summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorFrédéric Guillot <fred@kanboard.net>2014-09-20 12:52:48 +0200
committerFrédéric Guillot <fred@kanboard.net>2014-09-20 12:52:48 +0200
commit00cdc609d113fedf977da1d55136dc4d699fb308 (patch)
tree3e54049861fb2698cd4501bae829c62093d4c982
parent5f96af82f26967f4614b89322a82a59cb48bd2a3 (diff)
Extract project permissions to a separate class
-rw-r--r--app/Controller/Action.php4
-rw-r--r--app/Controller/Base.php3
-rw-r--r--app/Controller/Board.php16
-rw-r--r--app/Controller/Project.php10
-rw-r--r--app/Controller/Subtask.php8
-rw-r--r--app/Controller/Task.php10
-rw-r--r--app/Controller/User.php6
-rw-r--r--app/Model/Base.php1
-rw-r--r--app/Model/Project.php236
-rw-r--r--app/Model/ProjectPermission.php247
-rw-r--r--app/Model/Task.php4
-rw-r--r--jsonrpc.php14
-rw-r--r--tests/units/ProjectPermissionTest.php160
-rw-r--r--tests/units/ProjectTest.php142
-rw-r--r--tests/units/TaskTest.php4
15 files changed, 452 insertions, 413 deletions
diff --git a/app/Controller/Action.php b/app/Controller/Action.php
index 0bf8ff0c..64d77aab 100644
--- a/app/Controller/Action.php
+++ b/app/Controller/Action.php
@@ -27,7 +27,7 @@ class Action extends Base
'available_events' => $this->action->getAvailableEvents(),
'available_params' => $this->action->getAllActionParameters(),
'columns_list' => $this->board->getColumnsList($project['id']),
- 'users_list' => $this->project->getUsersList($project['id']),
+ 'users_list' => $this->projectPermission->getUsersList($project['id']),
'projects_list' => $this->project->getList(false),
'colors_list' => $this->color->getList(),
'categories_list' => $this->category->getList($project['id']),
@@ -51,7 +51,7 @@ class Action extends Base
'values' => $values,
'action_params' => $action->getActionRequiredParameters(),
'columns_list' => $this->board->getColumnsList($project['id']),
- 'users_list' => $this->project->getUsersList($project['id']),
+ 'users_list' => $this->projectPermission->getUsersList($project['id']),
'projects_list' => $this->project->getList(false),
'colors_list' => $this->color->getList(),
'categories_list' => $this->category->getList($project['id']),
diff --git a/app/Controller/Base.php b/app/Controller/Base.php
index 383b22d1..cc180158 100644
--- a/app/Controller/Base.php
+++ b/app/Controller/Base.php
@@ -26,6 +26,7 @@ use Model\LastLogin;
* @property \Model\LastLogin $lastLogin
* @property \Model\Notification $notification
* @property \Model\Project $project
+ * @property \Model\ProjectPermission $projectPermission
* @property \Model\SubTask $subTask
* @property \Model\Task $task
* @property \Model\TaskHistory $taskHistory
@@ -211,7 +212,7 @@ abstract class Base
{
if ($this->acl->isRegularUser()) {
- if ($project_id > 0 && ! $this->project->isUserAllowed($project_id, $this->acl->getUserId())) {
+ if ($project_id > 0 && ! $this->projectPermission->isUserAllowed($project_id, $this->acl->getUserId())) {
$this->forbidden();
}
}
diff --git a/app/Controller/Board.php b/app/Controller/Board.php
index e002ce3b..b56adca0 100644
--- a/app/Controller/Board.php
+++ b/app/Controller/Board.php
@@ -55,11 +55,11 @@ class Board extends Base
{
$task = $this->getTask();
$project = $this->project->getById($task['project_id']);
- $projects = $this->project->getAvailableList($this->acl->getUserId());
+ $projects = $this->projectPermission->getAllowedProjects($this->acl->getUserId());
$params = array(
'errors' => array(),
'values' => $task,
- 'users_list' => $this->project->getUsersList($project['id']),
+ 'users_list' => $this->projectPermission->getUsersList($project['id']),
'projects' => $projects,
'current_project_id' => $project['id'],
'current_project_name' => $project['name'],
@@ -109,7 +109,7 @@ class Board extends Base
{
$task = $this->getTask();
$project = $this->project->getById($task['project_id']);
- $projects = $this->project->getAvailableList($this->acl->getUserId());
+ $projects = $this->projectPermission->getAllowedProjects($this->acl->getUserId());
$params = array(
'errors' => array(),
'values' => $task,
@@ -194,7 +194,7 @@ class Board extends Base
$project_id = $last_seen_project_id ?: $favorite_project_id;
if (! $project_id) {
- $projects = $this->project->getAvailableList($this->acl->getUserId());
+ $projects = $this->projectPermission->getAllowedProjects($this->acl->getUserId());
if (empty($projects)) {
@@ -220,7 +220,7 @@ class Board extends Base
public function show($project_id = 0)
{
$project = $this->getProject($project_id);
- $projects = $this->project->getAvailableList($this->acl->getUserId());
+ $projects = $this->projectPermission->getAllowedProjects($this->acl->getUserId());
$board_selector = $projects;
unset($board_selector[$project['id']]);
@@ -228,7 +228,7 @@ class Board extends Base
$this->user->storeLastSeenProjectId($project['id']);
$this->response->html($this->template->layout('board_index', array(
- 'users' => $this->project->getUsersList($project['id'], true, true),
+ 'users' => $this->projectPermission->getUsersList($project['id'], true, true),
'filters' => array('user_id' => UserModel::EVERYBODY_ID),
'projects' => $projects,
'current_project_id' => $project['id'],
@@ -394,7 +394,7 @@ class Board extends Base
if ($project_id > 0 && $this->request->isAjax()) {
- if (! $this->project->isUserAllowed($project_id, $this->acl->getUserId())) {
+ if (! $this->projectPermission->isUserAllowed($project_id, $this->acl->getUserId())) {
$this->response->status(401);
}
@@ -433,7 +433,7 @@ class Board extends Base
$project_id = $this->request->getIntegerParam('project_id');
$timestamp = $this->request->getIntegerParam('timestamp');
- if ($project_id > 0 && ! $this->project->isUserAllowed($project_id, $this->acl->getUserId())) {
+ if ($project_id > 0 && ! $this->projectPermission->isUserAllowed($project_id, $this->acl->getUserId())) {
$this->response->text('Not Authorized', 401);
}
diff --git a/app/Controller/Project.php b/app/Controller/Project.php
index 2459f094..7b174ef4 100644
--- a/app/Controller/Project.php
+++ b/app/Controller/Project.php
@@ -206,7 +206,7 @@ class Project extends Base
$this->response->html($this->projectLayout('project_users', array(
'project' => $project,
- 'users' => $this->project->getAllUsers($project['id']),
+ 'users' => $this->projectPermission->getAllUsers($project['id']),
'menu' => 'projects',
'title' => t('Edit project access list')
)));
@@ -220,11 +220,11 @@ class Project extends Base
public function allow()
{
$values = $this->request->getValues();
- list($valid,) = $this->project->validateUserAccess($values);
+ list($valid,) = $this->projectPermission->validateModification($values);
if ($valid) {
- if ($this->project->allowUser($values['project_id'], $values['user_id'])) {
+ if ($this->projectPermission->allowUser($values['project_id'], $values['user_id'])) {
$this->session->flash(t('Project updated successfully.'));
}
else {
@@ -249,11 +249,11 @@ class Project extends Base
'user_id' => $this->request->getIntegerParam('user_id'),
);
- list($valid,) = $this->project->validateUserAccess($values);
+ list($valid,) = $this->projectPermission->validateModification($values);
if ($valid) {
- if ($this->project->revokeUser($values['project_id'], $values['user_id'])) {
+ if ($this->projectPermission->revokeUser($values['project_id'], $values['user_id'])) {
$this->session->flash(t('Project updated successfully.'));
}
else {
diff --git a/app/Controller/Subtask.php b/app/Controller/Subtask.php
index ec2e6948..a103f999 100644
--- a/app/Controller/Subtask.php
+++ b/app/Controller/Subtask.php
@@ -41,7 +41,7 @@ class Subtask extends Base
'task_id' => $task['id'],
),
'errors' => array(),
- 'users_list' => $this->project->getUsersList($task['project_id']),
+ 'users_list' => $this->projectPermission->getUsersList($task['project_id']),
'task' => $task,
'menu' => 'tasks',
'title' => t('Add a sub-task')
@@ -79,7 +79,7 @@ class Subtask extends Base
$this->response->html($this->taskLayout('subtask_create', array(
'values' => $values,
'errors' => $errors,
- 'users_list' => $this->project->getUsersList($task['project_id']),
+ 'users_list' => $this->projectPermission->getUsersList($task['project_id']),
'task' => $task,
'menu' => 'tasks',
'title' => t('Add a sub-task')
@@ -99,7 +99,7 @@ class Subtask extends Base
$this->response->html($this->taskLayout('subtask_edit', array(
'values' => $subtask,
'errors' => array(),
- 'users_list' => $this->project->getUsersList($task['project_id']),
+ 'users_list' => $this->projectPermission->getUsersList($task['project_id']),
'status_list' => $this->subTask->getStatusList(),
'subtask' => $subtask,
'task' => $task,
@@ -136,7 +136,7 @@ class Subtask extends Base
$this->response->html($this->taskLayout('subtask_edit', array(
'values' => $values,
'errors' => $errors,
- 'users_list' => $this->project->getUsersList($task['project_id']),
+ 'users_list' => $this->projectPermission->getUsersList($task['project_id']),
'status_list' => $this->subTask->getStatusList(),
'subtask' => $subtask,
'task' => $task,
diff --git a/app/Controller/Task.php b/app/Controller/Task.php
index d958c248..5de25a0e 100644
--- a/app/Controller/Task.php
+++ b/app/Controller/Task.php
@@ -123,7 +123,7 @@ class Task extends Base
),
'projects_list' => $this->project->getListByStatus(ProjectModel::ACTIVE),
'columns_list' => $this->board->getColumnsList($project_id),
- 'users_list' => $this->project->getUsersList($project_id),
+ 'users_list' => $this->projectPermission->getUsersList($project_id),
'colors_list' => $this->color->getList(),
'categories_list' => $this->category->getList($project_id),
'menu' => 'tasks',
@@ -169,7 +169,7 @@ class Task extends Base
'values' => $values,
'projects_list' => $this->project->getListByStatus(ProjectModel::ACTIVE),
'columns_list' => $this->board->getColumnsList($values['project_id']),
- 'users_list' => $this->project->getUsersList($values['project_id']),
+ 'users_list' => $this->projectPermission->getUsersList($values['project_id']),
'colors_list' => $this->color->getList(),
'categories_list' => $this->category->getList($values['project_id']),
'menu' => 'tasks',
@@ -199,7 +199,7 @@ class Task extends Base
'values' => $task,
'errors' => array(),
'task' => $task,
- 'users_list' => $this->project->getUsersList($task['project_id']),
+ 'users_list' => $this->projectPermission->getUsersList($task['project_id']),
'colors_list' => $this->color->getList(),
'categories_list' => $this->category->getList($task['project_id']),
'ajax' => $this->request->isAjax(),
@@ -248,7 +248,7 @@ class Task extends Base
'errors' => $errors,
'task' => $task,
'columns_list' => $this->board->getColumnsList($values['project_id']),
- 'users_list' => $this->project->getUsersList($values['project_id']),
+ 'users_list' => $this->projectPermission->getUsersList($values['project_id']),
'colors_list' => $this->color->getList(),
'categories_list' => $this->category->getList($values['project_id']),
'menu' => 'tasks',
@@ -458,7 +458,7 @@ class Task extends Base
$task = $this->getTask();
$values = $task;
$errors = array();
- $projects_list = $this->project->getAvailableList($this->acl->getUserId());
+ $projects_list = $this->projectPermission->getAllowedProjects($this->acl->getUserId());
unset($projects_list[$task['project_id']]);
diff --git a/app/Controller/User.php b/app/Controller/User.php
index 72ef521c..504f4aed 100644
--- a/app/Controller/User.php
+++ b/app/Controller/User.php
@@ -189,7 +189,7 @@ class User extends Base
{
$user = $this->getUser();
$this->response->html($this->layout('user_show', array(
- 'projects' => $this->project->getAvailableList($user['id']),
+ 'projects' => $this->projectPermission->getAllowedProjects($user['id']),
'user' => $user,
)));
}
@@ -252,7 +252,7 @@ class User extends Base
}
$this->response->html($this->layout('user_notifications', array(
- 'projects' => $this->project->getAvailableList($user['id']),
+ 'projects' => $this->projectPermission->getAllowedProjects($user['id']),
'notifications' => $this->notification->readSettings($user['id']),
'user' => $user,
)));
@@ -353,7 +353,7 @@ class User extends Base
$this->response->html($this->layout('user_edit', array(
'values' => $values,
'errors' => $errors,
- 'projects' => $this->project->filterListByAccess($this->project->getList(), $user['id']),
+ 'projects' => $this->projectPermission->getAllowedProjects($user['id']),
'user' => $user,
)));
}
diff --git a/app/Model/Base.php b/app/Model/Base.php
index 530ef6c2..e3f194b5 100644
--- a/app/Model/Base.php
+++ b/app/Model/Base.php
@@ -26,6 +26,7 @@ use PicoDb\Database;
* @property \Model\LastLogin $lastLogin
* @property \Model\Notification $notification
* @property \Model\Project $project
+ * @property \Model\ProjectPermission $projectPermission
* @property \Model\SubTask $subTask
* @property \Model\Task $task
* @property \Model\TaskExport $taskExport
diff --git a/app/Model/Project.php b/app/Model/Project.php
index 3edd82c5..1eabe239 100644
--- a/app/Model/Project.php
+++ b/app/Model/Project.php
@@ -23,13 +23,6 @@ class Project extends Base
const TABLE = 'projects';
/**
- * SQL table name for users
- *
- * @var string
- */
- const TABLE_USERS = 'project_has_users';
-
- /**
* Value for active project
*
* @var integer
@@ -44,157 +37,6 @@ class Project extends Base
const INACTIVE = 0;
/**
- * Get a list of people that can be assigned for tasks
- *
- * @access public
- * @param integer $project_id Project id
- * @param bool $prepend_unassigned Prepend the 'Unassigned' value
- * @param bool $prepend_everybody Prepend the 'Everbody' value
- * @return array
- */
- public function getUsersList($project_id, $prepend_unassigned = true, $prepend_everybody = false)
- {
- $allowed_users = $this->getAllowedUsers($project_id);
-
- if (empty($allowed_users)) {
- $allowed_users = $this->user->getList();
- }
-
- if ($prepend_unassigned) {
- $allowed_users = array(t('Unassigned')) + $allowed_users;
- }
-
- if ($prepend_everybody) {
- $allowed_users = array(User::EVERYBODY_ID => t('Everybody')) + $allowed_users;
- }
-
- return $allowed_users;
- }
-
- /**
- * Get a list of allowed people for a project
- *
- * @access public
- * @param integer $project_id Project id
- * @return array
- */
- public function getAllowedUsers($project_id)
- {
- $users = $this->db
- ->table(self::TABLE_USERS)
- ->join(User::TABLE, 'id', 'user_id')
- ->eq('project_id', $project_id)
- ->asc('username')
- ->columns(User::TABLE.'.id', User::TABLE.'.username', User::TABLE.'.name')
- ->findAll();
-
- $result = array();
-
- foreach ($users as $user) {
- $result[$user['id']] = $user['name'] ?: $user['username'];
- }
-
- asort($result);
-
- return $result;
- }
-
- /**
- * Get allowed and not allowed users for a project
- *
- * @access public
- * @param integer $project_id Project id
- * @return array
- */
- public function getAllUsers($project_id)
- {
- $users = array(
- 'allowed' => array(),
- 'not_allowed' => array(),
- );
-
- $all_users = $this->user->getList();
-
- $users['allowed'] = $this->getAllowedUsers($project_id);
-
- foreach ($all_users as $user_id => $username) {
-
- if (! isset($users['allowed'][$user_id])) {
- $users['not_allowed'][$user_id] = $username;
- }
- }
-
- return $users;
- }
-
- /**
- * Allow a specific user for a given project
- *
- * @access public
- * @param integer $project_id Project id
- * @param integer $user_id User id
- * @return bool
- */
- public function allowUser($project_id, $user_id)
- {
- return $this->db
- ->table(self::TABLE_USERS)
- ->save(array('project_id' => $project_id, 'user_id' => $user_id));
- }
-
- /**
- * Revoke a specific user for a given project
- *
- * @access public
- * @param integer $project_id Project id
- * @param integer $user_id User id
- * @return bool
- */
- public function revokeUser($project_id, $user_id)
- {
- return $this->db
- ->table(self::TABLE_USERS)
- ->eq('project_id', $project_id)
- ->eq('user_id', $user_id)
- ->remove();
- }
-
- /**
- * Check if a specific user is allowed to access to a given project
- *
- * @access public
- * @param integer $project_id Project id
- * @param integer $user_id User id
- * @return bool
- */
- public function isUserAllowed($project_id, $user_id)
- {
- // If there is nobody specified, everybody have access to the project
- $nb_users = $this->db
- ->table(self::TABLE_USERS)
- ->eq('project_id', $project_id)
- ->count();
-
- if ($nb_users < 1) return true;
-
- // Check if user has admin rights
- $nb_users = $this->db
- ->table(User::TABLE)
- ->eq('id', $user_id)
- ->eq('is_admin', 1)
- ->count();
-
- if ($nb_users > 0) return true;
-
- // Otherwise, allow only specific users
- return (bool) $this->db
- ->table(self::TABLE_USERS)
- ->eq('project_id', $project_id)
- ->eq('user_id', $user_id)
- ->count();
- }
-
- /**
* Get a project by the id
*
* @access public
@@ -256,7 +98,7 @@ class Project extends Base
foreach ($projects as $key => $project) {
- if (! $this->isUserAllowed($project['id'], $this->acl->getUserId())) {
+ if (! $this->projectPermission->isUserAllowed($project['id'], $this->acl->getUserId())) {
unset($projects[$key]);
}
}
@@ -329,37 +171,6 @@ class Project extends Base
}
/**
- * Filter a list of projects for a given user
- *
- * @access public
- * @param array $projects Project list: ['project_id' => 'project_name']
- * @param integer $user_id User id
- * @return array
- */
- public function filterListByAccess(array $projects, $user_id)
- {
- foreach ($projects as $project_id => $project_name) {
- if (! $this->isUserAllowed($project_id, $user_id)) {
- unset($projects[$project_id]);
- }
- }
-
- return $projects;
- }
-
- /**
- * Return a list of projects for a given user
- *
- * @access public
- * @param integer $user_id User id
- * @return array
- */
- public function getAvailableList($user_id)
- {
- return $this->filterListByAccess($this->getListByStatus(self::ACTIVE), $user_id);
- }
-
- /**
* Gather some task metrics for a given project
*
* @access public
@@ -410,27 +221,6 @@ class Project extends Base
}
/**
- * Copy user access from a project to another one
- *
- * @author Antonio Rabelo
- * @param integer $project_from Project Template
- * @return integer $project_to Project that receives the copy
- * @return boolean
- */
- public function duplicateUsers($project_from, $project_to)
- {
- $users = $this->getAllowedUsers($project_from);
-
- foreach ($users as $user_id => $name) {
- if (! $this->allowUser($project_to, $user_id)) {
- return false;
- }
- }
-
- return true;
- }
-
- /**
* Clone a project
*
* @author Antonio Rabelo
@@ -461,7 +251,7 @@ class Project extends Base
}
// Clone Allowed Users
- if (! $this->duplicateUsers($project_id, $clone_project_id)) {
+ if (! $this->projectPermission->duplicate($project_id, $clone_project_id)) {
$this->db->cancelTransaction();
return false;
}
@@ -702,28 +492,6 @@ class Project extends Base
}
/**
- * Validate allowed users
- *
- * @access public
- * @param array $values Form values
- * @return array $valid, $errors [0] = Success or not, [1] = List of errors
- */
- public function validateUserAccess(array $values)
- {
- $v = new Validator($values, array(
- new Validators\Required('project_id', t('The project id is required')),
- new Validators\Integer('project_id', t('This value must be an integer')),
- new Validators\Required('user_id', t('The user id is required')),
- new Validators\Integer('user_id', t('This value must be an integer')),
- ));
-
- return array(
- $v->execute(),
- $v->getErrors()
- );
- }
-
- /**
* Attach events
*
* @access public
diff --git a/app/Model/ProjectPermission.php b/app/Model/ProjectPermission.php
new file mode 100644
index 00000000..51c11735
--- /dev/null
+++ b/app/Model/ProjectPermission.php
@@ -0,0 +1,247 @@
+<?php
+
+namespace Model;
+
+use SimpleValidator\Validator;
+use SimpleValidator\Validators;
+
+/**
+ * Project permission model
+ *
+ * @package model
+ * @author Frederic Guillot
+ */
+class ProjectPermission extends Base
+{
+ /**
+ * SQL table name for permissions
+ *
+ * @var string
+ */
+ const TABLE = 'project_has_users';
+
+ /**
+ * Get a list of people that can be assigned for tasks
+ *
+ * @access public
+ * @param integer $project_id Project id
+ * @param bool $prepend_unassigned Prepend the 'Unassigned' value
+ * @param bool $prepend_everybody Prepend the 'Everbody' value
+ * @return array
+ */
+ public function getUsersList($project_id, $prepend_unassigned = true, $prepend_everybody = false)
+ {
+ $allowed_users = $this->getAllowedUsers($project_id);
+
+ if (empty($allowed_users)) {
+ $allowed_users = $this->user->getList();
+ }
+
+ if ($prepend_unassigned) {
+ $allowed_users = array(t('Unassigned')) + $allowed_users;
+ }
+
+ if ($prepend_everybody) {
+ $allowed_users = array(User::EVERYBODY_ID => t('Everybody')) + $allowed_users;
+ }
+
+ return $allowed_users;
+ }
+
+ /**
+ * Get a list of allowed people for a project
+ *
+ * @access public
+ * @param integer $project_id Project id
+ * @return array
+ */
+ public function getAllowedUsers($project_id)
+ {
+ $users = $this->db
+ ->table(self::TABLE)
+ ->join(User::TABLE, 'id', 'user_id')
+ ->eq('project_id', $project_id)
+ ->asc('username')
+ ->columns(User::TABLE.'.id', User::TABLE.'.username', User::TABLE.'.name')
+ ->findAll();
+
+ $result = array();
+
+ foreach ($users as $user) {
+ $result[$user['id']] = $user['name'] ?: $user['username'];
+ }
+
+ asort($result);
+
+ return $result;
+ }
+
+ /**
+ * Get allowed and not allowed users for a project
+ *
+ * @access public
+ * @param integer $project_id Project id
+ * @return array
+ */
+ public function getAllUsers($project_id)
+ {
+ $users = array(
+ 'allowed' => array(),
+ 'not_allowed' => array(),
+ );
+
+ $all_users = $this->user->getList();
+
+ $users['allowed'] = $this->getAllowedUsers($project_id);
+
+ foreach ($all_users as $user_id => $username) {
+
+ if (! isset($users['allowed'][$user_id])) {
+ $users['not_allowed'][$user_id] = $username;
+ }
+ }
+
+ return $users;
+ }
+
+ /**
+ * Allow a specific user for a given project
+ *
+ * @access public
+ * @param integer $project_id Project id
+ * @param integer $user_id User id
+ * @return bool
+ */
+ public function allowUser($project_id, $user_id)
+ {
+ return $this->db
+ ->table(self::TABLE)
+ ->save(array('project_id' => $project_id, 'user_id' => $user_id));
+ }
+
+ /**
+ * Revoke a specific user for a given project
+ *
+ * @access public
+ * @param integer $project_id Project id
+ * @param integer $user_id User id
+ * @return bool
+ */
+ public function revokeUser($project_id, $user_id)
+ {
+ return $this->db
+ ->table(self::TABLE)
+ ->eq('project_id', $project_id)
+ ->eq('user_id', $user_id)
+ ->remove();
+ }
+
+ /**
+ * Check if a specific user is allowed to access to a given project
+ *
+ * @access public
+ * @param integer $project_id Project id
+ * @param integer $user_id User id
+ * @return bool
+ */
+ public function isUserAllowed($project_id, $user_id)
+ {
+ // If there is nobody specified, everybody have access to the project
+ $nb_users = $this->db
+ ->table(self::TABLE)
+ ->eq('project_id', $project_id)
+ ->count();
+
+ if ($nb_users < 1) return true;
+
+ // Check if user has admin rights
+ $nb_users = $this->db
+ ->table(User::TABLE)
+ ->eq('id', $user_id)
+ ->eq('is_admin', 1)
+ ->count();
+
+ if ($nb_users > 0) return true;
+
+ // Otherwise, allow only specific users
+ return (bool) $this->db
+ ->table(self::TABLE)
+ ->eq('project_id', $project_id)
+ ->eq('user_id', $user_id)
+ ->count();
+ }
+
+ /**
+ * Filter a list of projects for a given user
+ *
+ * @access public
+ * @param array $projects Project list: ['project_id' => 'project_name']
+ * @param integer $user_id User id
+ * @return array
+ */
+ public function filterProjects(array $projects, $user_id)
+ {
+ foreach ($projects as $project_id => $project_name) {
+ if (! $this->isUserAllowed($project_id, $user_id)) {
+ unset($projects[$project_id]);
+ }
+ }
+
+ return $projects;
+ }
+
+ /**
+ * Return a list of projects for a given user
+ *
+ * @access public
+ * @param integer $user_id User id
+ * @return array
+ */
+ public function getAllowedProjects($user_id)
+ {
+ return $this->filterProjects($this->project->getListByStatus(Project::ACTIVE), $user_id);
+ }
+
+ /**
+ * Copy user access from a project to another one
+ *
+ * @author Antonio Rabelo
+ * @param integer $project_from Project Template
+ * @return integer $project_to Project that receives the copy
+ * @return boolean
+ */
+ public function duplicate($project_from, $project_to)
+ {
+ $users = $this->getAllowedUsers($project_from);
+
+ foreach ($users as $user_id => $name) {
+ if (! $this->allowUser($project_to, $user_id)) {
+ return false;
+ }
+ }
+
+ return true;
+ }
+
+ /**
+ * Validate allowed users
+ *
+ * @access public
+ * @param array $values Form values
+ * @return array $valid, $errors [0] = Success or not, [1] = List of errors
+ */
+ public function validateModification(array $values)
+ {
+ $v = new Validator($values, array(
+ new Validators\Required('project_id', t('The project id is required')),
+ new Validators\Integer('project_id', t('This value must be an integer')),
+ new Validators\Required('user_id', t('The user id is required')),
+ new Validators\Integer('user_id', t('This value must be an integer')),
+ ));
+
+ return array(
+ $v->execute(),
+ $v->getErrors()
+ );
+ }
+}
diff --git a/app/Model/Task.php b/app/Model/Task.php
index eacf0b5b..8f544ac9 100644
--- a/app/Model/Task.php
+++ b/app/Model/Task.php
@@ -279,7 +279,7 @@ class Task extends Base
$values['category_id'] = 0;
// Check if the assigned user is allowed for the new project
- if ($task['owner_id'] && $this->project->isUserAllowed($values['project_id'], $task['owner_id'])) {
+ if ($task['owner_id'] && $this->projectPermission->isUserAllowed($values['project_id'], $task['owner_id'])) {
$values['owner_id'] = $task['owner_id'];
}
@@ -673,7 +673,7 @@ class Task extends Base
$values['owner_id'] = 0;
// Check if the assigned user is allowed for the new project
- if ($task['owner_id'] && $this->project->isUserAllowed($project_id, $task['owner_id'])) {
+ if ($task['owner_id'] && $this->projectPermission->isUserAllowed($project_id, $task['owner_id'])) {
$values['owner_id'] = $task['owner_id'];
}
diff --git a/jsonrpc.php b/jsonrpc.php
index a9c44747..2fbfb5a6 100644
--- a/jsonrpc.php
+++ b/jsonrpc.php
@@ -5,6 +5,7 @@ require __DIR__.'/app/common.php';
use Core\Translator;
use JsonRPC\Server;
use Model\Project;
+use Model\projectPermission;
use Model\Task;
use Model\TaskValidator;
use Model\User;
@@ -19,6 +20,7 @@ use Model\Notification;
$config = new Config($registry);
$project = new Project($registry);
+$projectPermission = new ProjectPermission($registry);
$task = new Task($registry);
$taskValidator = new TaskValidator($registry);
$user = new User($registry);
@@ -144,16 +146,16 @@ $server->register('removeColumn', function($column_id) use ($board) {
/**
* Project permissions procedures
*/
-$server->register('getAllowedUsers', function($project_id) use ($project) {
- return $project->getUsersList($project_id, false, false);
+$server->register('getAllowedUsers', function($project_id) use ($projectPermission) {
+ return $projectPermission->getUsersList($project_id, false, false);
});
-$server->register('revokeUser', function($project_id, $user_id) use ($project) {
- return $project->revokeUser($project_id, $user_id);
+$server->register('revokeUser', function($project_id, $user_id) use ($project, $projectPermission) {
+ return $projectPermission->revokeUser($project_id, $user_id);
});
-$server->register('allowUser', function($project_id, $user_id) use ($project) {
- return $project->allowUser($project_id, $user_id);
+$server->register('allowUser', function($project_id, $user_id) use ($project, $projectPermission) {
+ return $projectPermission->allowUser($project_id, $user_id);
});
diff --git a/tests/units/ProjectPermissionTest.php b/tests/units/ProjectPermissionTest.php
new file mode 100644
index 00000000..309fa63b
--- /dev/null
+++ b/tests/units/ProjectPermissionTest.php
@@ -0,0 +1,160 @@
+<?php
+
+require_once __DIR__.'/Base.php';
+
+use Model\Project;
+use Model\ProjectPermission;
+use Model\User;
+
+class ProjectPermissionTest extends Base
+{
+ public function testAllowEverybody()
+ {
+ // We create a regular user
+ $user = new User($this->registry);
+ $user->create(array('username' => 'unittest', 'password' => 'unittest'));
+
+ $p = new Project($this->registry);
+ $pp = new ProjectPermission($this->registry);
+
+ $this->assertEquals(1, $p->create(array('name' => 'UnitTest')));
+
+ $this->assertEmpty($pp->getAllowedUsers(1)); // Nobody is specified for the given project
+ $this->assertTrue($pp->isUserAllowed(1, 1)); // Everybody should be allowed
+ $this->assertTrue($pp->isUserAllowed(1, 2)); // Everybody should be allowed
+ }
+
+ public function testAllowUser()
+ {
+ $p = new Project($this->registry);
+ $pp = new ProjectPermission($this->registry);
+ $user = new User($this->registry);
+
+ $user->create(array('username' => 'unittest', 'password' => 'unittest'));
+
+ // We create a project
+ $this->assertEquals(1, $p->create(array('name' => 'UnitTest')));
+
+ // We allow the admin user
+ $this->assertTrue($pp->allowUser(1, 1));
+
+ // Non-existant project
+ $this->assertFalse($pp->allowUser(50, 1));
+
+ // Non-existant user
+ $this->assertFalse($pp->allowUser(1, 50));
+
+ // Our admin user should be allowed
+ $this->assertEquals(array('1' => 'admin'), $pp->getAllowedUsers(1));
+ $this->assertTrue($pp->isUserAllowed(1, 1));
+
+ // Our regular user should be forbidden
+ $this->assertFalse($pp->isUserAllowed(1, 2));
+ }
+
+ public function testRevokeUser()
+ {
+ $p = new Project($this->registry);
+ $pp = new ProjectPermission($this->registry);
+ $user = new User($this->registry);
+
+ $user->create(array('username' => 'unittest', 'password' => 'unittest'));
+
+ // We create a project
+ $this->assertEquals(1, $p->create(array('name' => 'UnitTest')));
+
+ // We revoke our admin user (not existing row)
+ $this->assertFalse($pp->revokeUser(1, 1));
+
+ // We should have nobody in the users list
+ $this->assertEmpty($pp->getAllowedUsers(1));
+
+ // Our admin user and our regular user should be allowed
+ $this->assertTrue($pp->isUserAllowed(1, 1));
+ $this->assertTrue($pp->isUserAllowed(1, 2));
+
+ // We allow only the regular user
+ $this->assertTrue($pp->allowUser(1, 2));
+
+ // All users should be allowed (admin and regular)
+ $this->assertTrue($pp->isUserAllowed(1, 1));
+ $this->assertTrue($pp->isUserAllowed(1, 2));
+
+ // However, we should have only our regular user in the list
+ $this->assertEquals(array('2' => 'unittest'), $pp->getAllowedUsers(1));
+
+ // We allow our admin, we should have both in the list
+ $this->assertTrue($pp->allowUser(1, 1));
+ $this->assertEquals(array('1' => 'admin', '2' => 'unittest'), $pp->getAllowedUsers(1));
+ $this->assertTrue($pp->isUserAllowed(1, 1));
+ $this->assertTrue($pp->isUserAllowed(1, 2));
+
+ // We revoke the regular user
+ $this->assertTrue($pp->revokeUser(1, 2));
+
+ // Only admin should be allowed
+ $this->assertTrue($pp->isUserAllowed(1, 1));
+ $this->assertFalse($pp->isUserAllowed(1, 2));
+
+ // We should have only admin in the list
+ $this->assertEquals(array('1' => 'admin'), $pp->getAllowedUsers(1));
+
+ // We revoke the admin user
+ $this->assertTrue($pp->revokeUser(1, 1));
+ $this->assertEmpty($pp->getAllowedUsers(1));
+
+ // Everybody should be allowed again
+ $this->assertTrue($pp->isUserAllowed(1, 1));
+ $this->assertTrue($pp->isUserAllowed(1, 2));
+ }
+
+ public function testUsersList()
+ {
+ $p = new Project($this->registry);
+ $pp = new ProjectPermission($this->registry);
+
+ $user = new User($this->registry);
+ $user->create(array('username' => 'unittest', 'password' => 'unittest'));
+
+ // We create project
+ $this->assertEquals(1, $p->create(array('name' => 'UnitTest')));
+
+ // No restriction, we should have everybody
+ $this->assertEquals(
+ array('Unassigned', 'admin', 'unittest'),
+ $pp->getUsersList(1)
+ );
+
+ // We allow only the regular user
+ $this->assertTrue($pp->allowUser(1, 2));
+
+ $this->assertEquals(
+ array(0 => 'Unassigned', 2 => 'unittest'),
+ $pp->getUsersList(1)
+ );
+
+ // We allow the admin user
+ $this->assertTrue($pp->allowUser(1, 1));
+
+ $this->assertEquals(
+ array(0 => 'Unassigned', 1 => 'admin', 2 => 'unittest'),
+ $pp->getUsersList(1)
+ );
+
+ // We revoke only the regular user
+ $this->assertTrue($pp->revokeUser(1, 2));
+
+ $this->assertEquals(
+ array(0 => 'Unassigned', 1 => 'admin'),
+ $pp->getUsersList(1)
+ );
+
+ // We revoke only the admin user, we should have everybody
+ $this->assertTrue($pp->revokeUser(1, 1));
+
+ $this->assertEquals(
+ array(0 => 'Unassigned', 1 => 'admin', 2 => 'unittest'),
+ $pp->getUsersList(1)
+ );
+ }
+}
diff --git a/tests/units/ProjectTest.php b/tests/units/ProjectTest.php
index dc71d5ae..be4267ca 100644
--- a/tests/units/ProjectTest.php
+++ b/tests/units/ProjectTest.php
@@ -136,146 +136,4 @@ class ProjectTest extends Base
$this->assertFalse($p->disablePublicAccess(123));
}
-
- public function testAllowEverybody()
- {
- // We create a regular user
- $user = new User($this->registry);
- $user->create(array('username' => 'unittest', 'password' => 'unittest'));
-
- $p = new Project($this->registry);
- $this->assertEmpty($p->getAllowedUsers(1)); // Nobody is specified for the given project
- $this->assertTrue($p->isUserAllowed(1, 1)); // Everybody should be allowed
- $this->assertTrue($p->isUserAllowed(1, 2)); // Everybody should be allowed
- }
-
- public function testAllowUser()
- {
- $p = new Project($this->registry);
- $user = new User($this->registry);
- $user->create(array('username' => 'unittest', 'password' => 'unittest'));
-
- // We create a project
- $this->assertEquals(1, $p->create(array('name' => 'UnitTest')));
-
- // We allow the admin user
- $this->assertTrue($p->allowUser(1, 1));
-
- // Non-existant project
- $this->assertFalse($p->allowUser(50, 1));
-
- // Non-existant user
- $this->assertFalse($p->allowUser(1, 50));
-
- // Our admin user should be allowed
- $this->assertEquals(array('1' => 'admin'), $p->getAllowedUsers(1));
- $this->assertTrue($p->isUserAllowed(1, 1));
-
- // Our regular user should be forbidden
- $this->assertFalse($p->isUserAllowed(1, 2));
- }
-
- public function testRevokeUser()
- {
- $p = new Project($this->registry);
-
- $user = new User($this->registry);
- $user->create(array('username' => 'unittest', 'password' => 'unittest'));
-
- // We create a project
- $this->assertEquals(1, $p->create(array('name' => 'UnitTest')));
-
- // We revoke our admin user (not existing row)
- $this->assertFalse($p->revokeUser(1, 1));
-
- // We should have nobody in the users list
- $this->assertEmpty($p->getAllowedUsers(1));
-
- // Our admin user and our regular user should be allowed
- $this->assertTrue($p->isUserAllowed(1, 1));
- $this->assertTrue($p->isUserAllowed(1, 2));
-
- // We allow only the regular user
- $this->assertTrue($p->allowUser(1, 2));
-
- // All users should be allowed (admin and regular)
- $this->assertTrue($p->isUserAllowed(1, 1));
- $this->assertTrue($p->isUserAllowed(1, 2));
-
- // However, we should have only our regular user in the list
- $this->assertEquals(array('2' => 'unittest'), $p->getAllowedUsers(1));
-
- // We allow our admin, we should have both in the list
- $this->assertTrue($p->allowUser(1, 1));
- $this->assertEquals(array('1' => 'admin', '2' => 'unittest'), $p->getAllowedUsers(1));
- $this->assertTrue($p->isUserAllowed(1, 1));
- $this->assertTrue($p->isUserAllowed(1, 2));
-
- // We revoke the regular user
- $this->assertTrue($p->revokeUser(1, 2));
-
- // Only admin should be allowed
- $this->assertTrue($p->isUserAllowed(1, 1));
- $this->assertFalse($p->isUserAllowed(1, 2));
-
- // We should have only admin in the list
- $this->assertEquals(array('1' => 'admin'), $p->getAllowedUsers(1));
-
- // We revoke the admin user
- $this->assertTrue($p->revokeUser(1, 1));
- $this->assertEmpty($p->getAllowedUsers(1));
-
- // Everybody should be allowed again
- $this->assertTrue($p->isUserAllowed(1, 1));
- $this->assertTrue($p->isUserAllowed(1, 2));
- }
-
- public function testUsersList()
- {
- $p = new Project($this->registry);
-
- $user = new User($this->registry);
- $user->create(array('username' => 'unittest', 'password' => 'unittest'));
-
- // We create project
- $this->assertEquals(1, $p->create(array('name' => 'UnitTest')));
-
- // No restriction, we should have everybody
- $this->assertEquals(
- array('Unassigned', 'admin', 'unittest'),
- $p->getUsersList(1)
- );
-
- // We allow only the regular user
- $this->assertTrue($p->allowUser(1, 2));
-
- $this->assertEquals(
- array(0 => 'Unassigned', 2 => 'unittest'),
- $p->getUsersList(1)
- );
-
- // We allow the admin user
- $this->assertTrue($p->allowUser(1, 1));
-
- $this->assertEquals(
- array(0 => 'Unassigned', 1 => 'admin', 2 => 'unittest'),
- $p->getUsersList(1)
- );
-
- // We revoke only the regular user
- $this->assertTrue($p->revokeUser(1, 2));
-
- $this->assertEquals(
- array(0 => 'Unassigned', 1 => 'admin'),
- $p->getUsersList(1)
- );
-
- // We revoke only the admin user, we should have everybody
- $this->assertTrue($p->revokeUser(1, 1));
-
- $this->assertEquals(
- array(0 => 'Unassigned', 1 => 'admin', 2 => 'unittest'),
- $p->getUsersList(1)
- );
- }
}
diff --git a/tests/units/TaskTest.php b/tests/units/TaskTest.php
index b5ba6c18..dee3accd 100644
--- a/tests/units/TaskTest.php
+++ b/tests/units/TaskTest.php
@@ -4,6 +4,7 @@ require_once __DIR__.'/Base.php';
use Model\Task;
use Model\Project;
+use Model\ProjectPermission;
use Model\Category;
use Model\User;
@@ -536,6 +537,7 @@ class TaskTest extends Base
{
$t = new Task($this->registry);
$p = new Project($this->registry);
+ $pp = new ProjectPermission($this->registry);
$user = new User($this->registry);
// We create a regular user
@@ -566,7 +568,7 @@ class TaskTest extends Base
$this->assertEquals('test', $task['title']);
// We allow only one user on the second project
- $this->assertTrue($p->allowUser(2, 2));
+ $this->assertTrue($pp->allowUser(2, 2));
// The owner should be reseted
$task = $t->getById(2);