Check owner existence before to create project

4 files changed, 64 insertions, 0 deletions

diff --git a/ChangeLog b/ChangeLog
index 7c0b9eb6..e920ab1f 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -16,6 +16,7 @@ Bug fixes:
 * Avoid PHP notice when regenerating API token for a user
 * Fix wrong dropdown menu in group members list
 * Show only active users in auto-complete forms (project permissions)
+* Check owner existence before to create project
 
 Version 1.0.43 (April 30, 2017)
 -------------------------------
diff --git a/app/Model/ProjectModel.php b/app/Model/ProjectModel.php
index 7f55a9fb..097806d8 100644
--- a/app/Model/ProjectModel.php
+++ b/app/Model/ProjectModel.php
@@ -355,6 +355,10 @@ class ProjectModel extends Base
      */
     public function create(array $values, $userId = 0, $addUser = false)
     {
+        if (! empty($userId) && ! $this->userModel->exists($userId)) {
+            return false;
+        }
+
         $this->db->startTransaction();
 
         $values['token'] = '';
@@ -447,6 +451,10 @@ class ProjectModel extends Base
             $values['end_date'] = $this->dateParser->getIsoDate($values['end_date']);
         }
 
+        if (! empty($values['owner_id']) && ! $this->userModel->exists($values['owner_id'])) {
+            return false;
+        }
+
         $this->helper->model->convertIntegerFields($values, array('priority_default', 'priority_start', 'priority_end'));
 
         return $this->exists($values['id']) &&
diff --git a/tests/integration/ProjectProcedureTest.php b/tests/integration/ProjectProcedureTest.php
index b55cfee2..12bb6d04 100644
--- a/tests/integration/ProjectProcedureTest.php
+++ b/tests/integration/ProjectProcedureTest.php
@@ -20,6 +20,7 @@ class ProjectProcedureTest extends BaseProcedureTest
         $this->assertEnableDisableProject();
         $this->assertEnableDisablePublicAccess();
         $this->assertRemoveProject();
+        $this->assertCreateProjectWithOwnerId();
     }
 
     public function assertGetProjectById()
@@ -121,4 +122,23 @@ class ProjectProcedureTest extends BaseProcedureTest
         $this->assertTrue($this->app->removeProject($this->projectId));
         $this->assertNull($this->app->getProjectById($this->projectId));
     }
+
+    public function assertCreateProjectWithOwnerId()
+    {
+        $this->assertFalse($this->app->createProject(array(
+            'name' => 'My project with an owner',
+            'owner_id' => 999,
+        )));
+
+        $projectId = $this->app->createProject(array(
+            'name' => 'My project with an owner',
+            'owner_id' => 1,
+        ));
+
+        $this->assertNotFalse($projectId);
+
+        $project = $this->app->getProjectById($projectId);
+        $this->assertEquals($projectId, $project['id']);
+        $this->assertEquals(1, $project['owner_id']);
+    }
 }
diff --git a/tests/units/Model/ProjectModelTest.php b/tests/units/Model/ProjectModelTest.php
index fd247ffe..7958ef0b 100644
--- a/tests/units/Model/ProjectModelTest.php
+++ b/tests/units/Model/ProjectModelTest.php
@@ -49,6 +49,21 @@ class ProjectModelTest extends Base
         $this->assertEmpty($project['end_date']);
     }
 
+    public function testCreationWithUserId()
+    {
+        $projectModel = new ProjectModel($this->container);
+
+        $this->assertFalse($projectModel->create(array('name' => 'UnitTest'), 3));
+
+        $this->assertEquals(1, $projectModel->create(array('name' => 'UnitTest'), 1));
+        $project = $projectModel->getById(1);
+        $this->assertEquals(1, $project['owner_id']);
+
+        $this->assertEquals(2, $projectModel->create(array('name' => 'UnitTest'), 0));
+        $project = $projectModel->getById(2);
+        $this->assertEquals(0, $project['owner_id']);
+    }
+
     public function testProjectDate()
     {
         $projectModel = new ProjectModel($this->container);
@@ -165,6 +180,26 @@ class ProjectModelTest extends Base
         $this->assertGreaterThan($now, $project['last_modified']);
     }
 
+    public function testUpdateOwnerId()
+    {
+        $projectModel = new ProjectModel($this->container);
+        $this->assertEquals(1, $projectModel->create(array('name' => 'UnitTest')));
+
+        $this->assertFalse($projectModel->update(array('id'=> 1, 'name' => 'test', 'owner_id' => 2)));
+
+        $this->assertTrue($projectModel->update(array('id'=> 1, 'name' => 'test', 'owner_id' => 1)));
+
+        $project = $projectModel->getById(1);
+        $this->assertNotEmpty($project);
+        $this->assertEquals(1, $project['owner_id']);
+
+        $this->assertTrue($projectModel->update(array('id'=> 1, 'name' => 'test', 'owner_id' => 0)));
+
+        $project = $projectModel->getById(1);
+        $this->assertNotEmpty($project);
+        $this->assertEquals(0, $project['owner_id']);
+    }
+
     public function testGetAllIds()
     {
         $projectModel = new ProjectModel($this->container);