diff options
Diffstat (limited to 'app/Helper')
| -rw-r--r-- | app/Helper/Url.php | 2 | ||||
| -rw-r--r-- | app/Helper/User.php | 68 |
2 files changed, 53 insertions, 17 deletions
diff --git a/app/Helper/Url.php b/app/Helper/Url.php index edb26841..3658ef5f 100644 --- a/app/Helper/Url.php +++ b/app/Helper/Url.php @@ -125,7 +125,7 @@ class Url extends Base return 'http://localhost/'; } - $url = Request::isHTTPS() ? 'https://' : 'http://'; + $url = $this->request->isHTTPS() ? 'https://' : 'http://'; $url .= $_SERVER['SERVER_NAME']; $url .= $_SERVER['SERVER_PORT'] == 80 || $_SERVER['SERVER_PORT'] == 443 ? '' : ':'.$_SERVER['SERVER_PORT']; $url .= $this->dir() ?: '/'; diff --git a/app/Helper/User.php b/app/Helper/User.php index 9ef20b38..b242dbb4 100644 --- a/app/Helper/User.php +++ b/app/Helper/User.php @@ -2,6 +2,8 @@ namespace Kanboard\Helper; +use Kanboard\Core\Security\Role; + /** * User helpers * @@ -65,6 +67,7 @@ class User extends \Kanboard\Core\Base array('user_id' => $this->userSession->getId()) ); } + /** * Check if the given user_id is the connected user * @@ -88,44 +91,77 @@ class User extends \Kanboard\Core\Base } /** - * Return if the logged user is project admin + * Get role name * * @access public - * @return boolean + * @param string $role + * @return string */ - public function isProjectAdmin() + public function getRoleName($role = '') { - return $this->userSession->isProjectAdmin(); + return $this->role->getRoleName($role ?: $this->userSession->getRole()); } /** - * Check for project administration actions access (Project Admin group) + * Check application access * - * @access public - * @return boolean + * @param string $controller + * @param string $action + * @return bool */ - public function isProjectAdministrationAllowed($project_id) + public function hasAccess($controller, $action) { - if ($this->userSession->isAdmin()) { - return true; + $key = 'app_access:'.$controller.$action; + $result = $this->memoryCache->get($key); + + if ($result === null) { + $result = $this->applicationAuthorization->isAllowed($controller, $action, $this->userSession->getRole()); + $this->memoryCache->set($key, $result); } - return $this->memoryCache->proxy($this->container['acl'], 'handleProjectAdminPermissions', $project_id); + return $result; } /** - * Check for project management actions access (Regular users who are Project Managers) + * Check project access * - * @access public - * @return boolean + * @param string $controller + * @param string $action + * @param integer $project_id + * @return bool */ - public function isProjectManagementAllowed($project_id) + public function hasProjectAccess($controller, $action, $project_id) { if ($this->userSession->isAdmin()) { return true; } - return $this->memoryCache->proxy($this->container['acl'], 'handleProjectManagerPermissions', $project_id); + if (! $this->hasAccess($controller, $action)) { + return false; + } + + $key = 'project_access:'.$controller.$action.$project_id; + $result = $this->memoryCache->get($key); + + if ($result === null) { + $role = $this->getProjectUserRole($project_id); + $result = $this->projectAuthorization->isAllowed($controller, $action, $role); + $this->memoryCache->set($key, $result); + } + + return $result; + } + + /** + * Get project role for the current user + * + * @access public + * @param integer $project_id + * @return string + */ + public function getProjectUserRole($project_id) + { + return $this->memoryCache->proxy($this->projectUserRole, 'getUserRole', $project_id, $this->userSession->getId()); } /** |