diff options
Diffstat (limited to 'app/Controller/ProjectPermission.php')
-rw-r--r-- | app/Controller/ProjectPermission.php | 58 |
1 files changed, 36 insertions, 22 deletions
diff --git a/app/Controller/ProjectPermission.php b/app/Controller/ProjectPermission.php index 4434d017..800da02f 100644 --- a/app/Controller/ProjectPermission.php +++ b/app/Controller/ProjectPermission.php @@ -13,6 +13,24 @@ use Kanboard\Core\Security\Role; class ProjectPermission extends Base { /** + * Permissions are only available for team projects + * + * @access protected + * @param integer $project_id Default project id + * @return array + */ + protected function getProject($project_id = 0) + { + $project = parent::getProject($project_id); + + if ($project['is_private'] == 1) { + $this->forbidden(); + } + + return $project; + } + + /** * Show all permissions * * @access public @@ -25,7 +43,7 @@ class ProjectPermission extends Base $values['role'] = Role::PROJECT_MEMBER; } - $this->response->html($this->projectLayout('project_permission/index', array( + $this->response->html($this->helper->layout->project('project_permission/index', array( 'project' => $project, 'users' => $this->projectUserRole->getUsers($project['id']), 'groups' => $this->projectGroupRole->getGroups($project['id']), @@ -62,6 +80,7 @@ class ProjectPermission extends Base */ public function addUser() { + $project = $this->getProject(); $values = $this->request->getValues(); if ($this->projectUserRole->addUser($values['project_id'], $values['user_id'], $values['role'])) { @@ -70,7 +89,7 @@ class ProjectPermission extends Base $this->flash->failure(t('Unable to update this project.')); } - $this->response->redirect($this->helper->url->to('ProjectPermission', 'index', array('project_id' => $values['project_id']))); + $this->response->redirect($this->helper->url->to('ProjectPermission', 'index', array('project_id' => $project['id']))); } /** @@ -81,19 +100,16 @@ class ProjectPermission extends Base public function removeUser() { $this->checkCSRFParam(); + $project = $this->getProject(); + $user_id = $this->request->getIntegerParam('user_id'); - $values = array( - 'project_id' => $this->request->getIntegerParam('project_id'), - 'user_id' => $this->request->getIntegerParam('user_id'), - ); - - if ($this->projectUserRole->removeUser($values['project_id'], $values['user_id'])) { + if ($this->projectUserRole->removeUser($project['id'], $user_id)) { $this->flash->success(t('Project updated successfully.')); } else { $this->flash->failure(t('Unable to update this project.')); } - $this->response->redirect($this->helper->url->to('ProjectPermission', 'index', array('project_id' => $values['project_id']))); + $this->response->redirect($this->helper->url->to('ProjectPermission', 'index', array('project_id' => $project['id']))); } /** @@ -103,10 +119,10 @@ class ProjectPermission extends Base */ public function changeUserRole() { - $project_id = $this->request->getIntegerParam('project_id'); + $project = $this->getProject(); $values = $this->request->getJson(); - if (! empty($project_id) && ! empty($values) && $this->projectUserRole->changeUserRole($project_id, $values['id'], $values['role'])) { + if (! empty($project) && ! empty($values) && $this->projectUserRole->changeUserRole($project['id'], $values['id'], $values['role'])) { $this->response->json(array('status' => 'ok')); } else { $this->response->json(array('status' => 'error')); @@ -120,19 +136,20 @@ class ProjectPermission extends Base */ public function addGroup() { + $project = $this->getProject(); $values = $this->request->getValues(); if (empty($values['group_id']) && ! empty($values['external_id'])) { $values['group_id'] = $this->group->create($values['name'], $values['external_id']); } - if ($this->projectGroupRole->addGroup($values['project_id'], $values['group_id'], $values['role'])) { + if ($this->projectGroupRole->addGroup($project['id'], $values['group_id'], $values['role'])) { $this->flash->success(t('Project updated successfully.')); } else { $this->flash->failure(t('Unable to update this project.')); } - $this->response->redirect($this->helper->url->to('ProjectPermission', 'index', array('project_id' => $values['project_id']))); + $this->response->redirect($this->helper->url->to('ProjectPermission', 'index', array('project_id' => $project['id']))); } /** @@ -143,19 +160,16 @@ class ProjectPermission extends Base public function removeGroup() { $this->checkCSRFParam(); + $project = $this->getProject(); + $group_id = $this->request->getIntegerParam('group_id'); - $values = array( - 'project_id' => $this->request->getIntegerParam('project_id'), - 'group_id' => $this->request->getIntegerParam('group_id'), - ); - - if ($this->projectGroupRole->removeGroup($values['project_id'], $values['group_id'])) { + if ($this->projectGroupRole->removeGroup($project['id'], $group_id)) { $this->flash->success(t('Project updated successfully.')); } else { $this->flash->failure(t('Unable to update this project.')); } - $this->response->redirect($this->helper->url->to('ProjectPermission', 'index', array('project_id' => $values['project_id']))); + $this->response->redirect($this->helper->url->to('ProjectPermission', 'index', array('project_id' => $project['id']))); } /** @@ -165,10 +179,10 @@ class ProjectPermission extends Base */ public function changeGroupRole() { - $project_id = $this->request->getIntegerParam('project_id'); + $project = $this->getProject(); $values = $this->request->getJson(); - if (! empty($project_id) && ! empty($values) && $this->projectGroupRole->changeGroupRole($project_id, $values['id'], $values['role'])) { + if (! empty($project) && ! empty($values) && $this->projectGroupRole->changeGroupRole($project['id'], $values['id'], $values['role'])) { $this->response->json(array('status' => 'ok')); } else { $this->response->json(array('status' => 'error')); |