summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorFrederic Guillot <fred@kanboard.net>2017-04-05 19:16:04 -0400
committerFrederic Guillot <fred@kanboard.net>2017-04-05 19:16:04 -0400
commit66c8351ad4ce843d791a802374f1eb2b395a45e1 (patch)
treed66a460871560b295b5b33bcee4359631a0a2b45
parent947f4bbc07547b13eab97bba72a767646f28dcfe (diff)
Add new project role restriction to block task suppression
-rw-r--r--app/Helper/ProjectRoleHelper.php137
-rw-r--r--app/Model/ProjectRoleRestrictionModel.php2
-rw-r--r--tests/units/Helper/ProjectRoleHelperTest.php55
-rw-r--r--tests/units/Model/ProjectRoleRestrictionModelTest.php2
4 files changed, 132 insertions, 64 deletions
diff --git a/app/Helper/ProjectRoleHelper.php b/app/Helper/ProjectRoleHelper.php
index 6f9cf10c..fd7a690b 100644
--- a/app/Helper/ProjectRoleHelper.php
+++ b/app/Helper/ProjectRoleHelper.php
@@ -19,12 +19,12 @@ class ProjectRoleHelper extends Base
* Get project role for the current user
*
* @access public
- * @param integer $project_id
+ * @param integer $projectId
* @return string
*/
- public function getProjectUserRole($project_id)
+ public function getProjectUserRole($projectId)
{
- return $this->memoryCache->proxy($this->projectUserRoleModel, 'getUserRole', $project_id, $this->userSession->getId());
+ return $this->memoryCache->proxy($this->projectUserRoleModel, 'getUserRole', $projectId, $this->userSession->getId());
}
/**
@@ -45,24 +45,24 @@ class ProjectRoleHelper extends Base
/**
* Return true is the column is sortable
*
- * @param int $project_id
- * @param int $column_id
+ * @param int $projectId
+ * @param int $columnId
* @return bool
*/
- public function isSortableColumn($project_id, $column_id)
+ public function isSortableColumn($projectId, $columnId)
{
- $role = $this->getProjectUserRole($project_id);
+ $role = $this->getProjectUserRole($projectId);
if ($this->role->isCustomProjectRole($role)) {
- $sortableColumns = $this->columnMoveRestrictionCacheDecorator->getSortableColumns($project_id, $role);
+ $sortableColumns = $this->columnMoveRestrictionCacheDecorator->getSortableColumns($projectId, $role);
foreach ($sortableColumns as $column) {
- if ($column['src_column_id'] == $column_id || $column['dst_column_id'] == $column_id) {
+ if ($column['src_column_id'] == $columnId || $column['dst_column_id'] == $columnId) {
return true;
}
}
- return empty($sortableColumns) && $this->isAllowedToMoveTask($project_id, $role);
+ return empty($sortableColumns) && $this->isAllowedToMoveTask($projectId, $role);
}
return true;
@@ -71,33 +71,33 @@ class ProjectRoleHelper extends Base
/**
* Check if the user can move a task
*
- * @param int $project_id
- * @param int $src_column_id
- * @param int $dst_column_id
+ * @param int $projectId
+ * @param int $srcColumnId
+ * @param int $dstColumnId
* @return bool|int
*/
- public function canMoveTask($project_id, $src_column_id, $dst_column_id)
+ public function canMoveTask($projectId, $srcColumnId, $dstColumnId)
{
- $role = $this->getProjectUserRole($project_id);
+ $role = $this->getProjectUserRole($projectId);
if ($this->role->isCustomProjectRole($role)) {
- if ($src_column_id == $dst_column_id) {
+ if ($srcColumnId == $dstColumnId) {
return true;
}
- $sortableColumns = $this->columnMoveRestrictionCacheDecorator->getSortableColumns($project_id, $role);
+ $sortableColumns = $this->columnMoveRestrictionCacheDecorator->getSortableColumns($projectId, $role);
foreach ($sortableColumns as $column) {
- if ($column['src_column_id'] == $src_column_id && $column['dst_column_id'] == $dst_column_id) {
+ if ($column['src_column_id'] == $srcColumnId && $column['dst_column_id'] == $dstColumnId) {
return true;
}
- if ($column['dst_column_id'] == $src_column_id && $column['src_column_id'] == $dst_column_id) {
+ if ($column['dst_column_id'] == $srcColumnId && $column['src_column_id'] == $dstColumnId) {
return true;
}
}
- return empty($sortableColumns) && $this->isAllowedToMoveTask($project_id, $role);
+ return empty($sortableColumns) && $this->isAllowedToMoveTask($projectId, $role);
}
return true;
@@ -106,41 +106,41 @@ class ProjectRoleHelper extends Base
/**
* Return true if the user can create a task for the given column
*
- * @param int $project_id
- * @param int $column_id
+ * @param int $projectId
+ * @param int $columnId
* @return bool
*/
- public function canCreateTaskInColumn($project_id, $column_id)
+ public function canCreateTaskInColumn($projectId, $columnId)
{
- $role = $this->getProjectUserRole($project_id);
+ $role = $this->getProjectUserRole($projectId);
if ($this->role->isCustomProjectRole($role)) {
- if (! $this->isAllowedToCreateTask($project_id, $column_id, $role)) {
+ if (! $this->isAllowedToCreateTask($projectId, $columnId, $role)) {
return false;
}
}
- return $this->helper->user->hasProjectAccess('TaskCreationController', 'show', $project_id);
+ return $this->helper->user->hasProjectAccess('TaskCreationController', 'show', $projectId);
}
/**
* Return true if the user can create a task for the given column
*
- * @param int $project_id
- * @param int $column_id
+ * @param int $projectId
+ * @param int $columnId
* @return bool
*/
- public function canChangeTaskStatusInColumn($project_id, $column_id)
+ public function canChangeTaskStatusInColumn($projectId, $columnId)
{
- $role = $this->getProjectUserRole($project_id);
+ $role = $this->getProjectUserRole($projectId);
if ($this->role->isCustomProjectRole($role)) {
- if (! $this->isAllowedToChangeTaskStatus($project_id, $column_id, $role)) {
+ if (! $this->isAllowedToChangeTaskStatus($projectId, $columnId, $role)) {
return false;
}
}
- return $this->helper->user->hasProjectAccess('TaskStatusController', 'close', $project_id);
+ return $this->helper->user->hasProjectAccess('TaskStatusController', 'close', $projectId);
}
/**
@@ -154,6 +154,12 @@ class ProjectRoleHelper extends Base
*/
public function canRemoveTask(array $task)
{
+ $role = $this->getProjectUserRole($task['project_id']);
+
+ if ($this->hasRestriction($task['project_id'], $role, ProjectRoleRestrictionModel::RULE_TASK_SUPPRESSION)) {
+ return false;
+ }
+
if (isset($task['creator_id']) && $task['creator_id'] == $this->userSession->getId()) {
return true;
}
@@ -170,10 +176,10 @@ class ProjectRoleHelper extends Base
*
* @param string $controller
* @param string $action
- * @param integer $project_id
+ * @param integer $projectId
* @return bool
*/
- public function checkProjectAccess($controller, $action, $project_id)
+ public function checkProjectAccess($controller, $action, $projectId)
{
if (! $this->userSession->isLogged()) {
return false;
@@ -187,7 +193,7 @@ class ProjectRoleHelper extends Base
return false;
}
- $role = $this->getProjectUserRole($project_id);
+ $role = $this->getProjectUserRole($projectId);
if ($this->role->isCustomProjectRole($role)) {
$result = $this->projectAuthorization->isAllowed($controller, $action, Role::PROJECT_MEMBER);
@@ -201,17 +207,17 @@ class ProjectRoleHelper extends Base
/**
* Check authorization for a custom project role to change the task status
*
- * @param int $project_id
- * @param int $column_id
+ * @param int $projectId
+ * @param int $columnId
* @param string $role
* @return bool
*/
- protected function isAllowedToChangeTaskStatus($project_id, $column_id, $role)
+ protected function isAllowedToChangeTaskStatus($projectId, $columnId, $role)
{
- $columnRestrictions = $this->columnRestrictionCacheDecorator->getAllByRole($project_id, $role);
+ $columnRestrictions = $this->columnRestrictionCacheDecorator->getAllByRole($projectId, $role);
foreach ($columnRestrictions as $restriction) {
- if ($restriction['column_id'] == $column_id) {
+ if ($restriction['column_id'] == $columnId) {
if ($restriction['rule'] == ColumnRestrictionModel::RULE_ALLOW_TASK_OPEN_CLOSE) {
return true;
} else if ($restriction['rule'] == ColumnRestrictionModel::RULE_BLOCK_TASK_OPEN_CLOSE) {
@@ -220,31 +226,23 @@ class ProjectRoleHelper extends Base
}
}
- $projectRestrictions = $this->projectRoleRestrictionCacheDecorator->getAllByRole($project_id, $role);
-
- foreach ($projectRestrictions as $restriction) {
- if ($restriction['rule'] == ProjectRoleRestrictionModel::RULE_TASK_OPEN_CLOSE) {
- return false;
- }
- }
-
- return true;
+ return ! $this->hasRestriction($projectId, $role, ProjectRoleRestrictionModel::RULE_TASK_OPEN_CLOSE);
}
/**
* Check authorization for a custom project role to create a task
*
- * @param int $project_id
- * @param int $column_id
+ * @param int $projectId
+ * @param int $columnId
* @param string $role
* @return bool
*/
- protected function isAllowedToCreateTask($project_id, $column_id, $role)
+ protected function isAllowedToCreateTask($projectId, $columnId, $role)
{
- $columnRestrictions = $this->columnRestrictionCacheDecorator->getAllByRole($project_id, $role);
+ $columnRestrictions = $this->columnRestrictionCacheDecorator->getAllByRole($projectId, $role);
foreach ($columnRestrictions as $restriction) {
- if ($restriction['column_id'] == $column_id) {
+ if ($restriction['column_id'] == $columnId) {
if ($restriction['rule'] == ColumnRestrictionModel::RULE_ALLOW_TASK_CREATION) {
return true;
} else if ($restriction['rule'] == ColumnRestrictionModel::RULE_BLOCK_TASK_CREATION) {
@@ -253,10 +251,22 @@ class ProjectRoleHelper extends Base
}
}
- $projectRestrictions = $this->projectRoleRestrictionCacheDecorator->getAllByRole($project_id, $role);
+ return ! $this->hasRestriction($projectId, $role, ProjectRoleRestrictionModel::RULE_TASK_CREATION);
+ }
+
+ /**
+ * Check if the role can move task in the given project
+ *
+ * @param int $projectId
+ * @param string $role
+ * @return bool
+ */
+ protected function isAllowedToMoveTask($projectId, $role)
+ {
+ $projectRestrictions = $this->projectRoleRestrictionCacheDecorator->getAllByRole($projectId, $role);
foreach ($projectRestrictions as $restriction) {
- if ($restriction['rule'] == ProjectRoleRestrictionModel::RULE_TASK_CREATION) {
+ if ($restriction['rule'] == ProjectRoleRestrictionModel::RULE_TASK_MOVE) {
return false;
}
}
@@ -265,22 +275,23 @@ class ProjectRoleHelper extends Base
}
/**
- * Check if the role can move task in the given project
+ * Check if given role has a restriction
*
- * @param int $project_id
+ * @param integer $projectId
* @param string $role
+ * @param string $rule
* @return bool
*/
- protected function isAllowedToMoveTask($project_id, $role)
+ protected function hasRestriction($projectId, $role, $rule)
{
- $projectRestrictions = $this->projectRoleRestrictionCacheDecorator->getAllByRole($project_id, $role);
+ $projectRestrictions = $this->projectRoleRestrictionCacheDecorator->getAllByRole($projectId, $role);
foreach ($projectRestrictions as $restriction) {
- if ($restriction['rule'] == ProjectRoleRestrictionModel::RULE_TASK_MOVE) {
- return false;
+ if ($restriction['rule'] == $rule) {
+ return true;
}
}
- return true;
+ return false;
}
}
diff --git a/app/Model/ProjectRoleRestrictionModel.php b/app/Model/ProjectRoleRestrictionModel.php
index 8ccdcf9c..b8f00c17 100644
--- a/app/Model/ProjectRoleRestrictionModel.php
+++ b/app/Model/ProjectRoleRestrictionModel.php
@@ -15,6 +15,7 @@ class ProjectRoleRestrictionModel extends Base
const TABLE = 'project_role_has_restrictions';
const RULE_TASK_CREATION = 'task_creation';
+ const RULE_TASK_SUPPRESSION = 'task_remove';
const RULE_TASK_OPEN_CLOSE = 'task_open_close';
const RULE_TASK_MOVE = 'task_move';
@@ -27,6 +28,7 @@ class ProjectRoleRestrictionModel extends Base
{
return array(
self::RULE_TASK_CREATION => t('Task creation is not permitted'),
+ self::RULE_TASK_SUPPRESSION => t('Task suppression is not permitted'),
self::RULE_TASK_OPEN_CLOSE => t('Closing or opening a task is not permitted'),
self::RULE_TASK_MOVE => t('Moving a task is not permitted'),
);
diff --git a/tests/units/Helper/ProjectRoleHelperTest.php b/tests/units/Helper/ProjectRoleHelperTest.php
index eb9b320c..6f6c9bde 100644
--- a/tests/units/Helper/ProjectRoleHelperTest.php
+++ b/tests/units/Helper/ProjectRoleHelperTest.php
@@ -106,6 +106,61 @@ class ProjectRoleHelperTest extends Base
$this->assertFalse($projectRoleHelper->canCreateTaskInColumn(1, 2));
}
+ public function testCanRemoveTaskWithCustomProjectRole()
+ {
+ $projectRoleHelper = new ProjectRoleHelper($this->container);
+ $projectModel = new ProjectModel($this->container);
+ $projectUserRole = new ProjectUserRoleModel($this->container);
+ $userModel = new UserModel($this->container);
+ $projectRoleModel = new ProjectRoleModel($this->container);
+ $taskCreationModel = new TaskCreationModel($this->container);
+ $taskFinderModel = new TaskFinderModel($this->container);
+ $projectRoleRestrictionModel = new ProjectRoleRestrictionModel($this->container);
+
+ $this->container['sessionStorage']->user = array(
+ 'id' => 2,
+ 'role' => Role::APP_USER,
+ );
+
+ $this->assertEquals(2, $userModel->create(array('username' => 'user')));
+ $this->assertEquals(1, $projectModel->create(array('name' => 'Test')));
+ $this->assertEquals(1, $taskCreationModel->create(array('project_id' => 1 , 'title' => 'test')));
+
+ $this->assertEquals(1, $projectRoleModel->create(1, 'Custom Role'));
+ $this->assertTrue($projectUserRole->addUser(1, 2, 'Custom Role'));
+
+ $this->assertEquals(1, $projectRoleRestrictionModel->create(1, 1, ProjectRoleRestrictionModel::RULE_TASK_SUPPRESSION));
+
+ $task = $taskFinderModel->getById(1);
+ $this->assertFalse($projectRoleHelper->canRemoveTask($task));
+ }
+
+ public function testCanRemoveTaskWithCustomProjectRoleWithRestriction()
+ {
+ $projectRoleHelper = new ProjectRoleHelper($this->container);
+ $projectModel = new ProjectModel($this->container);
+ $projectUserRole = new ProjectUserRoleModel($this->container);
+ $userModel = new UserModel($this->container);
+ $projectRoleModel = new ProjectRoleModel($this->container);
+ $taskCreationModel = new TaskCreationModel($this->container);
+ $taskFinderModel = new TaskFinderModel($this->container);
+
+ $this->container['sessionStorage']->user = array(
+ 'id' => 2,
+ 'role' => Role::APP_USER,
+ );
+
+ $this->assertEquals(2, $userModel->create(array('username' => 'user')));
+ $this->assertEquals(1, $projectModel->create(array('name' => 'Test')));
+ $this->assertEquals(1, $taskCreationModel->create(array('project_id' => 1 , 'title' => 'test')));
+
+ $this->assertEquals(1, $projectRoleModel->create(1, 'Custom Role'));
+ $this->assertTrue($projectUserRole->addUser(1, 2, 'Custom Role'));
+
+ $task = $taskFinderModel->getById(1);
+ $this->assertTrue($projectRoleHelper->canRemoveTask($task));
+ }
+
public function testCanChangeTaskStatusInColumnWithProjectViewer()
{
$projectRoleHelper = new ProjectRoleHelper($this->container);
diff --git a/tests/units/Model/ProjectRoleRestrictionModelTest.php b/tests/units/Model/ProjectRoleRestrictionModelTest.php
index af0f9bf9..e18d2374 100644
--- a/tests/units/Model/ProjectRoleRestrictionModelTest.php
+++ b/tests/units/Model/ProjectRoleRestrictionModelTest.php
@@ -90,7 +90,7 @@ class ProjectRoleRestrictionModelTest extends Base
$projectRoleRestrictionModel = new ProjectRoleRestrictionModel($this->container);
$rules = $projectRoleRestrictionModel->getRules();
- $this->assertCount(3, $rules);
+ $this->assertCount(4, $rules);
$this->assertArrayHasKey(ProjectRoleRestrictionModel::RULE_TASK_OPEN_CLOSE, $rules);
}
}