Regular users are able to create private projects

author: Frédéric Guillot <fred@kanboard.net> 2014-10-05 19:40:57 -0400
committer: Frédéric Guillot <fred@kanboard.net> 2014-10-05 19:40:57 -0400
commit: d138834dcf902534f78237939926e97fd9a0eebe (patch)
tree: a6247b9ed98079899c9e21d43044030b69088bee /app/Model/ProjectPermission.php
parent: 7f5a871f84639a90eebd0ac1d0ee7f759e220cf6 (diff)
1 files changed, 17 insertions, 2 deletions
diff --git a/app/Model/ProjectPermission.php b/app/Model/ProjectPermission.php
index 9d339f4d..b4466c20 100644
--- a/app/Model/ProjectPermission.php
+++ b/app/Model/ProjectPermission.php
@@ -142,12 +142,10 @@ class ProjectPermission extends Base
      */
     public function isUserAllowed($project_id, $user_id)
     {
-        // Check if the user has admin rights
         if ($this->user->isAdmin($user_id)) {
             return true;
         }
 
-        // Otherwise, allow only specific users
         return (bool) $this->db
                     ->table(self::TABLE)
                     ->eq('project_id', $project_id)
@@ -156,6 +154,23 @@ class ProjectPermission extends Base
     }
 
     /**
+     * Check if a specific user is allowed to manage a project
+     *
+     * @access public
+     * @param  integer   $project_id   Project id
+     * @param  integer   $user_id      User id
+     * @return bool
+     */
+    public function adminAllowed($project_id, $user_id)
+    {
+        if ($this->isUserAllowed($project_id, $user_id) && $this->project->isPrivate($project_id)) {
+            return true;
+        }
+
+        return false;
+    }
+
+    /**
      * Filter a list of projects for a given user
      *
      * @access public
author	Frédéric Guillot <fred@kanboard.net>	2014-10-05 19:40:57 -0400
committer	Frédéric Guillot <fred@kanboard.net>	2014-10-05 19:40:57 -0400
commit	d138834dcf902534f78237939926e97fd9a0eebe (patch)
tree	a6247b9ed98079899c9e21d43044030b69088bee /app/Model/ProjectPermission.php
parent	7f5a871f84639a90eebd0ac1d0ee7f759e220cf6 (diff)