3 files changed, 112 insertions, 4 deletions

diff --git a/app/Controller/ColumnRestrictionController.php b/app/Controller/ColumnRestrictionController.php
new file mode 100644
index 00000000..ce2a1ca8
--- /dev/null
+++ b/app/Controller/ColumnRestrictionController.php
@@ -0,0 +1,103 @@
+<?php
+
+namespace Kanboard\Controller;
+
+use Kanboard\Core\Controller\AccessForbiddenException;
+
+/**
+ * Class ColumnMoveRestrictionController
+ *
+ * @package Kanboard\Controller
+ * @author  Frederic Guillot
+ */
+class ColumnRestrictionController extends BaseController
+{
+    /**
+     * Show form to create a new column restriction
+     *
+     * @param  array $values
+     * @param  array $errors
+     * @throws AccessForbiddenException
+     */
+    public function create(array $values = array(), array $errors = array())
+    {
+        $project = $this->getProject();
+        $role_id = $this->request->getIntegerParam('role_id');
+        $role = $this->projectRoleModel->getById($project['id'], $role_id);
+
+        $this->response->html($this->template->render('column_restriction/create', array(
+            'project' => $project,
+            'role' => $role,
+            'rules' => $this->columnRestrictionModel->getRules(),
+            'columns' => $this->columnModel->getList($project['id']),
+            'values' => $values + array('project_id' => $project['id'], 'role_id' => $role['role_id']),
+            'errors' => $errors,
+        )));
+    }
+
+    /**
+     * Save new column restriction
+     */
+    public function save()
+    {
+        $project = $this->getProject();
+        $values = $this->request->getValues();
+
+        list($valid, $errors) = $this->columnRestrictionValidator->validateCreation($values);
+
+        if ($valid) {
+            $restriction_id = $this->columnRestrictionModel->create(
+                $project['id'],
+                $values['role_id'],
+                $values['column_id'],
+                $values['rule']
+            );
+
+            if ($restriction_id !== false) {
+                $this->flash->success(t('The column restriction has been created successfully.'));
+            } else {
+                $this->flash->failure(t('Unable to create this column restriction.'));
+            }
+
+            $this->response->redirect($this->helper->url->to('ProjectRoleController', 'show', array('project_id' => $project['id'])));
+        } else {
+            $this->create($values, $errors);
+        }
+    }
+
+    /**
+     * Confirm suppression
+     *
+     * @access public
+     */
+    public function confirm()
+    {
+        $project = $this->getProject();
+        $restriction_id = $this->request->getIntegerParam('restriction_id');
+
+        $this->response->html($this->helper->layout->project('column_restriction/remove', array(
+            'project' => $project,
+            'restriction' => $this->columnRestrictionModel->getById($project['id'], $restriction_id),
+        )));
+    }
+
+    /**
+     * Remove a restriction
+     *
+     * @access public
+     */
+    public function remove()
+    {
+        $project = $this->getProject();
+        $this->checkCSRFParam();
+        $restriction_id = $this->request->getIntegerParam('restriction_id');
+
+        if ($this->columnRestrictionModel->remove($restriction_id)) {
+            $this->flash->success(t('Column restriction removed successfully.'));
+        } else {
+            $this->flash->failure(t('Unable to remove this restriction.'));
+        }
+
+        $this->response->redirect($this->helper->url->to('ProjectRoleController', 'show', array('project_id' => $project['id'])));
+    }
+}
diff --git a/app/Controller/TaskCreationController.php b/app/Controller/TaskCreationController.php
index c68964f6..c754b029 100644
--- a/app/Controller/TaskCreationController.php
+++ b/app/Controller/TaskCreationController.php
@@ -52,12 +52,16 @@ class TaskCreationController extends BaseController
 
         list($valid, $errors) = $this->taskValidator->validateCreation($values);
 
-        if ($valid && ($task_id = $this->taskCreationModel->create($values))) {
-            $this->flash->success(t('Task created successfully.'));
-            $this->afterSave($project, $values, $task_id);
-        } else {
+        if (! $valid) {
             $this->flash->failure(t('Unable to create your task.'));
             $this->show($values, $errors);
+        } else if (! $this->helper->projectRole->canCreateTaskInColumn($project['id'], $values['column_id'])) {
+            $this->flash->failure(t('You cannot create tasks in this column.'));
+            $this->response->redirect($this->helper->url->to('BoardViewController', 'show', array('project_id' => $project['id'])), true);
+        } else {
+            $task_id = $this->taskCreationModel->create($values);
+            $this->flash->success(t('Task created successfully.'));
+            $this->afterSave($project, $values, $task_id);
         }
     }
 
diff --git a/app/Controller/TaskMovePositionController.php b/app/Controller/TaskMovePositionController.php
index c6e8be0c..1a8eee45 100644
--- a/app/Controller/TaskMovePositionController.php
+++ b/app/Controller/TaskMovePositionController.php
@@ -2,6 +2,7 @@
 
 namespace Kanboard\Controller;
 
+use Kanboard\Core\Controller\AccessForbiddenException;
 use Kanboard\Formatter\BoardFormatter;
 
 /**