diff options
| author | Frédéric Guillot <fred@kanboard.net> | 2014-10-05 12:32:44 -0400 |
|---|---|---|
| committer | Frédéric Guillot <fred@kanboard.net> | 2014-10-05 12:32:44 -0400 |
| commit | 7f5a871f84639a90eebd0ac1d0ee7f759e220cf6 (patch) | |
| tree | f814b2fa2ae888d0b2e800f14c6c8d6b75e85428 | |
| parent | bae57838c2dd789064b246308c7cb3a33bba5b8e (diff) | |
Projects are not anymore visible to everybody by default
| -rw-r--r-- | README.markdown | 2 | ||||
| -rw-r--r-- | app/Locales/de_DE/translations.php | 4 | ||||
| -rw-r--r-- | app/Locales/es_ES/translations.php | 4 | ||||
| -rw-r--r-- | app/Locales/fi_FI/translations.php | 4 | ||||
| -rw-r--r-- | app/Locales/fr_FR/translations.php | 4 | ||||
| -rw-r--r-- | app/Locales/it_IT/translations.php | 4 | ||||
| -rw-r--r-- | app/Locales/pl_PL/translations.php | 4 | ||||
| -rw-r--r-- | app/Locales/pt_BR/translations.php | 4 | ||||
| -rw-r--r-- | app/Locales/ru_RU/translations.php | 4 | ||||
| -rw-r--r-- | app/Locales/sv_SE/translations.php | 4 | ||||
| -rw-r--r-- | app/Locales/zh_CN/translations.php | 4 | ||||
| -rw-r--r-- | app/Model/ProjectPermission.php | 24 | ||||
| -rw-r--r-- | app/Model/User.php | 18 | ||||
| -rw-r--r-- | app/Templates/project_sidebar.php | 2 | ||||
| -rw-r--r-- | app/Templates/project_users.php | 2 | ||||
| -rw-r--r-- | docs/manage-users.markdown | 4 | ||||
| -rw-r--r-- | tests/units/ProjectPermissionTest.php | 29 |
17 files changed, 61 insertions, 60 deletions
diff --git a/README.markdown b/README.markdown index d8274737..8f5e58b4 100644 --- a/README.markdown +++ b/README.markdown @@ -23,7 +23,7 @@ Features - Boards customization, rename/add/remove columns - Tasks with different colors, categories, sub-tasks, attachments, comments and Markdown support for the description - Automatic actions based on events -- Users management with a basic privileges separation (administrator or regular user) +- User management with a basic privileges separation (administrator or regular user) - Email notifications - External authentication: Google, GitHub, LDAP/ActiveDirectory and Reverse-Proxy - Webhooks to create tasks from an external software diff --git a/app/Locales/de_DE/translations.php b/app/Locales/de_DE/translations.php index 4e72cfc0..db6e83ed 100644 --- a/app/Locales/de_DE/translations.php +++ b/app/Locales/de_DE/translations.php @@ -196,7 +196,7 @@ return array( 'revoke' => 'entfernen', 'List of authorized users' => 'Liste der autorisierten Benutzer', 'User' => 'Benutzer', - 'Everybody have access to this project.' => 'Jeder hat Zugang zu diesem Projekt.', + // 'Nobody have access to this project.' => '', 'You are not allowed to access to this project.' => 'Unzureichende Zugriffsrechte zu diesem Projekt.', 'Comments' => 'Kommentare', 'Post comment' => 'Kommentieren', @@ -421,7 +421,7 @@ return array( // 'view the task on Kanboard' => '', // 'Public access' => '', // 'Categories management' => '', - // 'Users management' => '', + // 'User management' => '', // 'Active tasks' => '', // 'Disable public access' => '', // 'Enable public access' => '', diff --git a/app/Locales/es_ES/translations.php b/app/Locales/es_ES/translations.php index 4e7bc537..cd611bf8 100644 --- a/app/Locales/es_ES/translations.php +++ b/app/Locales/es_ES/translations.php @@ -196,7 +196,7 @@ return array( 'revoke' => 'revocar', 'List of authorized users' => 'Lista de los usuarios autorizados', 'User' => 'Usuario', - 'Everybody have access to this project.' => 'Todo el mundo tiene acceso al proyecto.', + // 'Nobody have access to this project.' => '', 'You are not allowed to access to this project.' => 'No está autorizado a acceder a este proyecto.', 'Comments' => 'Comentarios', 'Post comment' => 'Commentar', @@ -421,7 +421,7 @@ return array( 'view the task on Kanboard' => 'ver la tarea en Kanboard', 'Public access' => 'Acceso público', 'Categories management' => 'Gestión de Categorías', - 'Users management' => 'Gestión de Usuarios', + 'User management' => 'Gestión de Usuarios', 'Active tasks' => 'Tareas activas', 'Disable public access' => 'Desactivar acceso público', 'Enable public access' => 'Activar acceso público', diff --git a/app/Locales/fi_FI/translations.php b/app/Locales/fi_FI/translations.php index f5618b8b..f832de66 100644 --- a/app/Locales/fi_FI/translations.php +++ b/app/Locales/fi_FI/translations.php @@ -196,7 +196,7 @@ return array( 'revoke' => 'poista', 'List of authorized users' => 'Sallittujen käyttäjien lista', 'User' => 'Käyttäjät', - 'Everybody have access to this project.' => 'Kaikilla on pääsy tähän projektiin.', + // 'Nobody have access to this project.' => '', 'You are not allowed to access to this project.' => 'Sinulla ei ole pääsyä tähän projektiin.', 'Comments' => 'Kommentit', 'Post comment' => 'Lisää kommentti', @@ -421,7 +421,7 @@ return array( // 'view the task on Kanboard' => '', // 'Public access' => '', // 'Categories management' => '', - // 'Users management' => '', + // 'User management' => '', // 'Active tasks' => '', // 'Disable public access' => '', // 'Enable public access' => '', diff --git a/app/Locales/fr_FR/translations.php b/app/Locales/fr_FR/translations.php index 8c9c74ea..dc7fcc72 100644 --- a/app/Locales/fr_FR/translations.php +++ b/app/Locales/fr_FR/translations.php @@ -196,7 +196,7 @@ return array( 'revoke' => 'révoquer', 'List of authorized users' => 'Liste des utilisateurs autorisés', 'User' => 'Utilisateur', - 'Everybody have access to this project.' => 'Tout le monde a accès au projet.', + 'Nobody have access to this project.' => 'Personne n\'est autorisé à accéder au projet.', 'You are not allowed to access to this project.' => 'Vous n\'êtes pas autorisé à accéder à ce projet.', 'Comments' => 'Commentaires', 'Post comment' => 'Commenter', @@ -421,7 +421,7 @@ return array( 'view the task on Kanboard' => 'voir la tâche sur Kanboard', 'Public access' => 'Accès public', 'Categories management' => 'Gestion des catégories', - 'Users management' => 'Gestion des utilisateurs', + 'User management' => 'Gestion des utilisateurs', 'Active tasks' => 'Tâches actives', 'Disable public access' => 'Désactiver l\'accès public', 'Enable public access' => 'Activer l\'accès public', diff --git a/app/Locales/it_IT/translations.php b/app/Locales/it_IT/translations.php index 24d13360..8e9343f6 100644 --- a/app/Locales/it_IT/translations.php +++ b/app/Locales/it_IT/translations.php @@ -196,7 +196,7 @@ return array( 'revoke' => 'revocare', 'List of authorized users' => 'Lista di utenti autorizzati', 'User' => 'Utente', - 'Everybody have access to this project.' => 'Tutti hanno accesso a questo progetto.', + // 'Nobody have access to this project.' => '', 'You are not allowed to access to this project.' => 'Non hai l\'accesso a questo progetto.', 'Comments' => 'Commenti', 'Post comment' => 'Mandare commento', @@ -421,7 +421,7 @@ return array( 'view the task on Kanboard' => 'vedi il compito su Kanboard', // 'Public access' => '', // 'Categories management' => '', - // 'Users management' => '', + // 'User management' => '', // 'Active tasks' => '', // 'Disable public access' => '', // 'Enable public access' => '', diff --git a/app/Locales/pl_PL/translations.php b/app/Locales/pl_PL/translations.php index 41e5555d..e0e25f28 100644 --- a/app/Locales/pl_PL/translations.php +++ b/app/Locales/pl_PL/translations.php @@ -196,7 +196,7 @@ return array( 'revoke' => 'odbierz dostęp', 'List of authorized users' => 'Lista użytkowników mających dostęp', 'User' => 'Użytkownik', - 'Everybody have access to this project.' => 'Każdy ma dostęp do tego projektu.', + // 'Nobody have access to this project.' => '', 'You are not allowed to access to this project.' => 'Nie masz dostępu do tego projektu.', 'Comments' => 'Komentarze', 'Post comment' => 'Dodaj komentarz', @@ -421,7 +421,7 @@ return array( // 'view the task on Kanboard' => '', // 'Public access' => '', // 'Categories management' => '', - // 'Users management' => '', + // 'User management' => '', // 'Active tasks' => '', // 'Disable public access' => '', // 'Enable public access' => '', diff --git a/app/Locales/pt_BR/translations.php b/app/Locales/pt_BR/translations.php index 89f789c3..b53650a7 100644 --- a/app/Locales/pt_BR/translations.php +++ b/app/Locales/pt_BR/translations.php @@ -196,7 +196,7 @@ return array( 'revoke' => 'revogar', 'List of authorized users' => 'Lista de usuários autorizados', 'User' => 'Usuário', - 'Everybody have access to this project.' => 'Todos têm acesso a este projeto.', + // 'Nobody have access to this project.' => '', 'You are not allowed to access to this project.' => 'Você não está autorizado a acessar este projeto.', 'Comments' => 'Comentários', 'Post comment' => 'Postar comentário', @@ -421,7 +421,7 @@ return array( // 'view the task on Kanboard' => '', // 'Public access' => '', // 'Categories management' => '', - // 'Users management' => '', + // 'User management' => '', // 'Active tasks' => '', // 'Disable public access' => '', // 'Enable public access' => '', diff --git a/app/Locales/ru_RU/translations.php b/app/Locales/ru_RU/translations.php index e658c09c..7783b781 100644 --- a/app/Locales/ru_RU/translations.php +++ b/app/Locales/ru_RU/translations.php @@ -196,7 +196,7 @@ return array( 'revoke' => 'отозвать', 'List of authorized users' => 'Список авторизованных пользователей', 'User' => 'Пользователь', - 'Everybody have access to this project.' => 'Кто угодно имеет доступ к этому проекту.', + // 'Nobody have access to this project.' => '', 'You are not allowed to access to this project.' => 'Вам запрешен доступ к этому проекту.', 'Comments' => 'Комментарии', 'Post comment' => 'Оставить комментарий', @@ -421,7 +421,7 @@ return array( 'view the task on Kanboard' => 'посмотреть задачу на Kanboard', 'Public access' => 'Общий доступ', 'Categories management' => 'Управление категориями', - 'Users management' => 'Управление пользователями', + 'User management' => 'Управление пользователями', 'Active tasks' => 'Активные задачи', 'Disable public access' => 'Отключить общий доступ', 'Enable public access' => 'Включить общий доступ', diff --git a/app/Locales/sv_SE/translations.php b/app/Locales/sv_SE/translations.php index 9c9eac02..e8994fbb 100644 --- a/app/Locales/sv_SE/translations.php +++ b/app/Locales/sv_SE/translations.php @@ -196,7 +196,7 @@ return array( 'revoke' => 'Dra tillbaka behörighet', 'List of authorized users' => 'Lista med behöriga användare', 'User' => 'Användare', - 'Everybody have access to this project.' => 'Alla har tillgång till detta projekt.', + // 'Nobody have access to this project.' => '', 'You are not allowed to access to this project.' => 'Du har inte tillgång till detta projekt.', 'Comments' => 'Kommentarer', 'Post comment' => 'Ladda upp kommentar', @@ -421,7 +421,7 @@ return array( 'view the task on Kanboard' => 'Visa uppgiften på Kanboard', // 'Public access' => '', // 'Categories management' => '', - // 'Users management' => '', + // 'User management' => '', // 'Active tasks' => '', // 'Disable public access' => '', // 'Enable public access' => '', diff --git a/app/Locales/zh_CN/translations.php b/app/Locales/zh_CN/translations.php index 41afd362..8d4b3678 100644 --- a/app/Locales/zh_CN/translations.php +++ b/app/Locales/zh_CN/translations.php @@ -196,7 +196,7 @@ return array( 'revoke' => '撤销', 'List of authorized users' => '已授权的用户列表', 'User' => '用户', - 'Everybody have access to this project.' => '任何人都有该项目权限。', + // 'Nobody have access to this project.' => '', 'You are not allowed to access to this project.' => '您对该项目没有权限。', 'Comments' => '评论', 'Post comment' => '发表评论', @@ -421,7 +421,7 @@ return array( // 'view the task on Kanboard' => '', // 'Public access' => '', // 'Categories management' => '', - // 'Users management' => '', + // 'User management' => '', // 'Active tasks' => '', // 'Disable public access' => '', // 'Enable public access' => '', diff --git a/app/Model/ProjectPermission.php b/app/Model/ProjectPermission.php index 51c11735..9d339f4d 100644 --- a/app/Model/ProjectPermission.php +++ b/app/Model/ProjectPermission.php @@ -33,10 +33,6 @@ class ProjectPermission extends Base { $allowed_users = $this->getAllowedUsers($project_id); - if (empty($allowed_users)) { - $allowed_users = $this->user->getList(); - } - if ($prepend_unassigned) { $allowed_users = array(t('Unassigned')) + $allowed_users; } @@ -146,22 +142,10 @@ class ProjectPermission extends Base */ public function isUserAllowed($project_id, $user_id) { - // If there is nobody specified, everybody have access to the project - $nb_users = $this->db - ->table(self::TABLE) - ->eq('project_id', $project_id) - ->count(); - - if ($nb_users < 1) return true; - - // Check if user has admin rights - $nb_users = $this->db - ->table(User::TABLE) - ->eq('id', $user_id) - ->eq('is_admin', 1) - ->count(); - - if ($nb_users > 0) return true; + // Check if the user has admin rights + if ($this->user->isAdmin($user_id)) { + return true; + } // Otherwise, allow only specific users return (bool) $this->db diff --git a/app/Model/User.php b/app/Model/User.php index b54f6309..33bd6720 100644 --- a/app/Model/User.php +++ b/app/Model/User.php @@ -29,6 +29,24 @@ class User extends Base const EVERYBODY_ID = -1; /** + * Return true is the given user id is administrator + * + * @access public + * @param integer $user_id User id + * @return boolean + */ + public function isAdmin($user_id) + { + $result = $this->db + ->table(User::TABLE) + ->eq('id', $user_id) + ->eq('is_admin', 1) + ->count(); + + return $result > 0; + } + + /** * Get the default project from the session * * @access public diff --git a/app/Templates/project_sidebar.php b/app/Templates/project_sidebar.php index d711e347..41f1d447 100644 --- a/app/Templates/project_sidebar.php +++ b/app/Templates/project_sidebar.php @@ -23,7 +23,7 @@ <a href="?controller=category&action=index&project_id=<?= $project['id'] ?>"><?= t('Categories management') ?></a> </li> <li> - <a href="?controller=project&action=users&project_id=<?= $project['id'] ?>"><?= t('Users management') ?></a> + <a href="?controller=project&action=users&project_id=<?= $project['id'] ?>"><?= t('User management') ?></a> </li> <li> <a href="?controller=action&action=index&project_id=<?= $project['id'] ?>"><?= t('Automatic actions') ?></a> diff --git a/app/Templates/project_users.php b/app/Templates/project_users.php index dca3524f..8d75f39f 100644 --- a/app/Templates/project_users.php +++ b/app/Templates/project_users.php @@ -3,7 +3,7 @@ </div> <?php if (empty($users['allowed'])): ?> - <div class="alert alert-info"><?= t('Everybody have access to this project.') ?></div> + <div class="alert alert-info"><?= t('Nobody have access to this project.') ?></div> <?php else: ?> <div class="listing"> <p><?= t('Only those users have access to this project:') ?></p> diff --git a/docs/manage-users.markdown b/docs/manage-users.markdown index fac70c71..f4809f04 100644 --- a/docs/manage-users.markdown +++ b/docs/manage-users.markdown @@ -1,5 +1,5 @@ -Users management -================ +User management +=============== Type of users ------------- diff --git a/tests/units/ProjectPermissionTest.php b/tests/units/ProjectPermissionTest.php index 309fa63b..b8bd375a 100644 --- a/tests/units/ProjectPermissionTest.php +++ b/tests/units/ProjectPermissionTest.php @@ -8,7 +8,7 @@ use Model\User; class ProjectPermissionTest extends Base { - public function testAllowEverybody() + public function testDisallowEverybody() { // We create a regular user $user = new User($this->registry); @@ -20,8 +20,8 @@ class ProjectPermissionTest extends Base $this->assertEquals(1, $p->create(array('name' => 'UnitTest'))); $this->assertEmpty($pp->getAllowedUsers(1)); // Nobody is specified for the given project - $this->assertTrue($pp->isUserAllowed(1, 1)); // Everybody should be allowed - $this->assertTrue($pp->isUserAllowed(1, 2)); // Everybody should be allowed + $this->assertTrue($pp->isUserAllowed(1, 1)); // Admin should be allowed + $this->assertFalse($pp->isUserAllowed(1, 2)); // Regular user should be denied } public function testAllowUser() @@ -37,6 +37,7 @@ class ProjectPermissionTest extends Base // We allow the admin user $this->assertTrue($pp->allowUser(1, 1)); + $this->assertTrue($pp->allowUser(1, 2)); // Non-existant project $this->assertFalse($pp->allowUser(50, 1)); @@ -44,12 +45,10 @@ class ProjectPermissionTest extends Base // Non-existant user $this->assertFalse($pp->allowUser(1, 50)); - // Our admin user should be allowed - $this->assertEquals(array('1' => 'admin'), $pp->getAllowedUsers(1)); + // Both users should be allowed + $this->assertEquals(array('1' => 'admin', '2' => 'unittest'), $pp->getAllowedUsers(1)); $this->assertTrue($pp->isUserAllowed(1, 1)); - - // Our regular user should be forbidden - $this->assertFalse($pp->isUserAllowed(1, 2)); + $this->assertTrue($pp->isUserAllowed(1, 2)); } public function testRevokeUser() @@ -69,9 +68,9 @@ class ProjectPermissionTest extends Base // We should have nobody in the users list $this->assertEmpty($pp->getAllowedUsers(1)); - // Our admin user and our regular user should be allowed + // Only admin is allowed $this->assertTrue($pp->isUserAllowed(1, 1)); - $this->assertTrue($pp->isUserAllowed(1, 2)); + $this->assertFalse($pp->isUserAllowed(1, 2)); // We allow only the regular user $this->assertTrue($pp->allowUser(1, 2)); @@ -103,9 +102,9 @@ class ProjectPermissionTest extends Base $this->assertTrue($pp->revokeUser(1, 1)); $this->assertEmpty($pp->getAllowedUsers(1)); - // Everybody should be allowed again + // Only admin should be allowed again $this->assertTrue($pp->isUserAllowed(1, 1)); - $this->assertTrue($pp->isUserAllowed(1, 2)); + $this->assertFalse($pp->isUserAllowed(1, 2)); } public function testUsersList() @@ -119,9 +118,9 @@ class ProjectPermissionTest extends Base // We create project $this->assertEquals(1, $p->create(array('name' => 'UnitTest'))); - // No restriction, we should have everybody + // No restriction, we should have no body $this->assertEquals( - array('Unassigned', 'admin', 'unittest'), + array('Unassigned'), $pp->getUsersList(1) ); @@ -153,7 +152,7 @@ class ProjectPermissionTest extends Base $this->assertTrue($pp->revokeUser(1, 1)); $this->assertEquals( - array(0 => 'Unassigned', 1 => 'admin', 2 => 'unittest'), + array(0 => 'Unassigned'), $pp->getUsersList(1) ); } |