_id), - 'users_list' => $this->project->getUsersList($project_id), + 'users_list' => $this->projectPermission->getUsersList($project_id), 'colors_list' => $this->color->getList(), 'categories_list' => $this->category->getList($project_id), 'menu' => 'tasks', @@ -169,7 +169,7 @@ class Task extends Base 'values' => $values, 'projects_list' => $this->project->getListByStatus(ProjectModel::ACTIVE), 'columns_list' => $this->board->getColumnsList($values['project_id']), - 'users_list' => $this->project->getUsersList($values['project_id']), + 'users_list' => $this->projectPermission->getUsersList($values['project_id']), 'colors_list' => $this->color->getList(), 'categories_list' => $this->category->getList($values['project_id']), 'menu' => 'tasks', @@ -199,7 +199,7 @@ class Task extends Base 'values' => $task, 'errors' => array(), 'task' => $task, - 'users_list' => $this->project->getUsersList($task['project_id']), + 'users_list' => $this->projectPermission->getUsersList($task['project_id']), 'colors_list' => $this->color->getList(), 'categories_list' => $this->category->getList($task['project_id']), 'ajax' => $this->request->isAjax(), @@ -248,7 +248,7 @@ class Task extends Base 'errors' => $errors, 'task' => $task, 'columns_list' => $this->board->getColumnsList($values['project_id']), - 'users_list' => $this->project->getUsersList($values['project_id']), + 'users_list' => $this->projectPermission->getUsersList($values['project_id']), 'colors_list' => $this->color->getList(), 'categories_list' => $this->category->getList($values['project_id']), 'menu' => 'tasks', @@ -458,7 +458,7 @@ class Task extends Base $task = $this->getTask(); $values = $task; $errors = array(); - $projects_list = $this->project->getAvailableList($this->acl->getUserId()); + $projects_list = $this->projectPermission->getAllowedProjects($this->acl->getUserId()); unset($projects_list[$task['project_id']]); diff --git a/app/Controller/User.php b/app/Controller/User.php index 72ef521c..504f4aed 100644 --- a/app/Controller/User.php +++ b/app/Controller/User.php @@ -189,7 +189,7 @@ class User extends Base { $user = $this->getUser(); $this->response->html($this->layout('user_show', array( - 'projects' => $this->project->getAvailableList($user['id']), + 'projects' => $this->projectPermission->getAllowedProjects($user['id']), 'user' => $user, ))); } @@ -252,7 +252,7 @@ class User extends Base } $this->response->html($this->layout('user_notifications', array( - 'projects' => $this->project->getAvailableList($user['id']), + 'projects' => $this->projectPermission->getAllowedProjects($user['id']), 'notifications' => $this->notification->readSettings($user['id']), 'user' => $user, ))); @@ -353,7 +353,7 @@ class User extends Base $this->response->html($this->layout('user_edit', array( 'values' => $values, 'errors' => $errors, - 'projects' => $this->project->filterListByAccess($this->project->getList(), $user['id']), + 'projects' => $this->projectPermission->getAllowedProjects($user['id']), 'user' => $user, ))); } diff --git a/app/Model/Base.php b/app/Model/Base.php index 530ef6c2..e3f194b5 100644 --- a/app/Model/Base.php +++ b/app/Model/Base.php @@ -26,6 +26,7 @@ use PicoDb\Database; * @property \Model\LastLogin $lastLogin * @property \Model\Notification $notification * @property \Model\Project $project + * @property \Model\ProjectPermission $projectPermission * @property \Model\SubTask $subTask * @property \Model\Task $task * @property \Model\TaskExport $taskExport diff --git a/app/Model/Project.php b/app/Model/Project.php index 3edd82c5..1eabe239 100644 --- a/app/Model/Project.php +++ b/app/Model/Project.php @@ -23,13 +23,6 @@ class Project extends Base const TABLE = 'projects'; /** - * SQL table name for users - * - * @var string - */ - const TABLE_USERS = 'project_has_users'; - - /** * Value for active project * * @var integer @@ -44,157 +37,6 @@ class Project extends Base const INACTIVE = 0; /** - * Get a list of people that can be assigned for tasks - * - * @access public - * @param integer $project_id Project id - * @param bool $prepend_unassigned Prepend the 'Unassigned' value - * @param bool $prepend_everybody Prepend the 'Everbody' value - * @return array - */ - public function getUsersList($project_id, $prepend_unassigned = true, $prepend_everybody = false) - { - $allowed_users = $this->getAllowedUsers($project_id); - - if (empty($allowed_users)) { - $allowed_users = $this->user->getList(); - } - - if ($prepend_unassigned) { - $allowed_users = array(t('Unassigned')) + $allowed_users; - } - - if ($prepend_everybody) { - $allowed_users = array(User::EVERYBODY_ID => t('Everybody')) + $allowed_users; - } - - return $allowed_users; - } - - /** - * Get a list of allowed people for a project - * - * @access public - * @param integer $project_id Project id - * @return array - */ - public function getAllowedUsers($project_id) - { - $users = $this->db - ->table(self::TABLE_USERS) - ->join(User::TABLE, 'id', 'user_id') - ->eq('project_id', $project_id) - ->asc('username') - ->columns(User::TABLE.'.id', User::TABLE.'.username', User::TABLE.'.name') - ->findAll(); - - $result = array(); - - foreach ($users as $user) { - $result[$user['id']] = $user['name'] ?: $user['username']; - } - - asort($result); - - return $result; - } - - /** - * Get allowed and not allowed users for a project - * - * @access public - * @param integer $project_id Project id - * @return array - */ - public function getAllUsers($project_id) - { - $users = array( - 'allowed' => array(), - 'not_allowed' => array(), - ); - - $all_users = $this->user->getList(); - - $users['allowed'] = $this->getAllowedUsers($project_id); - - foreach ($all_users as $user_id => $username) { - - if (! isset($users['allowed'][$user_id])) { - $users['not_allowed'][$user_id] = $username; - } - } - - return $users; - } - - /** - * Allow a specific user for a given project - * - * @access public - * @param integer $project_id Project id - * @param integer $user_id User id - * @return bool - */ - public function allowUser($project_id, $user_id) - { - return $this->db - ->table(self::TABLE_USERS) - ->save(array('project_id' => $project_id, 'user_id' => $user_id)); - } - - /** - * Revoke a specific user for a given project - * - * @access public - * @param integer $project_id Project id - * @param integer $user_id User id - * @return bool - */ - public function revokeUser($project_id, $user_id) - { - return $this->db - ->table(self::TABLE_USERS) - ->eq('project_id', $project_id) - ->eq('user_id', $user_id) - ->remove(); - } - - /** - * Check if a specific user is allowed to access to a given project - * - * @access public - * @param integer $project_id Project id - * @param integer $user_id User id - * @return bool - */ - public function isUserAllowed($project_id, $user_id) - { - // If there is nobody specified, everybody have access to the project - $nb_users = $this->db - ->table(self::TABLE_USERS) - ->eq('project_id', $project_id) - ->count(); - - if ($nb_users < 1) return true; - - // Check if user has admin rights - $nb_users = $this->db - ->table(User::TABLE) - ->eq('id', $user_id) - ->eq('is_admin', 1) - ->count(); - - if ($nb_users > 0) return true; - - // Otherwise, allow only specific users - return (bool) $this->db - ->table(self::TABLE_USERS) - ->eq('project_id', $project_id) - ->eq('user_id', $user_id) - ->count(); - } - - /** * Get a project by the id * * @access public @@ -256,7 +98,7 @@ class Project extends Base foreach ($projects as $key => $project) { - if (! $this->isUserAllowed($project['id'], $this->acl->getUserId())) { + if (! $this->projectPermission->isUserAllowed($project['id'], $this->acl->getUserId())) { unset($projects[$key]); } } @@ -329,37 +171,6 @@ class Project extends Base } /** - * Filter a list of projects for a given user - * - * @access public - * @param array $projects Project list: ['project_id' => 'project_name'] - * @param integer $user_id User id - * @return array - */ - public function filterListByAccess(array $projects, $user_id) - { - foreach ($projects as $project_id => $project_name) { - if (! $this->isUserAllowed($project_id, $user_id)) { - unset($projects[$project_id]); - } - } - - return $projects; - } - - /** - * Return a list of projects for a given user - * - * @access public - * @param integer $user_id User id - * @return array - */ - public function getAvailableList($user_id) - { - return $this->filterListByAccess($this->getListByStatus(self::ACTIVE), $user_id); - } - - /** * Gather some task metrics for a given project * * @access public @@ -410,27 +221,6 @@ class Project extends Base } /** - * Copy user access from a project to another one - * - * @author Antonio Rabelo - * @param integer $project_from Project Template - * @return integer $project_to Project that receives the copy - * @return boolean - */ - public function duplicateUsers($project_from, $project_to) - { - $users = $this->getAllowedUsers($project_from); - - foreach ($users as $user_id => $name) { - if (! $this->allowUser($project_to, $user_id)) { - return false; - } - } - - return true; - } - - /** * Clone a project * * @author Antonio Rabelo @@ -461,7 +251,7 @@ class Project extends Base } // Clone Allowed Users - if (! $this->duplicateUsers($project_id, $clone_project_id)) { + if (! $this->projectPermission->duplicate($project_id, $clone_project_id)) { $this->db->cancelTransaction(); return false; } @@ -702,28 +492,6 @@ class Project extends Base } /** - * Validate allowed users - * - * @access public - * @param array $values Form values - * @return array $valid, $errors [0] = Success or not, [1] = List of errors - */ - public function validateUserAccess(array $values) - { - $v = new Validator($values, array( - new Validators\Required('project_id', t('The project id is required')), - new Validators\Integer('project_id', t('This value must be an integer')), - new Validators\Required('user_id', t('The user id is required')), - new Validators\Integer('user_id', t('This value must be an integer')), - )); - - return array( - $v->execute(), - $v->getErrors() - ); - } - - /** * Attach events * * @access public diff --git a/app/Model/ProjectPermission.php b/app/Model/ProjectPermission.php new file mode 100644 index 00000000..51c11735 --- /dev/null +++ b/app/Model/ProjectPermission.php @@ -0,0 +1,247 @@ +<?php + +namespace Model; + +use SimpleValidator\Validator; +use SimpleValidator\Validators; + +/** + * Project permission model + * + * @package model + * @author Frederic Guillot + */ +class ProjectPermission extends Base +{ + /** + * SQL table name for permissions + * + * @var string + */ + const TABLE = 'project_has_users'; + + /** + * Get a list of people that can be assigned for tasks + * + * @access public + * @param integer $project_id Project id + * @param bool $prepend_unassigned Prepend the 'Unassigned' value + * @param bool $prepend_everybody Prepend the 'Everbody' value + * @return array + */ + public function getUsersList($project_id, $prepend_unassigned = true, $prepend_everybody = false) + { + $allowed_users = $this->getAllowedUsers($project_id); + + if (empty($allowed_users)) { + $allowed_users = $this->user->getList(); + } + + if ($prepend_unassigned) { + $allowed_users = array(t('Unassigned')) + $allowed_users; + } + + if ($prepend_everybody) { + $allowed_users = array(User::EVERYBODY_ID => t('Everybody')) + $allowed_users; + } + + return $allowed_users; + } + + /** + * Get a list of allowed people for a project + * + * @access public + * @param integer $project_id Project id + * @return array + */ + public function getAllowedUsers($project_id) + { + $users = $this->db + ->table(self::TABLE) + ->join(User::TABLE, 'id', 'user_id') + ->eq('project_id', $project_id) + ->asc('username') + ->columns(User::TABLE.'.id', User::TABLE.'.username', User::TABLE.'.name') + ->findAll(); + + $result = array(); + + foreach ($users as $user) { + $result[$user['id']] = $user['name'] ?: $user['username']; + } + + asort($result); + + return $result; + } + + /** + * Get allowed and not allowed users for a project + * + * @access public + * @param integer $project_id Project id + * @return array + */ + public function getAllUsers($project_id) + { + $users = array( + 'allowed' => array(), + 'not_allowed' => array(), + ); + + $all_users = $this->user->getList(); + + $users['allowed'] = $this->getAllowedUsers($project_id); + + foreach ($all_users as $user_id => $username) { + + if (! isset($users['allowed'][$user_id])) { + $users['not_allowed'][$user_id] = $username; + } + } + + return $users; + } + + /** + * Allow a specific user for a given project + * + * @access public + * @param integer $project_id Project id + * @param integer $user_id User id + * @return bool + */ + public function allowUser($project_id, $user_id) + { + return $this->db + ->table(self::TABLE) + ->save(array('project_id' => $project_id, 'user_id' => $user_id)); + } + + /** + * Revoke a specific user for a given project + * + * @access public + * @param integer $project_id Project id + * @param integer $user_id User id + * @return bool + */ + public function revokeUser($project_id, $user_id) + { + return $this->db + ->table(self::TABLE) + ->eq('project_id', $project_id) + ->eq('user_id', $user_id) + ->remove(); + } + + /** + * Check if a specific user is allowed to access to a given project + * + * @access public + * @param integer $project_id Project id + * @param integer $user_id User id + * @return bool + */ + public function isUserAllowed($project_id, $user_id) + { + // If there is nobody specified, everybody have access to the project + $nb_users = $this->db + ->table(self::TABLE) + ->eq('project_id', $project_id) + ->count(); + + if ($nb_users < 1) return true; + + // Check if user has admin rights + $nb_users = $this->db + ->table(User::TABLE) + ->eq('id', $user_id) + ->eq('is_admin', 1) + ->count(); + + if ($nb_users > 0) return true; + + // Otherwise, allow only specific users + return (bool) $this->db + ->table(self::TABLE) + ->eq('project_id', $project_id) + ->eq('user_id', $user_id) + ->count(); + } + + /** + * Filter a list of projects for a given user + * + * @access public + * @param array $projects Project list: ['project_id' => 'project_name'] + * @param integer $user_id User id + * @return array + */ + public function filterProjects(array $projects, $user_id) + { + foreach ($projects as $project_id => $project_name) { + if (! $this->isUserAllowed($project_id, $user_id)) { + unset($projects[$project_id]); + } + } + + return $projects; + } + + /** + * Return a list of projects for a given user + * + * @access public + * @param integer $user_id User id + * @return array + */ + public function getAllowedProjects($user_id) + { + return $this->filterProjects($this->project->getListByStatus(Project::ACTIVE), $user_id); + } + + /** + * Copy user access from a project to another one + * + * @author Antonio Rabelo + * @param integer $project_from Project Template + * @return integer $project_to Project that receives the copy + * @return boolean + */ + public function duplicate($project_from, $project_to) + { + $users = $this->getAllowedUsers($project_from); + + foreach ($users as $user_id => $name) { + if (! $this->allowUser($project_to, $user_id)) { + return false; + } + } + + return true; + } + + /** + * Validate allowed users + * + * @access public + * @param array $values Form values + * @return array $valid, $errors [0] = Success or not, [1] = List of errors + */ + public function validateModification(array $values) + { + $v = new Validator($values, array( + new Validators\Required('project_id', t('The project id is required')), + new Validators\Integer('project_id', t('This value must be an integer')), + new Validators\Required('user_id', t('The user id is required')), + new Validators\Integer('user_id', t('This value must be an integer')), + )); + + return array( + $v->execute(), + $v->getErrors() + ); + } +} diff --git a/app/Model/Task.php b/app/Model/Task.php index eacf0b5b..8f544ac9 100644 --- a/app/Model/Task.php +++ b/app/Model/Task.php @@ -279,7 +279,7 @@ class Task extends Base $values['category_id'] = 0; // Check if the assigned user is allowed for the new project - if ($task['owner_id'] && $this->project->isUserAllowed($values['project_id'], $task['owner_id'])) { + if ($task['owner_id'] && $this->projectPermission->isUserAllowed($values['project_id'], $task['owner_id'])) { $values['owner_id'] = $task['owner_id']; } @@ -673,7 +673,7 @@ class Task extends Base $values['owner_id'] = 0; // Check if the assigned user is allowed for the new project - if ($task['owner_id'] && $this->project->isUserAllowed($project_id, $task['owner_id'])) { + if ($task['owner_id'] && $this->projectPermission->isUserAllowed($project_id, $task['owner_id'])) { $values['owner_id'] = $task['owner_id']; } diff --git a/jsonrpc.php b/jsonrpc.php index a9c44747..2fbfb5a6 100644 --- a/jsonrpc.php +++ b/jsonrpc.php @@ -5,6 +5,7 @@ require __DIR__.'/app/common.php'; use Core\Translator; use JsonRPC\Server; use Model\Project; +use Model\projectPermission; use Model\Task; use Model\TaskValidator; use Model\User; @@ -19,6 +20,7 @@ use Model\Notification; $config = new Config($registry); $project = new Project($registry); +$projectPermission = new ProjectPermission($registry); $task = new Task($registry); $taskValidator = new TaskValidator($registry); $user = new User($registry); @@ -144,16 +146,16 @@ $server->register('removeColumn', function($column_id) use ($board) { /** * Project permissions procedures */ -$server->register('getAllowedUsers', function($project_id) use ($project) { - return $project->getUsersList($project_id, false, false); +$server->register('getAllowedUsers', function($project_id) use ($projectPermission) { + return $projectPermission->getUsersList($project_id, false, false); }); -$server->register('revokeUser', function($project_id, $user_id) use ($project) { - return $project->revokeUser($project_id, $user_id); +$server->register('revokeUser', function($project_id, $user_id) use ($project, $projectPermission) { + return $projectPermission->revokeUser($project_id, $user_id); }); -$server->register('allowUser', function($project_id, $user_id) use ($project) { - return $project->allowUser($project_id, $user_id); +$server->register('allowUser', function($project_id, $user_id) use ($project, $projectPermission) { + return $projectPermission->allowUser($project_id, $user_id); }); diff --git a/tests/units/ProjectPermissionTest.php b/tests/units/ProjectPermissionTest.php new file mode 100644 index 00000000..309fa63b --- /dev/null +++ b/tests/units/ProjectPermissionTest.php @@ -0,0 +1,160 @@ +<?php + +require_once __DIR__.'/Base.php'; + +use Model\Project; +use Model\ProjectPermission; +use Model\User; + +class ProjectPermissionTest extends Base +{ + public function testAllowEverybody() + { + // We create a regular user + $user = new User($this->registry); + $user->create(array('username' => 'unittest', 'password' => 'unittest')); + + $p = new Project($this->registry); + $pp = new ProjectPermission($this->registry); + + $this->assertEquals(1, $p->create(array('name' => 'UnitTest'))); + + $this->assertEmpty($pp->getAllowedUsers(1)); // Nobody is specified for the given project + $this->assertTrue($pp->isUserAllowed(1, 1)); // Everybody should be allowed + $this->assertTrue($pp->isUserAllowed(1, 2)); // Everybody should be allowed + } + + public function testAllowUser() + { + $p = new Project($this->registry); + $pp = new ProjectPermission($this->registry); + $user = new User($this->registry); + + $user->create(array('username' => 'unittest', 'password' => 'unittest')); + + // We create a project + $this->assertEquals(1, $p->create(array('name' => 'UnitTest'))); + + // We allow the admin user + $this->assertTrue($pp->allowUser(1, 1)); + + // Non-existant project + $this->assertFalse($pp->allowUser(50, 1)); + + // Non-existant user + $this->assertFalse($pp->allowUser(1, 50)); + + // Our admin user should be allowed + $this->assertEquals(array('1' => 'admin'), $pp->getAllowedUsers(1)); + $this->assertTrue($pp->isUserAllowed(1, 1)); + + // Our regular user should be forbidden + $this->assertFalse($pp->isUserAllowed(1, 2)); + } + + public function testRevokeUser() + { + $p = new Project($this->registry); + $pp = new ProjectPermission($this->registry); + $user = new User($this->registry); + + $user->create(array('username' => 'unittest', 'password' => 'unittest')); + + // We create a project + $this->assertEquals(1, $p->create(array('name' => 'UnitTest'))); + + // We revoke our admin user (not existing row) + $this->assertFalse($pp->revokeUser(1, 1)); + + // We should have nobody in the users list + $this->assertEmpty($pp->getAllowedUsers(1)); + + // Our admin user and our regular user should be allowed + $this->assertTrue($pp->isUserAllowed(1, 1)); + $this->assertTrue($pp->isUserAllowed(1, 2)); + + // We allow only the regular user + $this->assertTrue($pp->allowUser(1, 2)); + + // All users should be allowed (admin and regular) + $this->assertTrue($pp->isUserAllowed(1, 1)); + $this->assertTrue($pp->isUserAllowed(1, 2)); + + // However, we should have only our regular user in the list + $this->assertEquals(array('2' => 'unittest'), $pp->getAllowedUsers(1)); + + // We allow our admin, we should have both in the list + $this->assertTrue($pp->allowUser(1, 1)); + $this->assertEquals(array('1' => 'admin', '2' => 'unittest'), $pp->getAllowedUsers(1)); + $this->assertTrue($pp->isUserAllowed(1, 1)); + $this->assertTrue($pp->isUserAllowed(1, 2)); + + // We revoke the regular user + $this->assertTrue($pp->revokeUser(1, 2)); + + // Only admin should be allowed + $this->assertTrue($pp->isUserAllowed(1, 1)); + $this->assertFalse($pp->isUserAllowed(1, 2)); + + // We should have only admin in the list + $this->assertEquals(array('1' => 'admin'), $pp->getAllowedUsers(1)); + + // We revoke the admin user + $this->assertTrue($pp->revokeUser(1, 1)); + $this->assertEmpty($pp->getAllowedUsers(1)); + + // Everybody should be allowed again + $this->assertTrue($pp->isUserAllowed(1, 1)); + $this->assertTrue($pp->isUserAllowed(1, 2)); + } + + public function testUsersList() + { + $p = new Project($this->registry); + $pp = new ProjectPermission($this->registry); + + $user = new User($this->registry); + $user->create(array('username' => 'unittest', 'password' => 'unittest')); + + // We create project + $this->assertEquals(1, $p->create(array('name' => 'UnitTest'))); + + // No restriction, we should have everybody + $this->assertEquals( + array('Unassigned', 'admin', 'unittest'), + $pp->getUsersList(1) + ); + + // We allow only the regular user + $this->assertTrue($pp->allowUser(1, 2)); + + $this->assertEquals( + array(0 => 'Unassigned', 2 => 'unittest'), + $pp->getUsersList(1) + ); + + // We allow the admin user + $this->assertTrue($pp->allowUser(1, 1)); + + $this->assertEquals( + array(0 => 'Unassigned', 1 => 'admin', 2 => 'unittest'), + $pp->getUsersList(1) + ); + + // We revoke only the regular user + $this->assertTrue($pp->revokeUser(1, 2)); + + $this->assertEquals( + array(0 => 'Unassigned', 1 => 'admin'), + $pp->getUsersList(1) + ); + + // We revoke only the admin user, we should have everybody + $this->assertTrue($pp->revokeUser(1, 1)); + + $this->assertEquals( + array(0 => 'Unassigned', 1 => 'admin', 2 => 'unittest'), + $pp->getUsersList(1) + ); + } +} diff --git a/tests/units/ProjectTest.php b/tests/units/ProjectTest.php index dc71d5ae..be4267ca 100644 --- a/tests/units/ProjectTest.php +++ b/tests/units/ProjectTest.php @@ -136,146 +136,4 @@ class ProjectTest extends Base $this->assertFalse($p->disablePublicAccess(123)); } - - public function testAllowEverybody() - { - // We create a regular user - $user = new User($this->registry); - $user->create(array('username' => 'unittest', 'password' => 'unittest')); - - $p = new Project($this->registry); - $this->assertEmpty($p->getAllowedUsers(1)); // Nobody is specified for the given project - $this->assertTrue($p->isUserAllowed(1, 1)); // Everybody should be allowed - $this->assertTrue($p->isUserAllowed(1, 2)); // Everybody should be allowed - } - - public function testAllowUser() - { - $p = new Project($this->registry); - $user = new User($this->registry); - $user->create(array('username' => 'unittest', 'password' => 'unittest')); - - // We create a project - $this->assertEquals(1, $p->create(array('name' => 'UnitTest'))); - - // We allow the admin user - $this->assertTrue($p->allowUser(1, 1)); - - // Non-existant project - $this->assertFalse($p->allowUser(50, 1)); - - // Non-existant user - $this->assertFalse($p->allowUser(1, 50)); - - // Our admin user should be allowed - $this->assertEquals(array('1' => 'admin'), $p->getAllowedUsers(1)); - $this->assertTrue($p->isUserAllowed(1, 1)); - - // Our regular user should be forbidden - $this->assertFalse($p->isUserAllowed(1, 2)); - } - - public function testRevokeUser() - { - $p = new Project($this->registry); - - $user = new User($this->registry); - $user->create(array('username' => 'unittest', 'password' => 'unittest')); - - // We create a project - $this->assertEquals(1, $p->create(array('name' => 'UnitTest'))); - - // We revoke our admin user (not existing row) - $this->assertFalse($p->revokeUser(1, 1)); - - // We should have nobody in the users list - $this->assertEmpty($p->getAllowedUsers(1)); - - // Our admin user and our regular user should be allowed - $this->assertTrue($p->isUserAllowed(1, 1)); - $this->assertTrue($p->isUserAllowed(1, 2)); - - // We allow only the regular user - $this->assertTrue($p->allowUser(1, 2)); - - // All users should be allowed (admin and regular) - $this->assertTrue($p->isUserAllowed(1, 1)); - $this->assertTrue($p->isUserAllowed(1, 2)); - - // However, we should have only our regular user in the list - $this->assertEquals(array('2' => 'unittest'), $p->getAllowedUsers(1)); - - // We allow our admin, we should have both in the list - $this->assertTrue($p->allowUser(1, 1)); - $this->assertEquals(array('1' => 'admin', '2' => 'unittest'), $p->getAllowedUsers(1)); - $this->assertTrue($p->isUserAllowed(1, 1)); - $this->assertTrue($p->isUserAllowed(1, 2)); - - // We revoke the regular user - $this->assertTrue($p->revokeUser(1, 2)); - - // Only admin should be allowed - $this->assertTrue($p->isUserAllowed(1, 1)); - $this->assertFalse($p->isUserAllowed(1, 2)); - - // We should have only admin in the list - $this->assertEquals(array('1' => 'admin'), $p->getAllowedUsers(1)); - - // We revoke the admin user - $this->assertTrue($p->revokeUser(1, 1)); - $this->assertEmpty($p->getAllowedUsers(1)); - - // Everybody should be allowed again - $this->assertTrue($p->isUserAllowed(1, 1)); - $this->assertTrue($p->isUserAllowed(1, 2)); - } - - public function testUsersList() - { - $p = new Project($this->registry); - - $user = new User($this->registry); - $user->create(array('username' => 'unittest', 'password' => 'unittest')); - - // We create project - $this->assertEquals(1, $p->create(array('name' => 'UnitTest'))); - - // No restriction, we should have everybody - $this->assertEquals( - array('Unassigned', 'admin', 'unittest'), - $p->getUsersList(1) - ); - - // We allow only the regular user - $this->assertTrue($p->allowUser(1, 2)); - - $this->assertEquals( - array(0 => 'Unassigned', 2 => 'unittest'), - $p->getUsersList(1) - ); - - // We allow the admin user - $this->assertTrue($p->allowUser(1, 1)); - - $this->assertEquals( - array(0 => 'Unassigned', 1 => 'admin', 2 => 'unittest'), - $p->getUsersList(1) - ); - - // We revoke only the regular user - $this->assertTrue($p->revokeUser(1, 2)); - - $this->assertEquals( - array(0 => 'Unassigned', 1 => 'admin'), - $p->getUsersList(1) - ); - - // We revoke only the admin user, we should have everybody - $this->assertTrue($p->revokeUser(1, 1)); - - $this->assertEquals( - array(0 => 'Unassigned', 1 => 'admin', 2 => 'unittest'), - $p->getUsersList(1) - ); - } } diff --git a/tests/units/TaskTest.php b/tests/units/TaskTest.php index b5ba6c18..dee3accd 100644 --- a/tests/units/TaskTest.php +++ b/tests/units/TaskTest.php @@ -4,6 +4,7 @@ require_once __DIR__.'/Base.php'; use Model\Task; use Model\Project; +use Model\ProjectPermission; use Model\Category; use Model\User; @@ -536,6 +537,7 @@ class TaskTest extends Base { $t = new Task($this->registry); $p = new Project($this->registry); + $pp = new ProjectPermission($this->registry); $user = new User($this->registry); // We create a regular user @@ -566,7 +568,7 @@ class TaskTest extends Base $this->assertEquals('test', $task['title']); // We allow only one user on the second project - $this->assertTrue($p->allowUser(2, 2)); + $this->assertTrue($pp->allowUser(2, 2)); // The owner should be reseted $task = $t->getById(2); |