Regular users are able to create private projects

1 files changed, 24 insertions, 5 deletions

diff --git a/app/Controller/Base.php b/app/Controller/Base.php
index 9c1416fc..f24ea8ff 100644
--- a/app/Controller/Base.php
+++ b/app/Controller/Base.php
@@ -209,11 +209,8 @@ abstract class Base
      */
     protected function checkProjectPermissions($project_id)
     {
-        if ($this->acl->isRegularUser()) {
-
-            if ($project_id > 0 && ! $this->projectPermission->isUserAllowed($project_id, $this->acl->getUserId())) {
-                $this->forbidden();
-            }
+        if ($this->acl->isRegularUser() && ! $this->projectPermission->isUserAllowed($project_id, $this->acl->getUserId())) {
+            $this->forbidden();
         }
     }
 
@@ -260,6 +257,7 @@ abstract class Base
     {
         $content = $this->template->load($template, $params);
         $params['project_content_for_layout'] = $content;
+        $params['menu'] = 'projects';
 
         return $this->template->layout('project_layout', $params);
     }
@@ -304,4 +302,25 @@ abstract class Base
 
         return $project;
     }
+
+    /**
+     * Common method to get a project with administration rights
+     *
+     * @access protected
+     * @return array
+     */
+    protected function getProjectManagement()
+    {
+        $project = $this->project->getById($this->request->getIntegerParam('project_id'));
+
+        if (! $project) {
+            $this->notfound();
+        }
+
+        if ($this->acl->isRegularUser() && ! $this->projectPermission->adminAllowed($project['id'], $this->acl->getUserId())) {
+            $this->forbidden();
+        }
+
+        return $project;
+    }
 }