diff options
author | Frederic Guillot <fred@kanboard.net> | 2017-04-05 22:53:54 -0400 |
---|---|---|
committer | Frederic Guillot <fred@kanboard.net> | 2017-04-05 22:53:54 -0400 |
commit | 481e767d3533449e63eda1767c5e6c071d3442a3 (patch) | |
tree | ac97a2bb3d31078e2f88ea5346bc9745b136903d /app | |
parent | 22f48ea2897d95c8a31e26a0b3313559de8839d6 (diff) |
Add new project restriction to block assignee change
Diffstat (limited to 'app')
-rw-r--r-- | app/Controller/TaskModificationController.php | 4 | ||||
-rw-r--r-- | app/Helper/ProjectRoleHelper.php | 18 | ||||
-rw-r--r-- | app/Helper/TaskHelper.php | 4 | ||||
-rw-r--r-- | app/Model/ProjectRoleRestrictionModel.php | 16 |
4 files changed, 35 insertions, 7 deletions
diff --git a/app/Controller/TaskModificationController.php b/app/Controller/TaskModificationController.php index 520bf70e..d2b02a80 100644 --- a/app/Controller/TaskModificationController.php +++ b/app/Controller/TaskModificationController.php @@ -103,6 +103,10 @@ class TaskModificationController extends BaseController protected function updateTask(array &$task, array &$values, array &$errors) { + if (isset($values['owner_id']) && $values['owner_id'] != $task['owner_id'] && ! $this->helper->projectRole->canChangeAssignee($task)) { + throw new AccessForbiddenException(t('You are not allowed to change the assignee')); + } + $result = $this->taskModificationModel->update($values); if ($result && ! empty($task['external_uri'])) { diff --git a/app/Helper/ProjectRoleHelper.php b/app/Helper/ProjectRoleHelper.php index fd7a690b..508dc9e0 100644 --- a/app/Helper/ProjectRoleHelper.php +++ b/app/Helper/ProjectRoleHelper.php @@ -172,6 +172,24 @@ class ProjectRoleHelper extends Base } /** + * Return true if the user can change assignee + * + * @public + * @param array $task + * @return bool + */ + public function canChangeAssignee(array $task) + { + $role = $this->getProjectUserRole($task['project_id']); + + if ($this->hasRestriction($task['project_id'], $role, ProjectRoleRestrictionModel::RULE_TASK_CHANGE_ASSIGNEE)) { + return false; + } + + return true; + } + + /** * Check project access * * @param string $controller diff --git a/app/Helper/TaskHelper.php b/app/Helper/TaskHelper.php index 69520c03..334f4f33 100644 --- a/app/Helper/TaskHelper.php +++ b/app/Helper/TaskHelper.php @@ -93,6 +93,10 @@ class TaskHelper extends Base public function renderAssigneeField(array $users, array $values, array $errors = array(), array $attributes = array()) { + if (isset($values['project_id']) && ! $this->helper->projectRole->canChangeAssignee($values)) { + return ''; + } + $attributes = array_merge(array('tabindex="3"'), $attributes); $html = $this->helper->form->label(t('Assignee'), 'owner_id'); diff --git a/app/Model/ProjectRoleRestrictionModel.php b/app/Model/ProjectRoleRestrictionModel.php index b8f00c17..714b2a65 100644 --- a/app/Model/ProjectRoleRestrictionModel.php +++ b/app/Model/ProjectRoleRestrictionModel.php @@ -14,10 +14,11 @@ class ProjectRoleRestrictionModel extends Base { const TABLE = 'project_role_has_restrictions'; - const RULE_TASK_CREATION = 'task_creation'; + const RULE_TASK_CREATION = 'task_creation'; const RULE_TASK_SUPPRESSION = 'task_remove'; - const RULE_TASK_OPEN_CLOSE = 'task_open_close'; - const RULE_TASK_MOVE = 'task_move'; + const RULE_TASK_OPEN_CLOSE = 'task_open_close'; + const RULE_TASK_MOVE = 'task_move'; + const RULE_TASK_CHANGE_ASSIGNEE = 'task_change_assignee'; /** * Get rules @@ -27,10 +28,11 @@ class ProjectRoleRestrictionModel extends Base public function getRules() { return array( - self::RULE_TASK_CREATION => t('Task creation is not permitted'), - self::RULE_TASK_SUPPRESSION => t('Task suppression is not permitted'), - self::RULE_TASK_OPEN_CLOSE => t('Closing or opening a task is not permitted'), - self::RULE_TASK_MOVE => t('Moving a task is not permitted'), + self::RULE_TASK_CREATION => t('Task creation is not permitted'), + self::RULE_TASK_SUPPRESSION => t('Task suppression is not permitted'), + self::RULE_TASK_OPEN_CLOSE => t('Closing or opening a task is not permitted'), + self::RULE_TASK_MOVE => t('Moving a task is not permitted'), + self::RULE_TASK_CHANGE_ASSIGNEE => t('Changing assignee is not permitted'), ); } |