Add project owner support (allow user management to a regular user), see #316

author: Frédéric Guillot <fred@kanboard.net> 2014-12-11 20:51:40 -0500
committer: Frédéric Guillot <fred@kanboard.net> 2014-12-11 20:51:40 -0500
commit: 76019d76287f174cb6bf81fe052dc5c5c53be46c (patch)
tree: 51398e06b6a96b9b91e4a90ce7871d44f93a4a70
parent: 0cd31abbc4e520d93bc4a0f5480dc898bbe5f25b (diff)
10 files changed, 145 insertions, 8 deletions
diff --git a/app/Controller/Base.php b/app/Controller/Base.php
index 5027cf31..5b99e6b8 100644
--- a/app/Controller/Base.php
+++ b/app/Controller/Base.php
@@ -253,6 +253,20 @@ abstract class Base
     }
 
     /**
+     * Check if the current user is owner of the given project
+     *
+     * @access protected
+     * @param  integer   $project_id  Project id
+     */
+    protected function checkProjectOwnerPermissions($project_id)
+    {
+        if (! $this->acl->isAdminUser() &&
+            ! ($this->acl->isRegularUser() && $this->projectPermission->isOwner($project_id, $this->acl->getUserId()))) {
+            $this->forbidden();
+        }
+    }
+
+    /**
      * Redirection when there is no project in the database
      *
      * @access protected
@@ -299,6 +313,7 @@ abstract class Base
         $params['project_content_for_layout'] = $content;
         $params['title'] = $params['project']['name'] === $params['title'] ? $params['title'] : $params['project']['name'].' &gt; '.$params['title'];
         $params['board_selector'] = $this->projectPermission->getAllowedProjects($this->acl->getUserId());
+        $params['is_owner'] = $this->projectPermission->isOwner($params['project']['id'], $this->acl->getUserId());
 
         return $this->template->layout('project/layout', $params);
     }
diff --git a/app/Controller/Project.php b/app/Controller/Project.php
index 83c81cae..d407c17e 100644
--- a/app/Controller/Project.php
+++ b/app/Controller/Project.php
@@ -244,11 +244,43 @@ class Project extends Base
     public function allow()
     {
         $values = $this->request->getValues();
+        $this->checkProjectOwnerPermissions($values['project_id']);
         list($valid,) = $this->projectPermission->validateUserModification($values);
 
         if ($valid) {
 
-            if ($this->projectPermission->allowUser($values['project_id'], $values['user_id'])) {
+            if ($this->projectPermission->allowUser($values['project_id'], $values['user_id'], $values['is_owner'])) {
+                $this->session->flash(t('Project updated successfully.'));
+            }
+            else {
+                $this->session->flashError(t('Unable to update this project.'));
+            }
+        }
+
+        $this->response->redirect('?controller=project&action=users&project_id='.$values['project_id']);
+    }
+
+    /**
+     * Set ownership for a specific user (admin only)
+     *
+     * @access public
+     */
+    public function setOwner()
+    {
+        $this->checkCSRFParam();
+
+        $values = array(
+            'project_id' => $this->request->getIntegerParam('project_id'),
+            'user_id' => $this->request->getIntegerParam('user_id'),
+            'is_owner' => $this->request->getIntegerParam('is_owner'),
+        );
+
+        $this->checkProjectOwnerPermissions($values['project_id']);
+        list($valid,) = $this->projectPermission->validateUserModification($values);
+
+        if ($valid) {
+
+            if ($this->projectPermission->setOwner($values['project_id'], $values['user_id'], $values['is_owner'])) {
                 $this->session->flash(t('Project updated successfully.'));
             }
             else {
@@ -273,6 +305,7 @@ class Project extends Base
             'user_id' => $this->request->getIntegerParam('user_id'),
         );
 
+        $this->checkProjectOwnerPermissions($values['project_id']);
         list($valid,) = $this->projectPermission->validateUserModification($values);
 
         if ($valid) {
diff --git a/app/Model/Acl.php b/app/Model/Acl.php
index 4a07d116..b8353b58 100644
--- a/app/Model/Acl.php
+++ b/app/Model/Acl.php
@@ -32,7 +32,7 @@ class Acl extends Base
      */
     private $user_actions = array(
         'app' => array('index', 'preview', 'status'),
-        'project' => array('index', 'show', 'exporttasks', 'exportdaily', 'share', 'edit', 'update', 'users', 'remove', 'duplicate', 'disable', 'enable', 'activity', 'search', 'tasks', 'create', 'save'),
+        'project' => array('index', 'show', 'exporttasks', 'exportdaily', 'share', 'edit', 'update', 'users', 'remove', 'duplicate', 'disable', 'enable', 'activity', 'search', 'tasks', 'create', 'save', 'revoke', 'setowner', 'allow'),
         'board' => array('index', 'show', 'save', 'check', 'changeassignee', 'updateassignee', 'changecategory', 'updatecategory', 'movecolumn', 'edit', 'update', 'add', 'confirm', 'remove', 'subtasks', 'togglesubtask', 'attachments', 'comments', 'description'),
         'user' => array('edit', 'forbidden', 'logout', 'show', 'external', 'unlinkgoogle', 'unlinkgithub', 'sessions', 'removesession', 'last', 'notifications', 'password'),
         'comment' => array('create', 'save', 'confirm', 'remove', 'update', 'edit', 'forbidden'),
diff --git a/app/Model/ProjectPermission.php b/app/Model/ProjectPermission.php
index 8984ef3e..aaff5e69 100644
--- a/app/Model/ProjectPermission.php
+++ b/app/Model/ProjectPermission.php
@@ -86,6 +86,27 @@ class ProjectPermission extends Base
     }
 
     /**
+     * Get a list of owners for a project
+     *
+     * @access public
+     * @param  integer   $project_id   Project id
+     * @return array
+     */
+    public function getOwners($project_id)
+    {
+        $users = $this->db
+            ->table(self::TABLE)
+            ->join(User::TABLE, 'id', 'user_id')
+            ->eq('project_id', $project_id)
+            ->eq('is_owner', 1)
+            ->asc('username')
+            ->columns(User::TABLE.'.id', User::TABLE.'.username', User::TABLE.'.name')
+            ->findAll();
+
+        return $this->user->prepareList($users);
+    }
+
+    /**
      * Get allowed and not allowed users for a project
      *
      * @access public
@@ -97,11 +118,13 @@ class ProjectPermission extends Base
         $users = array(
             'allowed' => array(),
             'not_allowed' => array(),
+            'owners' => array(),
         );
 
         $all_users = $this->user->getList();
 
         $users['allowed'] = $this->getMembers($project_id);
+        $users['owners'] = $this->getOwners($project_id);
 
         foreach ($all_users as $user_id => $username) {
 
@@ -129,6 +152,24 @@ class ProjectPermission extends Base
     }
 
     /**
+     * Make the specific user owner of the given project
+     *
+     * @access public
+     * @param  integer   $project_id   Project id
+     * @param  integer   $user_id      User id
+     * @param  bool      $is_owner     Is user owner of the project
+     * @return bool
+     */
+    public function setOwner($project_id, $user_id, $is_owner = 1)
+    {
+        return $this->db
+                    ->table(self::TABLE)
+                    ->eq('project_id', $project_id)
+                    ->eq('user_id', $user_id) 
+                    ->update(array('is_owner' => $is_owner));
+    }
+
+    /**
      * Revoke a specific user for a given project
      *
      * @access public
@@ -164,6 +205,24 @@ class ProjectPermission extends Base
                     ->eq('project_id', $project_id)
                     ->eq('user_id', $user_id)
                     ->count();
+	}
+
+	/**
+     * Check if a specific user is owner of a given project
+     *
+     * @access public
+     * @param  integer   $project_id   Project id
+     * @param  integer   $user_id      User id
+     * @return bool
+     */
+    public function isOwner($project_id, $user_id)
+    {
+        return (bool) $this->db
+                    ->table(self::TABLE)
+                    ->eq('project_id', $project_id)
+                    ->eq('user_id', $user_id)
+                    ->eq('is_owner', 1)
+                    ->count();
     }
 
     /**
@@ -209,6 +268,10 @@ class ProjectPermission extends Base
             return true;
         }
 
+        if ($this->isOwner($project_id, $user_id)) {
+            return true;
+        }
+
         return false;
     }
 
@@ -291,6 +354,7 @@ class ProjectPermission extends Base
             new Validators\Integer('project_id', t('This value must be an integer')),
             new Validators\Required('user_id', t('The user id is required')),
             new Validators\Integer('user_id', t('This value must be an integer')),
+            new Validators\Integer('is_owner', t('This value must be an integer')),
         ));
 
         return array(
diff --git a/app/Schema/Mysql.php b/app/Schema/Mysql.php
index 52dbea50..32953656 100644
--- a/app/Schema/Mysql.php
+++ b/app/Schema/Mysql.php
@@ -5,7 +5,12 @@ namespace Schema;
 use PDO;
 use Core\Security;
 
-const VERSION = 36;
+const VERSION = 37;
+
+function version_37($pdo)
+{
+    $pdo->exec("ALTER TABLE project_has_users ADD COLUMN is_owner TINYINT(1) DEFAULT '0'");
+}
 
 function version_36($pdo)
 {
diff --git a/app/Schema/Postgres.php b/app/Schema/Postgres.php
index 9493e60e..8f114616 100644
--- a/app/Schema/Postgres.php
+++ b/app/Schema/Postgres.php
@@ -5,7 +5,12 @@ namespace Schema;
 use PDO;
 use Core\Security;
 
-const VERSION = 17;
+const VERSION = 18;
+
+function version_18($pdo)
+{
+    $pdo->exec("ALTER TABLE project_has_users ADD COLUMN is_owner BOOLEAN DEFAULT '0'");
+}
 
 function version_17($pdo)
 {
diff --git a/app/Schema/Sqlite.php b/app/Schema/Sqlite.php
index 82c2f41c..8efe8d30 100644
--- a/app/Schema/Sqlite.php
+++ b/app/Schema/Sqlite.php
@@ -5,7 +5,12 @@ namespace Schema;
 use Core\Security;
 use PDO;
 
-const VERSION = 35;
+const VERSION = 36;
+
+function version_36($pdo)
+{
+    $pdo->exec('ALTER TABLE project_has_users ADD COLUMN is_owner INTEGER DEFAULT "0"');
+}
 
 function version_35($pdo)
 {
diff --git a/app/Template/project/layout.php b/app/Template/project/layout.php
index 27a93021..19fe32b9 100644
--- a/app/Template/project/layout.php
+++ b/app/Template/project/layout.php
@@ -7,7 +7,7 @@
     </div>
     <section class="sidebar-container" id="project-section">
 
-        <?= Helper\template('project/sidebar', array('project' => $project)) ?>
+        <?= Helper\template('project/sidebar', array('project' => $project, 'is_owner' => $is_owner)) ?>
 
         <div class="sidebar-content">
             <?= $project_content_for_layout ?>
diff --git a/app/Template/project/sidebar.php b/app/Template/project/sidebar.php
index 376a1427..ef591d2e 100644
--- a/app/Template/project/sidebar.php
+++ b/app/Template/project/sidebar.php
@@ -18,11 +18,13 @@
         <li>
             <?= Helper\a(t('Category management'), 'category', 'index', array('project_id' => $project['id'])) ?>
         </li>
-        <?php if (Helper\is_admin()): ?>
+        <?php endif ?>
+        <?php if ((Helper\is_admin() || $is_owner) && $project['is_private'] == 0): ?>
             <li>
                 <?= Helper\a(t('User management'), 'project', 'users', array('project_id' => $project['id'])) ?>
             </li>
         <?php endif ?>
+        <?php if (Helper\is_admin() || $project['is_private']): ?>
         <li>
             <?= Helper\a(t('Automatic actions'), 'action', 'index', array('project_id' => $project['id'])) ?>
         </li>
diff --git a/app/Template/project/users.php b/app/Template/project/users.php
index 0908533f..3a59df7a 100644
--- a/app/Template/project/users.php
+++ b/app/Template/project/users.php
@@ -15,8 +15,16 @@
         <?php foreach ($users['allowed'] as $user_id => $username): ?>
             <li>
                 <strong><?= Helper\escape($username) ?></strong>
+                <?php $is_owner = array_key_exists($user_id, $users['owners']);
+                      if ($is_owner): ?> [owner] <?php endif ?>
                 <?php if ($project['is_private'] == 0): ?>
-                    (<?= Helper\a(t('revoke'), 'project', 'revoke', array('project_id' => $project['id'], 'user_id' => $user_id), true) ?>)
+                    <?php if ($is_owner): ?>
+                        (<a href=<?= Helper\u('project', 'setOwner', array('project_id' => $project['id'], 'user_id' => $user_id, 'is_owner' => 0), true) ?> ><?= t('make user') ?></a>
+                    <?php else: ?>
+                        (<a href=<?= Helper\u('project', 'setOwner', array('project_id' => $project['id'], 'user_id' => $user_id, 'is_owner' => 1), true) ?> ><?= t('make owner') ?></a>
+                    <?php endif ?>
+                    or
+                    <?= Helper\a(t('revoke'), 'project', 'revoke', array('project_id' => $project['id'], 'user_id' => $user_id), true) ?>)
                 <?php endif ?>
             </li>
         <?php endforeach ?>
author	Frédéric Guillot <fred@kanboard.net>	2014-12-11 20:51:40 -0500
committer	Frédéric Guillot <fred@kanboard.net>	2014-12-11 20:51:40 -0500
commit	76019d76287f174cb6bf81fe052dc5c5c53be46c (patch)
tree	51398e06b6a96b9b91e4a90ce7871d44f93a4a70
parent	0cd31abbc4e520d93bc4a0f5480dc898bbe5f25b (diff)