diff options
| -rw-r--r-- | app/Core/Security/Role.php | 12 | ||||
| -rw-r--r-- | app/Helper/UserHelper.php | 5 | ||||
| -rw-r--r-- | tests/units/Core/Security/RoleTest.php | 37 | ||||
| -rw-r--r-- | tests/units/Helper/UserHelperTest.php | 32 |
4 files changed, 86 insertions, 0 deletions
diff --git a/app/Core/Security/Role.php b/app/Core/Security/Role.php index cb45a8af..c16d4094 100644 --- a/app/Core/Security/Role.php +++ b/app/Core/Security/Role.php @@ -50,6 +50,18 @@ class Role } /** + * Check if the given role is custom or not + * + * @access public + * @param string $role + * @return bool + */ + public function isCustomProjectRole($role) + { + return ! empty($role) && $role !== self::PROJECT_MANAGER && $role !== self::PROJECT_MEMBER && $role !== self::PROJECT_VIEWER; + } + + /** * Get role name * * @access public diff --git a/app/Helper/UserHelper.php b/app/Helper/UserHelper.php index e42bafe4..17c66616 100644 --- a/app/Helper/UserHelper.php +++ b/app/Helper/UserHelper.php @@ -150,6 +150,11 @@ class UserHelper extends Base if ($result === null) { $role = $this->getProjectUserRole($project_id); + + if ($this->role->isCustomProjectRole($role)) { + $role = Role::PROJECT_MEMBER; + } + $result = $this->projectAuthorization->isAllowed($controller, $action, $role); $this->memoryCache->set($key, $result); } diff --git a/tests/units/Core/Security/RoleTest.php b/tests/units/Core/Security/RoleTest.php new file mode 100644 index 00000000..10b9c409 --- /dev/null +++ b/tests/units/Core/Security/RoleTest.php @@ -0,0 +1,37 @@ +<?php + +use Kanboard\Core\Security\Role; + +require_once __DIR__.'/../../Base.php'; + +class RoleTest extends Base +{ + public function testIsCustomRole() + { + $role = new Role(); + $this->assertFalse($role->isCustomProjectRole(Role::PROJECT_MANAGER)); + $this->assertFalse($role->isCustomProjectRole(Role::PROJECT_MEMBER)); + $this->assertFalse($role->isCustomProjectRole(Role::PROJECT_VIEWER)); + $this->assertFalse($role->isCustomProjectRole('')); + $this->assertTrue($role->isCustomProjectRole('Custom Role')); + } + + public function testGetRoleName() + { + $role = new Role(); + $this->assertEquals('Project Manager', $role->getRoleName(Role::PROJECT_MANAGER)); + $this->assertEquals('Project Member', $role->getRoleName(Role::PROJECT_MEMBER)); + $this->assertEquals('Project Viewer', $role->getRoleName(Role::PROJECT_VIEWER)); + $this->assertEquals('Administrator', $role->getRoleName(Role::APP_ADMIN)); + $this->assertEquals('Manager', $role->getRoleName(Role::APP_MANAGER)); + $this->assertEquals('User', $role->getRoleName(Role::APP_USER)); + $this->assertEquals('Unknown', $role->getRoleName('Foobar')); + } + + public function testGetters() + { + $role = new Role(); + $this->assertCount(3, $role->getApplicationRoles()); + $this->assertCount(3, $role->getProjectRoles()); + } +} diff --git a/tests/units/Helper/UserHelperTest.php b/tests/units/Helper/UserHelperTest.php index 4d1947d8..ed34c990 100644 --- a/tests/units/Helper/UserHelperTest.php +++ b/tests/units/Helper/UserHelperTest.php @@ -5,6 +5,7 @@ require_once __DIR__.'/../Base.php'; use Kanboard\Core\User\UserSession; use Kanboard\Helper\UserHelper; use Kanboard\Model\ProjectModel; +use Kanboard\Model\ProjectRoleModel; use Kanboard\Model\ProjectUserRoleModel; use Kanboard\Model\TaskCreationModel; use Kanboard\Model\TaskFinderModel; @@ -263,6 +264,37 @@ class UserHelperTest extends Base $this->assertFalse($helper->hasProjectAccess('TaskCreationController', 'save', 2)); } + public function testHasProjectAccessForCustomProjectRole() + { + $helper = new UserHelper($this->container); + $user = new UserModel($this->container); + $project = new ProjectModel($this->container); + $projectUserRole = new ProjectUserRoleModel($this->container); + $projectRole = new ProjectRoleModel($this->container); + + $this->container['sessionStorage']->user = array( + 'id' => 2, + 'role' => Role::APP_USER, + ); + + $this->assertEquals(1, $project->create(array('name' => 'My project'))); + $this->assertEquals(2, $project->create(array('name' => 'My project'))); + $this->assertEquals(2, $user->create(array('username' => 'user'))); + $this->assertEquals(1, $projectRole->create(1, 'Custom Role')); + + $this->assertTrue($projectUserRole->addUser(1, 2, 'Custom Role')); + + $this->assertFalse($helper->hasProjectAccess('ProjectEditController', 'edit', 1)); + $this->assertTrue($helper->hasProjectAccess('BoardViewController', 'show', 1)); + $this->assertTrue($helper->hasProjectAccess('TaskViewController', 'show', 1)); + $this->assertTrue($helper->hasProjectAccess('TaskCreationController', 'save', 1)); + + $this->assertFalse($helper->hasProjectAccess('ProjectEditController', 'edit', 2)); + $this->assertFalse($helper->hasProjectAccess('BoardViewController', 'show', 2)); + $this->assertFalse($helper->hasProjectAccess('TaskViewController', 'show', 2)); + $this->assertFalse($helper->hasProjectAccess('TaskCreationController', 'save', 2)); + } + public function testCanRemoveTask() { $taskCreationModel = new TaskCreationModel($this->container); |