diff options
| author | Frederic Guillot <fred@kanboard.net> | 2015-12-06 17:39:21 -0500 |
|---|---|---|
| committer | Frederic Guillot <fred@kanboard.net> | 2015-12-06 17:39:21 -0500 |
| commit | f0651c48c14f44a21d01c2ee71ebdd0a5ffd81a6 (patch) | |
| tree | 51f1d6b6c2ad14f692e10e2d6bb44bf071a56301 /app | |
| parent | bd849ff655f9b31f90425c07e5773c7a4e956c34 (diff) | |
Restrict actions for project viewers
Diffstat (limited to 'app')
| -rw-r--r-- | app/Helper/Subtask.php | 11 | ||||
| -rw-r--r-- | app/ServiceProvider/AuthenticationProvider.php | 2 | ||||
| -rw-r--r-- | app/Template/board/task_private.php | 22 | ||||
| -rw-r--r-- | app/Template/board/tooltip_subtasks.php | 2 | ||||
| -rw-r--r-- | app/Template/comment/show.php | 2 | ||||
| -rw-r--r-- | app/Template/file/show.php | 10 | ||||
| -rw-r--r-- | app/Template/project/sidebar.php | 2 | ||||
| -rw-r--r-- | app/Template/subtask/show.php | 13 | ||||
| -rw-r--r-- | app/Template/task/comments.php | 4 | ||||
| -rw-r--r-- | app/Template/task/details.php | 2 | ||||
| -rw-r--r-- | app/Template/task/public.php | 11 | ||||
| -rw-r--r-- | app/Template/task/show.php | 35 | ||||
| -rw-r--r-- | app/Template/tasklink/show.php | 18 |
13 files changed, 87 insertions, 47 deletions
diff --git a/app/Helper/Subtask.php b/app/Helper/Subtask.php index 4bb26e77..7d474de0 100644 --- a/app/Helper/Subtask.php +++ b/app/Helper/Subtask.php @@ -14,12 +14,17 @@ class Subtask extends \Kanboard\Core\Base * Get the link to toggle subtask status * * @access public - * @param array $subtask - * @param string $redirect + * @param array $subtask + * @param string $redirect + * @param integer $project_id * @return string */ - public function toggleStatus(array $subtask, $redirect) + public function toggleStatus(array $subtask, $redirect, $project_id = 0) { + if ($project_id > 0 && ! $this->helper->user->hasProjectAccess('subtask', 'edit', $project_id)) { + return trim($this->template->render('subtask/icons', array('subtask' => $subtask))) . $this->helper->e($subtask['title']); + } + if ($subtask['status'] == 0 && isset($this->sessionStorage->hasSubtaskInProgress) && $this->sessionStorage->hasSubtaskInProgress === true) { return $this->helper->url->link( trim($this->template->render('subtask/icons', array('subtask' => $subtask))) . $this->helper->e($subtask['title']), diff --git a/app/ServiceProvider/AuthenticationProvider.php b/app/ServiceProvider/AuthenticationProvider.php index 8600d96e..b9cdeb75 100644 --- a/app/ServiceProvider/AuthenticationProvider.php +++ b/app/ServiceProvider/AuthenticationProvider.php @@ -134,7 +134,7 @@ class AuthenticationProvider implements ServiceProviderInterface $acl->add('Config', '*', Role::APP_ADMIN); $acl->add('Currency', '*', Role::APP_ADMIN); - $acl->add('Gantt', '*', Role::APP_MANAGER); + $acl->add('Gantt', array('projects', 'saveProjectDate'), Role::APP_MANAGER); $acl->add('Group', '*', Role::APP_ADMIN); $acl->add('Link', '*', Role::APP_ADMIN); $acl->add('Project', array('users', 'allowEverybody', 'allow', 'role', 'revoke', 'create'), Role::APP_MANAGER); diff --git a/app/Template/board/task_private.php b/app/Template/board/task_private.php index a5d05e49..ad09546e 100644 --- a/app/Template/board/task_private.php +++ b/app/Template/board/task_private.php @@ -41,15 +41,19 @@ <?php if (! empty($task['owner_id'])): ?> <span class="task-board-user <?= $this->user->isCurrentUser($task['owner_id']) ? 'task-board-current-user' : '' ?>"> - <?= $this->url->link( - $task['assignee_name'] ?: $task['assignee_username'], - 'board', - 'changeAssignee', - array('task_id' => $task['id'], 'project_id' => $task['project_id']), - false, - 'popover', - t('Change assignee') - ) ?> + <?php if ($this->user->hasProjectAccess('taskmodification', 'edit', $task['project_id'])): ?> + <?= $this->url->link( + $task['assignee_name'] ?: $task['assignee_username'], + 'BoardPopover', + 'changeAssignee', + array('task_id' => $task['id'], 'project_id' => $task['project_id']), + false, + 'popover', + t('Change assignee') + ) ?> + <?php else: ?> + <?= $this->e($task['assignee_name'] ?: $task['assignee_username']) ?> + <?php endif ?> </span> <?php endif ?> diff --git a/app/Template/board/tooltip_subtasks.php b/app/Template/board/tooltip_subtasks.php index 950da925..5c273e08 100644 --- a/app/Template/board/tooltip_subtasks.php +++ b/app/Template/board/tooltip_subtasks.php @@ -1,6 +1,6 @@ <section id="tooltip-subtasks"> <?php foreach ($subtasks as $subtask): ?> - <?= $this->subtask->toggleStatus($subtask, 'board') ?> + <?= $this->subtask->toggleStatus($subtask, 'board', $task['project_id']) ?> <?= $this->e(empty($subtask['username']) ? '' : ' ['.$this->user->getFullname($subtask).']') ?> <br/> <?php endforeach ?> diff --git a/app/Template/comment/show.php b/app/Template/comment/show.php index 84077668..44457653 100644 --- a/app/Template/comment/show.php +++ b/app/Template/comment/show.php @@ -16,7 +16,7 @@ <?php if (! isset($preview)): ?> <ul class="comment-actions"> <li><a href="#comment-<?= $comment['id'] ?>"><?= t('link') ?></a></li> - <?php if ((! isset($not_editable) || ! $not_editable) && ($this->user->isAdmin() || $this->user->isCurrentUser($comment['user_id']))): ?> + <?php if ($editable && ($this->user->isAdmin() || $this->user->isCurrentUser($comment['user_id']))): ?> <li> <?= $this->url->link(t('remove'), 'comment', 'confirm', array('task_id' => $task['id'], 'project_id' => $task['project_id'], 'comment_id' => $comment['id'])) ?> </li> diff --git a/app/Template/file/show.php b/app/Template/file/show.php index a390c9fb..b87739a8 100644 --- a/app/Template/file/show.php +++ b/app/Template/file/show.php @@ -9,11 +9,9 @@ <ul class="task-show-images"> <?php foreach ($images as $file): ?> <li> - <?php if (function_exists('imagecreatetruecolor')): ?> <div class="img_container"> <img src="<?= $this->url->href('file', 'thumbnail', array('file_id' => $file['id'], 'project_id' => $task['project_id'], 'task_id' => $file['task_id'])) ?>" alt="<?= $this->e($file['name']) ?>"/> </div> - <?php endif ?> <p> <?= $this->e($file['name']) ?> <span class="tooltip" title='<?= t('uploaded by: %s', $file['user_name'] ?: $file['username']).'<br>'.t('uploaded on: %s', dt('%B %e, %Y at %k:%M %p', $file['date'])).'<br>'.t('size: %s', $this->text->bytes($file['size'])) ?>'> @@ -22,7 +20,9 @@ </p> <span class="task-show-file-actions task-show-image-actions"> <i class="fa fa-eye"></i> <?= $this->url->link(t('open file'), 'file', 'open', array('task_id' => $task['id'], 'project_id' => $task['project_id'], 'file_id' => $file['id']), false, 'popover') ?> - <i class="fa fa-trash"></i> <?= $this->url->link(t('remove'), 'file', 'confirm', array('task_id' => $task['id'], 'project_id' => $task['project_id'], 'file_id' => $file['id'])) ?> + <?php if ($this->user->hasProjectAccess('file', 'remove', $task['project_id'])): ?> + <i class="fa fa-trash"></i> <?= $this->url->link(t('remove'), 'file', 'confirm', array('task_id' => $task['id'], 'project_id' => $task['project_id'], 'file_id' => $file['id'])) ?> + <?php endif ?> <i class="fa fa-download"></i> <?= $this->url->link(t('download'), 'file', 'download', array('task_id' => $task['id'], 'project_id' => $task['project_id'], 'file_id' => $file['id'])) ?> </span> </li> @@ -44,7 +44,9 @@ </td> <td> <span class="task-show-file-actions"> - <i class="fa fa-trash"></i> <?= $this->url->link(t('remove'), 'file', 'confirm', array('task_id' => $task['id'], 'project_id' => $task['project_id'], 'file_id' => $file['id'])) ?> + <?php if ($this->user->hasProjectAccess('file', 'remove', $task['project_id'])): ?> + <i class="fa fa-trash"></i> <?= $this->url->link(t('remove'), 'file', 'confirm', array('task_id' => $task['id'], 'project_id' => $task['project_id'], 'file_id' => $file['id'])) ?> + <?php endif ?> <i class="fa fa-download"></i> <?= $this->url->link(t('download'), 'file', 'download', array('task_id' => $task['id'], 'project_id' => $task['project_id'], 'file_id' => $file['id'])) ?> </span> </td> diff --git a/app/Template/project/sidebar.php b/app/Template/project/sidebar.php index b436c9e8..2cc5ff2f 100644 --- a/app/Template/project/sidebar.php +++ b/app/Template/project/sidebar.php @@ -4,9 +4,11 @@ <li <?= $this->app->getRouterAction() === 'show' ? 'class="active"' : '' ?>> <?= $this->url->link(t('Summary'), 'project', 'show', array('project_id' => $project['id'])) ?> </li> + <?php if ($this->user->hasProjectAccess('customfilter', 'index', $project['id'])): ?> <li <?= $this->app->getRouterController() === 'customfilter' && $this->app->getRouterAction() === 'index' ? 'class="active"' : '' ?>> <?= $this->url->link(t('Custom filters'), 'customfilter', 'index', array('project_id' => $project['id'])) ?> </li> + <?php endif ?> <?php if ($this->user->hasProjectAccess('project', 'edit', $project['id'])): ?> <li <?= $this->app->getRouterController() === 'project' && $this->app->getRouterAction() === 'share' ? 'class="active"' : '' ?>> diff --git a/app/Template/subtask/show.php b/app/Template/subtask/show.php index f48484cc..283057f4 100644 --- a/app/Template/subtask/show.php +++ b/app/Template/subtask/show.php @@ -1,4 +1,3 @@ - <div id="subtasks" class="task-show-section"> <?php if (! empty($subtasks)): ?> @@ -13,14 +12,14 @@ <th class="column-40"><?= t('Title') ?></th> <th><?= t('Assignee') ?></th> <th><?= t('Time tracking') ?></th> - <?php if (! isset($not_editable)): ?> + <?php if ($editable): ?> <th><?= t('Actions') ?></th> <?php endif ?> </tr> <?php foreach ($subtasks as $subtask): ?> <tr> <td> - <?php if (! isset($not_editable)): ?> + <?php if ($editable): ?> <?= $this->subtask->toggleStatus($subtask, 'task') ?> <?php else: ?> <?= $this->render('subtask/icons', array('subtask' => $subtask)) . $this->e($subtask['title']) ?> @@ -28,7 +27,7 @@ </td> <td> <?php if (! empty($subtask['username'])): ?> - <?php if (! isset($not_editable)): ?> + <?php if ($editable): ?> <?= $this->url->link($this->e($subtask['name'] ?: $subtask['username']), 'user', 'show', array('user_id' => $subtask['user_id'])) ?> <?php else: ?> <?= $this->e($subtask['name'] ?: $subtask['username']) ?> @@ -46,7 +45,7 @@ <strong><?= $this->e($subtask['time_estimated']).'h' ?></strong> <?= t('estimated') ?> <?php endif ?> </li> - <?php if (! isset($not_editable) && $subtask['user_id'] == $this->user->getId()): ?> + <?php if ($editable && $subtask['user_id'] == $this->user->getId()): ?> <li> <?php if ($subtask['is_timer_started']): ?> <i class="fa fa-pause"></i> @@ -60,7 +59,7 @@ <?php endif ?> </ul> </td> - <?php if (! isset($not_editable)): ?> + <?php if ($editable): ?> <td> <ul> <?php if ($subtask['position'] != $first_position): ?> @@ -87,7 +86,7 @@ </table> <?php endif ?> - <?php if (! isset($not_editable) && $this->user->hasProjectAccess('subtask', 'save', $task['project_id'])): ?> + <?php if ($editable && $this->user->hasProjectAccess('subtask', 'save', $task['project_id'])): ?> <?php if (empty($subtasks)): ?> <div class="page-header"> diff --git a/app/Template/task/comments.php b/app/Template/task/comments.php index 070de320..57fb305f 100644 --- a/app/Template/task/comments.php +++ b/app/Template/task/comments.php @@ -15,12 +15,12 @@ 'comment' => $comment, 'task' => $task, 'project' => $project, - 'not_editable' => isset($not_editable) && $not_editable, + 'editable' => $editable, 'is_public' => isset($is_public) && $is_public, )) ?> <?php endforeach ?> - <?php if (! isset($not_editable)): ?> + <?php if ($editable): ?> <?= $this->render('comment/create', array( 'skip_cancel' => true, 'values' => array( diff --git a/app/Template/task/details.php b/app/Template/task/details.php index 9cd10dda..74799b15 100644 --- a/app/Template/task/details.php +++ b/app/Template/task/details.php @@ -86,7 +86,7 @@ </li> <?php endif ?> - <?php if (! isset($not_editable) && $task['recurrence_status'] != \Kanboard\Model\Task::RECURRING_STATUS_NONE): ?> + <?php if ($editable && $task['recurrence_status'] != \Kanboard\Model\Task::RECURRING_STATUS_NONE): ?> <li> <strong><?= t('Recurring information') ?></strong> <?= $this->render('task/recurring_info', array( diff --git a/app/Template/task/public.php b/app/Template/task/public.php index e3105488..7edf097c 100644 --- a/app/Template/task/public.php +++ b/app/Template/task/public.php @@ -1,33 +1,34 @@ <section id="main" class="public-task"> - <?= $this->render('task/details', array('task' => $task, 'project' => $project, 'not_editable' => true)) ?> + <?= $this->render('task/details', array('task' => $task, 'project' => $project, 'editable' => false)) ?> <p class="pull-right"><?= $this->url->link(t('Back to the board'), 'board', 'readonly', array('token' => $project['token'])) ?></p> <?= $this->render('task/description', array( 'task' => $task, 'project' => $project, - 'is_public' => true + 'is_public' => true, )) ?> <?= $this->render('tasklink/show', array( 'task' => $task, 'links' => $links, 'project' => $project, - 'not_editable' => true + 'editable' => false, + 'is_public' => true, )) ?> <?= $this->render('subtask/show', array( 'task' => $task, 'subtasks' => $subtasks, - 'not_editable' => true + 'editable' => false )) ?> <?= $this->render('task/comments', array( 'task' => $task, 'comments' => $comments, 'project' => $project, - 'not_editable' => true, + 'editable' => false, 'is_public' => true, )) ?> diff --git a/app/Template/task/show.php b/app/Template/task/show.php index 713c2b3a..f6d47e53 100644 --- a/app/Template/task/show.php +++ b/app/Template/task/show.php @@ -4,6 +4,7 @@ 'recurrence_trigger_list' => $this->task->recurrenceTriggers(), 'recurrence_timeframe_list' => $this->task->recurrenceTimeframes(), 'recurrence_basedate_list' => $this->task->recurrenceBasedates(), + 'editable' => $this->user->hasProjectAccess('taskmodification', 'edit', $project['id']), )) ?> <?php if ($this->user->hasProjectAccess('taskmodification', 'edit', $project['id'])): ?> @@ -11,8 +12,34 @@ <?php endif ?> <?= $this->render('task/description', array('task' => $task)) ?> -<?= $this->render('tasklink/show', array('task' => $task, 'links' => $links, 'link_label_list' => $link_label_list)) ?> -<?= $this->render('subtask/show', array('task' => $task, 'subtasks' => $subtasks, 'project' => $project, 'users_list' => isset($users_list) ? $users_list : array())) ?> + +<?= $this->render('tasklink/show', array( + 'task' => $task, + 'links' => $links, + 'link_label_list' => $link_label_list, + 'editable' => $this->user->hasProjectAccess('tasklink', 'edit', $project['id']), + 'is_public' => false, +)) ?> + +<?= $this->render('subtask/show', array( + 'task' => $task, + 'subtasks' => $subtasks, + 'project' => $project, + 'users_list' => isset($users_list) ? $users_list : array(), + 'editable' => $this->user->hasProjectAccess('subtask', 'edit', $project['id']), +)) ?> + <?= $this->render('task/time_tracking_summary', array('task' => $task)) ?> -<?= $this->render('file/show', array('task' => $task, 'files' => $files, 'images' => $images)) ?> -<?= $this->render('task/comments', array('task' => $task, 'comments' => $comments, 'project' => $project)) ?> + +<?= $this->render('file/show', array( + 'task' => $task, + 'files' => $files, + 'images' => $images +)) ?> + +<?= $this->render('task/comments', array( + 'task' => $task, + 'comments' => $comments, + 'project' => $project, + 'editable' => $this->user->hasProjectAccess('comment', 'edit', $project['id']), +)) ?> diff --git a/app/Template/tasklink/show.php b/app/Template/tasklink/show.php index b66ec087..fbb1f825 100644 --- a/app/Template/tasklink/show.php +++ b/app/Template/tasklink/show.php @@ -9,7 +9,7 @@ <th class="column-20"><?= t('Project') ?></th> <th><?= t('Column') ?></th> <th><?= t('Assignee') ?></th> - <?php if (! isset($not_editable)): ?> + <?php if ($editable): ?> <th><?= t('Action') ?></th> <?php endif ?> </tr> @@ -23,12 +23,12 @@ <?php endif ?> <td> - <?php if (! isset($not_editable)): ?> + <?php if ($is_public): ?> <?= $this->url->link( $this->e('#'.$link['task_id'].' '.$link['title']), 'task', - 'show', - array('task_id' => $link['task_id'], 'project_id' => $link['project_id']), + 'readonly', + array('task_id' => $link['task_id'], 'token' => $project['token']), false, $link['is_active'] ? '' : 'task-link-closed' ) ?> @@ -36,8 +36,8 @@ <?= $this->url->link( $this->e('#'.$link['task_id'].' '.$link['title']), 'task', - 'readonly', - array('task_id' => $link['task_id'], 'token' => $project['token']), + 'show', + array('task_id' => $link['task_id'], 'project_id' => $link['project_id']), false, $link['is_active'] ? '' : 'task-link-closed' ) ?> @@ -57,14 +57,14 @@ <td><?= $this->e($link['column_title']) ?></td> <td> <?php if (! empty($link['task_assignee_username'])): ?> - <?php if (! isset($not_editable)): ?> + <?php if ($editable): ?> <?= $this->url->link($this->e($link['task_assignee_name'] ?: $link['task_assignee_username']), 'user', 'show', array('user_id' => $link['task_assignee_id'])) ?> <?php else: ?> <?= $this->e($link['task_assignee_name'] ?: $link['task_assignee_username']) ?> <?php endif ?> <?php endif ?> </td> - <?php if (! isset($not_editable)): ?> + <?php if ($editable): ?> <td> <ul> <li><?= $this->url->link(t('Edit'), 'tasklink', 'edit', array('link_id' => $link['id'], 'task_id' => $task['id'], 'project_id' => $task['project_id'])) ?></li> @@ -77,7 +77,7 @@ <?php endforeach ?> </table> -<?php if (! isset($not_editable) && isset($link_label_list)): ?> +<?php if ($editable && isset($link_label_list)): ?> <form action="<?= $this->url->href('tasklink', 'save', array('task_id' => $task['id'], 'project_id' => $task['project_id'])) ?>" method="post" autocomplete="off"> <?= $this->form->csrf() ?> |