summaryrefslogtreecommitdiff
path: root/app/Controller/ProjectPermission.php
diff options
context:
space:
mode:
Diffstat (limited to 'app/Controller/ProjectPermission.php')
-rw-r--r--app/Controller/ProjectPermission.php56
1 files changed, 35 insertions, 21 deletions
diff --git a/app/Controller/ProjectPermission.php b/app/Controller/ProjectPermission.php
index 4434d017..e0e58240 100644
--- a/app/Controller/ProjectPermission.php
+++ b/app/Controller/ProjectPermission.php
@@ -13,6 +13,24 @@ use Kanboard\Core\Security\Role;
class ProjectPermission extends Base
{
/**
+ * Permissions are only available for team projects
+ *
+ * @access protected
+ * @param integer $project_id Default project id
+ * @return array
+ */
+ protected function getProject($project_id = 0)
+ {
+ $project = parent::getProject($project_id);
+
+ if ($project['is_private'] == 1) {
+ $this->forbidden();
+ }
+
+ return $project;
+ }
+
+ /**
* Show all permissions
*
* @access public
@@ -62,6 +80,7 @@ class ProjectPermission extends Base
*/
public function addUser()
{
+ $project = $this->getProject();
$values = $this->request->getValues();
if ($this->projectUserRole->addUser($values['project_id'], $values['user_id'], $values['role'])) {
@@ -70,7 +89,7 @@ class ProjectPermission extends Base
$this->flash->failure(t('Unable to update this project.'));
}
- $this->response->redirect($this->helper->url->to('ProjectPermission', 'index', array('project_id' => $values['project_id'])));
+ $this->response->redirect($this->helper->url->to('ProjectPermission', 'index', array('project_id' => $project['id'])));
}
/**
@@ -81,19 +100,16 @@ class ProjectPermission extends Base
public function removeUser()
{
$this->checkCSRFParam();
+ $project = $this->getProject();
+ $user_id = $this->request->getIntegerParam('user_id');
- $values = array(
- 'project_id' => $this->request->getIntegerParam('project_id'),
- 'user_id' => $this->request->getIntegerParam('user_id'),
- );
-
- if ($this->projectUserRole->removeUser($values['project_id'], $values['user_id'])) {
+ if ($this->projectUserRole->removeUser($project['id'], $user_id)) {
$this->flash->success(t('Project updated successfully.'));
} else {
$this->flash->failure(t('Unable to update this project.'));
}
- $this->response->redirect($this->helper->url->to('ProjectPermission', 'index', array('project_id' => $values['project_id'])));
+ $this->response->redirect($this->helper->url->to('ProjectPermission', 'index', array('project_id' => $project['id'])));
}
/**
@@ -103,10 +119,10 @@ class ProjectPermission extends Base
*/
public function changeUserRole()
{
- $project_id = $this->request->getIntegerParam('project_id');
+ $project = $this->getProject();
$values = $this->request->getJson();
- if (! empty($project_id) && ! empty($values) && $this->projectUserRole->changeUserRole($project_id, $values['id'], $values['role'])) {
+ if (! empty($project) && ! empty($values) && $this->projectUserRole->changeUserRole($project['id'], $values['id'], $values['role'])) {
$this->response->json(array('status' => 'ok'));
} else {
$this->response->json(array('status' => 'error'));
@@ -120,19 +136,20 @@ class ProjectPermission extends Base
*/
public function addGroup()
{
+ $project = $this->getProject();
$values = $this->request->getValues();
if (empty($values['group_id']) && ! empty($values['external_id'])) {
$values['group_id'] = $this->group->create($values['name'], $values['external_id']);
}
- if ($this->projectGroupRole->addGroup($values['project_id'], $values['group_id'], $values['role'])) {
+ if ($this->projectGroupRole->addGroup($project['id'], $values['group_id'], $values['role'])) {
$this->flash->success(t('Project updated successfully.'));
} else {
$this->flash->failure(t('Unable to update this project.'));
}
- $this->response->redirect($this->helper->url->to('ProjectPermission', 'index', array('project_id' => $values['project_id'])));
+ $this->response->redirect($this->helper->url->to('ProjectPermission', 'index', array('project_id' => $project['id'])));
}
/**
@@ -143,19 +160,16 @@ class ProjectPermission extends Base
public function removeGroup()
{
$this->checkCSRFParam();
+ $project = $this->getProject();
+ $group_id = $this->request->getIntegerParam('group_id');
- $values = array(
- 'project_id' => $this->request->getIntegerParam('project_id'),
- 'group_id' => $this->request->getIntegerParam('group_id'),
- );
-
- if ($this->projectGroupRole->removeGroup($values['project_id'], $values['group_id'])) {
+ if ($this->projectGroupRole->removeGroup($project['id'], $group_id)) {
$this->flash->success(t('Project updated successfully.'));
} else {
$this->flash->failure(t('Unable to update this project.'));
}
- $this->response->redirect($this->helper->url->to('ProjectPermission', 'index', array('project_id' => $values['project_id'])));
+ $this->response->redirect($this->helper->url->to('ProjectPermission', 'index', array('project_id' => $project['id'])));
}
/**
@@ -165,10 +179,10 @@ class ProjectPermission extends Base
*/
public function changeGroupRole()
{
- $project_id = $this->request->getIntegerParam('project_id');
+ $project = $this->getProject();
$values = $this->request->getJson();
- if (! empty($project_id) && ! empty($values) && $this->projectGroupRole->changeGroupRole($project_id, $values['id'], $values['role'])) {
+ if (! empty($project) && ! empty($values) && $this->projectGroupRole->changeGroupRole($project['id'], $values['id'], $values['role'])) {
$this->response->json(array('status' => 'ok'));
} else {
$this->response->json(array('status' => 'error'));
generated by cgit v1.2.3 (git 2.46.0) at 2024-11-23 01:40:23 +0000