diff options
author | Frederic Guillot <fred@kanboard.net> | 2017-04-05 19:16:04 -0400 |
---|---|---|
committer | Frederic Guillot <fred@kanboard.net> | 2017-04-05 19:16:04 -0400 |
commit | 66c8351ad4ce843d791a802374f1eb2b395a45e1 (patch) | |
tree | d66a460871560b295b5b33bcee4359631a0a2b45 | |
parent | 947f4bbc07547b13eab97bba72a767646f28dcfe (diff) |
Add new project role restriction to block task suppression
-rw-r--r-- | app/Helper/ProjectRoleHelper.php | 137 | ||||
-rw-r--r-- | app/Model/ProjectRoleRestrictionModel.php | 2 | ||||
-rw-r--r-- | tests/units/Helper/ProjectRoleHelperTest.php | 55 | ||||
-rw-r--r-- | tests/units/Model/ProjectRoleRestrictionModelTest.php | 2 |
4 files changed, 132 insertions, 64 deletions
diff --git a/app/Helper/ProjectRoleHelper.php b/app/Helper/ProjectRoleHelper.php index 6f9cf10c..fd7a690b 100644 --- a/app/Helper/ProjectRoleHelper.php +++ b/app/Helper/ProjectRoleHelper.php @@ -19,12 +19,12 @@ class ProjectRoleHelper extends Base * Get project role for the current user * * @access public - * @param integer $project_id + * @param integer $projectId * @return string */ - public function getProjectUserRole($project_id) + public function getProjectUserRole($projectId) { - return $this->memoryCache->proxy($this->projectUserRoleModel, 'getUserRole', $project_id, $this->userSession->getId()); + return $this->memoryCache->proxy($this->projectUserRoleModel, 'getUserRole', $projectId, $this->userSession->getId()); } /** @@ -45,24 +45,24 @@ class ProjectRoleHelper extends Base /** * Return true is the column is sortable * - * @param int $project_id - * @param int $column_id + * @param int $projectId + * @param int $columnId * @return bool */ - public function isSortableColumn($project_id, $column_id) + public function isSortableColumn($projectId, $columnId) { - $role = $this->getProjectUserRole($project_id); + $role = $this->getProjectUserRole($projectId); if ($this->role->isCustomProjectRole($role)) { - $sortableColumns = $this->columnMoveRestrictionCacheDecorator->getSortableColumns($project_id, $role); + $sortableColumns = $this->columnMoveRestrictionCacheDecorator->getSortableColumns($projectId, $role); foreach ($sortableColumns as $column) { - if ($column['src_column_id'] == $column_id || $column['dst_column_id'] == $column_id) { + if ($column['src_column_id'] == $columnId || $column['dst_column_id'] == $columnId) { return true; } } - return empty($sortableColumns) && $this->isAllowedToMoveTask($project_id, $role); + return empty($sortableColumns) && $this->isAllowedToMoveTask($projectId, $role); } return true; @@ -71,33 +71,33 @@ class ProjectRoleHelper extends Base /** * Check if the user can move a task * - * @param int $project_id - * @param int $src_column_id - * @param int $dst_column_id + * @param int $projectId + * @param int $srcColumnId + * @param int $dstColumnId * @return bool|int */ - public function canMoveTask($project_id, $src_column_id, $dst_column_id) + public function canMoveTask($projectId, $srcColumnId, $dstColumnId) { - $role = $this->getProjectUserRole($project_id); + $role = $this->getProjectUserRole($projectId); if ($this->role->isCustomProjectRole($role)) { - if ($src_column_id == $dst_column_id) { + if ($srcColumnId == $dstColumnId) { return true; } - $sortableColumns = $this->columnMoveRestrictionCacheDecorator->getSortableColumns($project_id, $role); + $sortableColumns = $this->columnMoveRestrictionCacheDecorator->getSortableColumns($projectId, $role); foreach ($sortableColumns as $column) { - if ($column['src_column_id'] == $src_column_id && $column['dst_column_id'] == $dst_column_id) { + if ($column['src_column_id'] == $srcColumnId && $column['dst_column_id'] == $dstColumnId) { return true; } - if ($column['dst_column_id'] == $src_column_id && $column['src_column_id'] == $dst_column_id) { + if ($column['dst_column_id'] == $srcColumnId && $column['src_column_id'] == $dstColumnId) { return true; } } - return empty($sortableColumns) && $this->isAllowedToMoveTask($project_id, $role); + return empty($sortableColumns) && $this->isAllowedToMoveTask($projectId, $role); } return true; @@ -106,41 +106,41 @@ class ProjectRoleHelper extends Base /** * Return true if the user can create a task for the given column * - * @param int $project_id - * @param int $column_id + * @param int $projectId + * @param int $columnId * @return bool */ - public function canCreateTaskInColumn($project_id, $column_id) + public function canCreateTaskInColumn($projectId, $columnId) { - $role = $this->getProjectUserRole($project_id); + $role = $this->getProjectUserRole($projectId); if ($this->role->isCustomProjectRole($role)) { - if (! $this->isAllowedToCreateTask($project_id, $column_id, $role)) { + if (! $this->isAllowedToCreateTask($projectId, $columnId, $role)) { return false; } } - return $this->helper->user->hasProjectAccess('TaskCreationController', 'show', $project_id); + return $this->helper->user->hasProjectAccess('TaskCreationController', 'show', $projectId); } /** * Return true if the user can create a task for the given column * - * @param int $project_id - * @param int $column_id + * @param int $projectId + * @param int $columnId * @return bool */ - public function canChangeTaskStatusInColumn($project_id, $column_id) + public function canChangeTaskStatusInColumn($projectId, $columnId) { - $role = $this->getProjectUserRole($project_id); + $role = $this->getProjectUserRole($projectId); if ($this->role->isCustomProjectRole($role)) { - if (! $this->isAllowedToChangeTaskStatus($project_id, $column_id, $role)) { + if (! $this->isAllowedToChangeTaskStatus($projectId, $columnId, $role)) { return false; } } - return $this->helper->user->hasProjectAccess('TaskStatusController', 'close', $project_id); + return $this->helper->user->hasProjectAccess('TaskStatusController', 'close', $projectId); } /** @@ -154,6 +154,12 @@ class ProjectRoleHelper extends Base */ public function canRemoveTask(array $task) { + $role = $this->getProjectUserRole($task['project_id']); + + if ($this->hasRestriction($task['project_id'], $role, ProjectRoleRestrictionModel::RULE_TASK_SUPPRESSION)) { + return false; + } + if (isset($task['creator_id']) && $task['creator_id'] == $this->userSession->getId()) { return true; } @@ -170,10 +176,10 @@ class ProjectRoleHelper extends Base * * @param string $controller * @param string $action - * @param integer $project_id + * @param integer $projectId * @return bool */ - public function checkProjectAccess($controller, $action, $project_id) + public function checkProjectAccess($controller, $action, $projectId) { if (! $this->userSession->isLogged()) { return false; @@ -187,7 +193,7 @@ class ProjectRoleHelper extends Base return false; } - $role = $this->getProjectUserRole($project_id); + $role = $this->getProjectUserRole($projectId); if ($this->role->isCustomProjectRole($role)) { $result = $this->projectAuthorization->isAllowed($controller, $action, Role::PROJECT_MEMBER); @@ -201,17 +207,17 @@ class ProjectRoleHelper extends Base /** * Check authorization for a custom project role to change the task status * - * @param int $project_id - * @param int $column_id + * @param int $projectId + * @param int $columnId * @param string $role * @return bool */ - protected function isAllowedToChangeTaskStatus($project_id, $column_id, $role) + protected function isAllowedToChangeTaskStatus($projectId, $columnId, $role) { - $columnRestrictions = $this->columnRestrictionCacheDecorator->getAllByRole($project_id, $role); + $columnRestrictions = $this->columnRestrictionCacheDecorator->getAllByRole($projectId, $role); foreach ($columnRestrictions as $restriction) { - if ($restriction['column_id'] == $column_id) { + if ($restriction['column_id'] == $columnId) { if ($restriction['rule'] == ColumnRestrictionModel::RULE_ALLOW_TASK_OPEN_CLOSE) { return true; } else if ($restriction['rule'] == ColumnRestrictionModel::RULE_BLOCK_TASK_OPEN_CLOSE) { @@ -220,31 +226,23 @@ class ProjectRoleHelper extends Base } } - $projectRestrictions = $this->projectRoleRestrictionCacheDecorator->getAllByRole($project_id, $role); - - foreach ($projectRestrictions as $restriction) { - if ($restriction['rule'] == ProjectRoleRestrictionModel::RULE_TASK_OPEN_CLOSE) { - return false; - } - } - - return true; + return ! $this->hasRestriction($projectId, $role, ProjectRoleRestrictionModel::RULE_TASK_OPEN_CLOSE); } /** * Check authorization for a custom project role to create a task * - * @param int $project_id - * @param int $column_id + * @param int $projectId + * @param int $columnId * @param string $role * @return bool */ - protected function isAllowedToCreateTask($project_id, $column_id, $role) + protected function isAllowedToCreateTask($projectId, $columnId, $role) { - $columnRestrictions = $this->columnRestrictionCacheDecorator->getAllByRole($project_id, $role); + $columnRestrictions = $this->columnRestrictionCacheDecorator->getAllByRole($projectId, $role); foreach ($columnRestrictions as $restriction) { - if ($restriction['column_id'] == $column_id) { + if ($restriction['column_id'] == $columnId) { if ($restriction['rule'] == ColumnRestrictionModel::RULE_ALLOW_TASK_CREATION) { return true; } else if ($restriction['rule'] == ColumnRestrictionModel::RULE_BLOCK_TASK_CREATION) { @@ -253,10 +251,22 @@ class ProjectRoleHelper extends Base } } - $projectRestrictions = $this->projectRoleRestrictionCacheDecorator->getAllByRole($project_id, $role); + return ! $this->hasRestriction($projectId, $role, ProjectRoleRestrictionModel::RULE_TASK_CREATION); + } + + /** + * Check if the role can move task in the given project + * + * @param int $projectId + * @param string $role + * @return bool + */ + protected function isAllowedToMoveTask($projectId, $role) + { + $projectRestrictions = $this->projectRoleRestrictionCacheDecorator->getAllByRole($projectId, $role); foreach ($projectRestrictions as $restriction) { - if ($restriction['rule'] == ProjectRoleRestrictionModel::RULE_TASK_CREATION) { + if ($restriction['rule'] == ProjectRoleRestrictionModel::RULE_TASK_MOVE) { return false; } } @@ -265,22 +275,23 @@ class ProjectRoleHelper extends Base } /** - * Check if the role can move task in the given project + * Check if given role has a restriction * - * @param int $project_id + * @param integer $projectId * @param string $role + * @param string $rule * @return bool */ - protected function isAllowedToMoveTask($project_id, $role) + protected function hasRestriction($projectId, $role, $rule) { - $projectRestrictions = $this->projectRoleRestrictionCacheDecorator->getAllByRole($project_id, $role); + $projectRestrictions = $this->projectRoleRestrictionCacheDecorator->getAllByRole($projectId, $role); foreach ($projectRestrictions as $restriction) { - if ($restriction['rule'] == ProjectRoleRestrictionModel::RULE_TASK_MOVE) { - return false; + if ($restriction['rule'] == $rule) { + return true; } } - return true; + return false; } } diff --git a/app/Model/ProjectRoleRestrictionModel.php b/app/Model/ProjectRoleRestrictionModel.php index 8ccdcf9c..b8f00c17 100644 --- a/app/Model/ProjectRoleRestrictionModel.php +++ b/app/Model/ProjectRoleRestrictionModel.php @@ -15,6 +15,7 @@ class ProjectRoleRestrictionModel extends Base const TABLE = 'project_role_has_restrictions'; const RULE_TASK_CREATION = 'task_creation'; + const RULE_TASK_SUPPRESSION = 'task_remove'; const RULE_TASK_OPEN_CLOSE = 'task_open_close'; const RULE_TASK_MOVE = 'task_move'; @@ -27,6 +28,7 @@ class ProjectRoleRestrictionModel extends Base { return array( self::RULE_TASK_CREATION => t('Task creation is not permitted'), + self::RULE_TASK_SUPPRESSION => t('Task suppression is not permitted'), self::RULE_TASK_OPEN_CLOSE => t('Closing or opening a task is not permitted'), self::RULE_TASK_MOVE => t('Moving a task is not permitted'), ); diff --git a/tests/units/Helper/ProjectRoleHelperTest.php b/tests/units/Helper/ProjectRoleHelperTest.php index eb9b320c..6f6c9bde 100644 --- a/tests/units/Helper/ProjectRoleHelperTest.php +++ b/tests/units/Helper/ProjectRoleHelperTest.php @@ -106,6 +106,61 @@ class ProjectRoleHelperTest extends Base $this->assertFalse($projectRoleHelper->canCreateTaskInColumn(1, 2)); } + public function testCanRemoveTaskWithCustomProjectRole() + { + $projectRoleHelper = new ProjectRoleHelper($this->container); + $projectModel = new ProjectModel($this->container); + $projectUserRole = new ProjectUserRoleModel($this->container); + $userModel = new UserModel($this->container); + $projectRoleModel = new ProjectRoleModel($this->container); + $taskCreationModel = new TaskCreationModel($this->container); + $taskFinderModel = new TaskFinderModel($this->container); + $projectRoleRestrictionModel = new ProjectRoleRestrictionModel($this->container); + + $this->container['sessionStorage']->user = array( + 'id' => 2, + 'role' => Role::APP_USER, + ); + + $this->assertEquals(2, $userModel->create(array('username' => 'user'))); + $this->assertEquals(1, $projectModel->create(array('name' => 'Test'))); + $this->assertEquals(1, $taskCreationModel->create(array('project_id' => 1 , 'title' => 'test'))); + + $this->assertEquals(1, $projectRoleModel->create(1, 'Custom Role')); + $this->assertTrue($projectUserRole->addUser(1, 2, 'Custom Role')); + + $this->assertEquals(1, $projectRoleRestrictionModel->create(1, 1, ProjectRoleRestrictionModel::RULE_TASK_SUPPRESSION)); + + $task = $taskFinderModel->getById(1); + $this->assertFalse($projectRoleHelper->canRemoveTask($task)); + } + + public function testCanRemoveTaskWithCustomProjectRoleWithRestriction() + { + $projectRoleHelper = new ProjectRoleHelper($this->container); + $projectModel = new ProjectModel($this->container); + $projectUserRole = new ProjectUserRoleModel($this->container); + $userModel = new UserModel($this->container); + $projectRoleModel = new ProjectRoleModel($this->container); + $taskCreationModel = new TaskCreationModel($this->container); + $taskFinderModel = new TaskFinderModel($this->container); + + $this->container['sessionStorage']->user = array( + 'id' => 2, + 'role' => Role::APP_USER, + ); + + $this->assertEquals(2, $userModel->create(array('username' => 'user'))); + $this->assertEquals(1, $projectModel->create(array('name' => 'Test'))); + $this->assertEquals(1, $taskCreationModel->create(array('project_id' => 1 , 'title' => 'test'))); + + $this->assertEquals(1, $projectRoleModel->create(1, 'Custom Role')); + $this->assertTrue($projectUserRole->addUser(1, 2, 'Custom Role')); + + $task = $taskFinderModel->getById(1); + $this->assertTrue($projectRoleHelper->canRemoveTask($task)); + } + public function testCanChangeTaskStatusInColumnWithProjectViewer() { $projectRoleHelper = new ProjectRoleHelper($this->container); diff --git a/tests/units/Model/ProjectRoleRestrictionModelTest.php b/tests/units/Model/ProjectRoleRestrictionModelTest.php index af0f9bf9..e18d2374 100644 --- a/tests/units/Model/ProjectRoleRestrictionModelTest.php +++ b/tests/units/Model/ProjectRoleRestrictionModelTest.php @@ -90,7 +90,7 @@ class ProjectRoleRestrictionModelTest extends Base $projectRoleRestrictionModel = new ProjectRoleRestrictionModel($this->container); $rules = $projectRoleRestrictionModel->getRules(); - $this->assertCount(3, $rules); + $this->assertCount(4, $rules); $this->assertArrayHasKey(ProjectRoleRestrictionModel::RULE_TASK_OPEN_CLOSE, $rules); } } |