diff options
Diffstat (limited to 'app/Helper/User.php')
| -rw-r--r-- | app/Helper/User.php | 82 |
1 files changed, 50 insertions, 32 deletions
diff --git a/app/Helper/User.php b/app/Helper/User.php index 9cd39bd9..29844dfb 100644 --- a/app/Helper/User.php +++ b/app/Helper/User.php @@ -51,21 +51,6 @@ class User extends \Kanboard\Core\Base } /** - * Get user profile - * - * @access public - * @return string - */ - public function getProfileLink() - { - return $this->helper->url->link( - $this->helper->e($this->getFullname()), - 'user', - 'show', - array('user_id' => $this->userSession->getId()) - ); - } - /** * Check if the given user_id is the connected user * * @param integer $user_id User id @@ -88,44 +73,77 @@ class User extends \Kanboard\Core\Base } /** - * Return if the logged user is project admin + * Get role name * * @access public - * @return boolean + * @param string $role + * @return string */ - public function isProjectAdmin() + public function getRoleName($role = '') { - return $this->userSession->isProjectAdmin(); + return $this->role->getRoleName($role ?: $this->userSession->getRole()); } /** - * Check for project administration actions access (Project Admin group) + * Check application access * - * @access public - * @return boolean + * @param string $controller + * @param string $action + * @return bool */ - public function isProjectAdministrationAllowed($project_id) + public function hasAccess($controller, $action) { - if ($this->userSession->isAdmin()) { - return true; + $key = 'app_access:'.$controller.$action; + $result = $this->memoryCache->get($key); + + if ($result === null) { + $result = $this->applicationAuthorization->isAllowed($controller, $action, $this->userSession->getRole()); + $this->memoryCache->set($key, $result); } - return $this->memoryCache->proxy($this->container['acl'], 'handleProjectAdminPermissions', $project_id); + return $result; } /** - * Check for project management actions access (Regular users who are Project Managers) + * Check project access * - * @access public - * @return boolean + * @param string $controller + * @param string $action + * @param integer $project_id + * @return bool */ - public function isProjectManagementAllowed($project_id) + public function hasProjectAccess($controller, $action, $project_id) { if ($this->userSession->isAdmin()) { return true; } - return $this->memoryCache->proxy($this->container['acl'], 'handleProjectManagerPermissions', $project_id); + if (! $this->hasAccess($controller, $action)) { + return false; + } + + $key = 'project_access:'.$controller.$action.$project_id; + $result = $this->memoryCache->get($key); + + if ($result === null) { + $role = $this->getProjectUserRole($project_id); + $result = $this->projectAuthorization->isAllowed($controller, $action, $role); + $this->memoryCache->set($key, $result); + } + + return $result; + } + + /** + * Get project role for the current user + * + * @access public + * @param integer $project_id + * @return string + */ + public function getProjectUserRole($project_id) + { + return $this->memoryCache->proxy($this->projectUserRole, 'getUserRole', $project_id, $this->userSession->getId()); } /** @@ -136,7 +154,7 @@ class User extends \Kanboard\Core\Base */ public function getFullname(array $user = array()) { - return $this->user->getFullname(empty($user) ? $_SESSION['user'] : $user); + return $this->user->getFullname(empty($user) ? $this->sessionStorage->user : $user); } /** |