summaryrefslogtreecommitdiff
path: root/app
diff options
context:
space:
mode:
authorFrederic Guillot <fred@kanboard.net>2017-04-05 22:53:54 -0400
committerFrederic Guillot <fred@kanboard.net>2017-04-05 22:53:54 -0400
commit481e767d3533449e63eda1767c5e6c071d3442a3 (patch)
treeac97a2bb3d31078e2f88ea5346bc9745b136903d /app
parent22f48ea2897d95c8a31e26a0b3313559de8839d6 (diff)
Add new project restriction to block assignee change
Diffstat (limited to 'app')
-rw-r--r--app/Controller/TaskModificationController.php4
-rw-r--r--app/Helper/ProjectRoleHelper.php18
-rw-r--r--app/Helper/TaskHelper.php4
-rw-r--r--app/Model/ProjectRoleRestrictionModel.php16
4 files changed, 35 insertions, 7 deletions
diff --git a/app/Controller/TaskModificationController.php b/app/Controller/TaskModificationController.php
index 520bf70e..d2b02a80 100644
--- a/app/Controller/TaskModificationController.php
+++ b/app/Controller/TaskModificationController.php
@@ -103,6 +103,10 @@ class TaskModificationController extends BaseController
protected function updateTask(array &$task, array &$values, array &$errors)
{
+ if (isset($values['owner_id']) && $values['owner_id'] != $task['owner_id'] && ! $this->helper->projectRole->canChangeAssignee($task)) {
+ throw new AccessForbiddenException(t('You are not allowed to change the assignee'));
+ }
+
$result = $this->taskModificationModel->update($values);
if ($result && ! empty($task['external_uri'])) {
diff --git a/app/Helper/ProjectRoleHelper.php b/app/Helper/ProjectRoleHelper.php
index fd7a690b..508dc9e0 100644
--- a/app/Helper/ProjectRoleHelper.php
+++ b/app/Helper/ProjectRoleHelper.php
@@ -172,6 +172,24 @@ class ProjectRoleHelper extends Base
}
/**
+ * Return true if the user can change assignee
+ *
+ * @public
+ * @param array $task
+ * @return bool
+ */
+ public function canChangeAssignee(array $task)
+ {
+ $role = $this->getProjectUserRole($task['project_id']);
+
+ if ($this->hasRestriction($task['project_id'], $role, ProjectRoleRestrictionModel::RULE_TASK_CHANGE_ASSIGNEE)) {
+ return false;
+ }
+
+ return true;
+ }
+
+ /**
* Check project access
*
* @param string $controller
diff --git a/app/Helper/TaskHelper.php b/app/Helper/TaskHelper.php
index 69520c03..334f4f33 100644
--- a/app/Helper/TaskHelper.php
+++ b/app/Helper/TaskHelper.php
@@ -93,6 +93,10 @@ class TaskHelper extends Base
public function renderAssigneeField(array $users, array $values, array $errors = array(), array $attributes = array())
{
+ if (isset($values['project_id']) && ! $this->helper->projectRole->canChangeAssignee($values)) {
+ return '';
+ }
+
$attributes = array_merge(array('tabindex="3"'), $attributes);
$html = $this->helper->form->label(t('Assignee'), 'owner_id');
diff --git a/app/Model/ProjectRoleRestrictionModel.php b/app/Model/ProjectRoleRestrictionModel.php
index b8f00c17..714b2a65 100644
--- a/app/Model/ProjectRoleRestrictionModel.php
+++ b/app/Model/ProjectRoleRestrictionModel.php
@@ -14,10 +14,11 @@ class ProjectRoleRestrictionModel extends Base
{
const TABLE = 'project_role_has_restrictions';
- const RULE_TASK_CREATION = 'task_creation';
+ const RULE_TASK_CREATION = 'task_creation';
const RULE_TASK_SUPPRESSION = 'task_remove';
- const RULE_TASK_OPEN_CLOSE = 'task_open_close';
- const RULE_TASK_MOVE = 'task_move';
+ const RULE_TASK_OPEN_CLOSE = 'task_open_close';
+ const RULE_TASK_MOVE = 'task_move';
+ const RULE_TASK_CHANGE_ASSIGNEE = 'task_change_assignee';
/**
* Get rules
@@ -27,10 +28,11 @@ class ProjectRoleRestrictionModel extends Base
public function getRules()
{
return array(
- self::RULE_TASK_CREATION => t('Task creation is not permitted'),
- self::RULE_TASK_SUPPRESSION => t('Task suppression is not permitted'),
- self::RULE_TASK_OPEN_CLOSE => t('Closing or opening a task is not permitted'),
- self::RULE_TASK_MOVE => t('Moving a task is not permitted'),
+ self::RULE_TASK_CREATION => t('Task creation is not permitted'),
+ self::RULE_TASK_SUPPRESSION => t('Task suppression is not permitted'),
+ self::RULE_TASK_OPEN_CLOSE => t('Closing or opening a task is not permitted'),
+ self::RULE_TASK_MOVE => t('Moving a task is not permitted'),
+ self::RULE_TASK_CHANGE_ASSIGNEE => t('Changing assignee is not permitted'),
);
}