Add project restrictions for custom roles

4 files changed, 101 insertions, 11 deletions

diff --git a/app/Controller/BoardAjaxController.php b/app/Controller/BoardAjaxController.php
index cc3b846e..484ef67d 100644
--- a/app/Controller/BoardAjaxController.php
+++ b/app/Controller/BoardAjaxController.php
@@ -28,14 +28,8 @@ class BoardAjaxController extends BaseController
         }
 
         $values = $this->request->getJson();
-        $canMoveTask = $this->columnMoveRestrictionModel->isAllowed(
-            $project_id,
-            $this->helper->user->getProjectUserRole($project_id),
-            $values['src_column_id'],
-            $values['dst_column_id']
-        );
 
-        if (! $canMoveTask) {
+        if (! $this->helper->projectRole->canMoveTask($project_id, $values['src_column_id'], $values['dst_column_id'])) {
             throw new AccessForbiddenException(e("You don't have the permission to move this task"));
         }
 
diff --git a/app/Controller/ColumnMoveRestrictionController.php b/app/Controller/ColumnMoveRestrictionController.php
index 3f1b878f..b12f6b77 100644
--- a/app/Controller/ColumnMoveRestrictionController.php
+++ b/app/Controller/ColumnMoveRestrictionController.php
@@ -45,14 +45,14 @@ class ColumnMoveRestrictionController extends BaseController
         list($valid, $errors) = $this->columnMoveRestrictionValidator->validateCreation($values);
 
         if ($valid) {
-            $role_id = $this->columnMoveRestrictionModel->create(
+            $restriction_id = $this->columnMoveRestrictionModel->create(
                 $project['id'],
                 $values['role_id'],
                 $values['src_column_id'],
                 $values['dst_column_id']
             );
 
-            if ($role_id !== false) {
+            if ($restriction_id !== false) {
                 $this->flash->success(t('The column restriction has been created successfully.'));
             } else {
                 $this->flash->failure(t('Unable to create this column restriction.'));
diff --git a/app/Controller/ProjectRoleRestrictionController.php b/app/Controller/ProjectRoleRestrictionController.php
new file mode 100644
index 00000000..4fa9b13b
--- /dev/null
+++ b/app/Controller/ProjectRoleRestrictionController.php
@@ -0,0 +1,96 @@
+<?php
+
+namespace Kanboard\Controller;
+
+use Kanboard\Core\Controller\AccessForbiddenException;
+
+/**
+ * Class ProjectRoleRestrictionController
+ *
+ * @package Kanboard\Controller
+ * @author  Frederic Guillot
+ */
+class ProjectRoleRestrictionController extends BaseController
+{
+    /**
+     * Show form to create a new project restriction
+     *
+     * @param  array $values
+     * @param  array $errors
+     * @throws AccessForbiddenException
+     */
+    public function create(array $values = array(), array $errors = array())
+    {
+        $project = $this->getProject();
+        $role_id = $this->request->getIntegerParam('role_id');
+        $role = $this->projectRoleModel->getById($project['id'], $role_id);
+
+        $this->response->html($this->template->render('project_role_restriction/create', array(
+            'project' => $project,
+            'role' => $role,
+            'values' => $values + array('project_id' => $project['id'], 'role_id' => $role['role_id']),
+            'errors' => $errors,
+            'restrictions' => $this->projectRoleRestrictionModel->getRules(),
+        )));
+    }
+
+    /**
+     * Save new restriction
+     */
+    public function save()
+    {
+        $project = $this->getProject();
+        $values = $this->request->getValues();
+
+        $restriction_id = $this->projectRoleRestrictionModel->create(
+            $project['id'],
+            $values['role_id'],
+            $values['rule']
+        );
+
+        if ($restriction_id !== false) {
+            $this->flash->success(t('The project restriction has been created successfully.'));
+        } else {
+            $this->flash->failure(t('Unable to create this project restriction.'));
+        }
+
+        $this->response->redirect($this->helper->url->to('ProjectRoleController', 'show', array('project_id' => $project['id'])));
+    }
+
+    /**
+     * Confirm suppression
+     *
+     * @access public
+     */
+    public function confirm()
+    {
+        $project = $this->getProject();
+        $restriction_id = $this->request->getIntegerParam('restriction_id');
+
+        $this->response->html($this->helper->layout->project('project_role_restriction/remove', array(
+            'project' => $project,
+            'restriction' => $this->projectRoleRestrictionModel->getById($project['id'], $restriction_id),
+            'restrictions' => $this->projectRoleRestrictionModel->getRules(),
+        )));
+    }
+
+    /**
+     * Remove a restriction
+     *
+     * @access public
+     */
+    public function remove()
+    {
+        $project = $this->getProject();
+        $this->checkCSRFParam();
+        $restriction_id = $this->request->getIntegerParam('restriction_id');
+
+        if ($this->projectRoleRestrictionModel->remove($restriction_id)) {
+            $this->flash->success(t('Project restriction removed successfully.'));
+        } else {
+            $this->flash->failure(t('Unable to remove this restriction.'));
+        }
+
+        $this->response->redirect($this->helper->url->to('ProjectRoleController', 'show', array('project_id' => $project['id'])));
+    }
+}
diff --git a/app/Controller/TaskSuppressionController.php b/app/Controller/TaskSuppressionController.php
index 600107c9..019bd97c 100644
--- a/app/Controller/TaskSuppressionController.php
+++ b/app/Controller/TaskSuppressionController.php
@@ -19,7 +19,7 @@ class TaskSuppressionController extends BaseController
     {
         $task = $this->getTask();
 
-        if (! $this->helper->user->canRemoveTask($task)) {
+        if (! $this->helper->projectRole->canRemoveTask($task)) {
             throw new AccessForbiddenException();
         }
 
@@ -37,7 +37,7 @@ class TaskSuppressionController extends BaseController
         $task = $this->getTask();
         $this->checkCSRFParam();
 
-        if (! $this->helper->user->canRemoveTask($task)) {
+        if (! $this->helper->projectRole->canRemoveTask($task)) {
             throw new AccessForbiddenException();
         }