diff options
Diffstat (limited to 'app/Model/ProjectRoleRestrictionModel.php')
| -rw-r--r-- | app/Model/ProjectRoleRestrictionModel.php | 164 |
1 files changed, 164 insertions, 0 deletions
diff --git a/app/Model/ProjectRoleRestrictionModel.php b/app/Model/ProjectRoleRestrictionModel.php new file mode 100644 index 00000000..0411838d --- /dev/null +++ b/app/Model/ProjectRoleRestrictionModel.php @@ -0,0 +1,164 @@ +<?php + +namespace Kanboard\Model; + +use Kanboard\Core\Base; + +/** + * Class ProjectRoleRestrictionModel + * + * @package Kanboard\Model + * @author Frederic Guillot + */ +class ProjectRoleRestrictionModel extends Base +{ + const TABLE = 'project_role_has_restrictions'; + const RULE_TASK_CREATION = 'task_creation'; + + protected $ruleMapping = array( + self::RULE_TASK_CREATION => array( + array('controller' => 'TaskCreationController', 'method' => '*'), + ) + ); + + /** + * Get rules + * + * @return array + */ + public function getRules() + { + return array( + self::RULE_TASK_CREATION => t('Task creation is not permitted'), + ); + } + + /** + * Get a single restriction + * + * @param integer $project_id + * @param integer $restriction_id + * @return array|null + */ + public function getById($project_id, $restriction_id) + { + return $this->db + ->table(self::TABLE) + ->eq('project_id', $project_id) + ->eq('restriction_id', $restriction_id) + ->findOne(); + } + + /** + * Get restrictions + * + * @param int $project_id + * @return array + */ + public function getAll($project_id) + { + $rules = $this->getRules(); + $restrictions = $this->db + ->table(self::TABLE) + ->columns( + self::TABLE.'.restriction_id', + self::TABLE.'.project_id', + self::TABLE.'.role_id', + self::TABLE.'.rule' + ) + ->eq(self::TABLE.'.project_id', $project_id) + ->findAll(); + + foreach ($restrictions as &$restriction) { + $restriction['title'] = $rules[$restriction['rule']]; + } + + return $restrictions; + } + + /** + * Get restrictions + * + * @param int $project_id + * @param string $role + * @return array + */ + public function getAllByRole($project_id, $role) + { + $rules = $this->db + ->table(self::TABLE) + ->columns( + self::TABLE.'.restriction_id', + self::TABLE.'.project_id', + self::TABLE.'.role_id', + self::TABLE.'.rule', + 'pr.role' + ) + ->eq(self::TABLE.'.project_id', $project_id) + ->eq('role', $role) + ->left(ProjectRoleModel::TABLE, 'pr', 'role_id', self::TABLE, 'role_id') + ->findAll(); + + foreach ($rules as &$rule) { + $rule['acl'] = $this->ruleMapping[$rule['rule']]; + } + + return $rules; + } + + /** + * Create a new restriction + * + * @param int $project_id + * @param int $role_id + * @param string $rule + * @return bool|int + */ + public function create($project_id, $role_id, $rule) + { + return $this->db->table(self::TABLE) + ->persist(array( + 'project_id' => $project_id, + 'role_id' => $role_id, + 'rule' => $rule, + )); + } + + /** + * Remove a restriction + * + * @param integer $restriction_id + * @return bool + */ + public function remove($restriction_id) + { + return $this->db->table(self::TABLE)->eq('restriction_id', $restriction_id)->remove(); + } + + /** + * Check if the controller/method is allowed + * + * @param array $restrictions + * @param string $controller + * @param string $method + * @return bool + */ + public function isAllowed(array $restrictions, $controller, $method) + { + $controller = strtolower($controller); + $method = strtolower($method); + + foreach ($restrictions as $restriction) { + foreach ($restriction['acl'] as $acl) { + $acl['controller'] = strtolower($acl['controller']); + $acl['method'] = strtolower($acl['method']); + + if ($acl['controller'] === $controller && ($acl['method'] === '*' || $acl['method'] === $method)) { + return false; + } + } + } + + return true; + } +} |