diff options
Diffstat (limited to 'app/Model')
| -rw-r--r-- | app/Model/Acl.php | 89 | ||||
| -rw-r--r-- | app/Model/SubtaskTimeTracking.php | 17 | ||||
| -rw-r--r-- | app/Model/User.php | 4 | ||||
| -rw-r--r-- | app/Model/UserSession.php | 12 |
4 files changed, 99 insertions, 23 deletions
diff --git a/app/Model/Acl.php b/app/Model/Acl.php index a47886bb..0840f44c 100644 --- a/app/Model/Acl.php +++ b/app/Model/Acl.php @@ -32,7 +32,7 @@ class Acl extends Base * @access private * @var array */ - private $member_acl = array( + private $project_member_acl = array( 'board' => '*', 'comment' => '*', 'file' => '*', @@ -56,18 +56,28 @@ class Acl extends Base * @access private * @var array */ - private $manager_acl = array( + private $project_manager_acl = array( 'action' => '*', 'analytic' => '*', 'category' => '*', 'column' => '*', - 'export' => array('tasks', 'subtasks', 'summary'), + 'export' => '*', 'project' => array('edit', 'update', 'share', 'integration', 'users', 'alloweverybody', 'allow', 'setowner', 'revoke', 'duplicate', 'disable', 'enable'), 'swimlane' => '*', 'budget' => '*', ); /** + * Controllers and actions for project admins + * + * @access private + * @var array + */ + private $project_admin_acl = array( + 'project' => array('remove'), + ); + + /** * Controllers and actions for admins * * @access private @@ -77,8 +87,6 @@ class Acl extends Base 'user' => array('index', 'create', 'save', 'remove', 'authentication'), 'config' => '*', 'link' => '*', - 'project' => array('remove'), - 'hourlyrate' => '*', 'currency' => '*', 'twofactor' => array('disable'), ); @@ -149,9 +157,22 @@ class Acl extends Base * @param string $action Action name * @return bool */ - public function isManagerAction($controller, $action) + public function isProjectManagerAction($controller, $action) { - return $this->matchAcl($this->manager_acl, $controller, $action); + return $this->matchAcl($this->project_manager_acl, $controller, $action); + } + + /** + * Return true if the given action is for application managers + * + * @access public + * @param string $controller Controller name + * @param string $action Action name + * @return bool + */ + public function isProjectAdminAction($controller, $action) + { + return $this->matchAcl($this->project_admin_acl, $controller, $action); } /** @@ -162,9 +183,9 @@ class Acl extends Base * @param string $action Action name * @return bool */ - public function isMemberAction($controller, $action) + public function isProjectMemberAction($controller, $action) { - return $this->matchAcl($this->member_acl, $controller, $action); + return $this->matchAcl($this->project_member_acl, $controller, $action); } /** @@ -189,13 +210,18 @@ class Acl extends Base return false; } + // Check project admin permissions + if ($this->isProjectAdminAction($controller, $action)) { + return $this->handleProjectAdminPermissions($project_id); + } + // Check project manager permissions - if ($this->isManagerAction($controller, $action)) { - return $this->isManagerActionAllowed($project_id); + if ($this->isProjectManagerAction($controller, $action)) { + return $this->handleProjectManagerPermissions($project_id); } // Check project member permissions - if ($this->isMemberAction($controller, $action)) { + if ($this->isProjectMemberAction($controller, $action)) { return $project_id > 0 && $this->projectPermission->isMember($project_id, $this->userSession->getId()); } @@ -203,12 +229,43 @@ class Acl extends Base return true; } - public function isManagerActionAllowed($project_id) + /** + * Handle permission for project manager + * + * @access public + * @param integer $project_id + * @return boolean + */ + public function handleProjectManagerPermissions($project_id) { - if ($this->userSession->isAdmin()) { - return true; + if ($project_id > 0) { + if ($this->userSession->isProjectAdmin()) { + return $this->projectPermission->isMember($project_id, $this->userSession->getId()); + } + + return $this->projectPermission->isManager($project_id, $this->userSession->getId()); + } + + return false; + } + + /** + * Handle permission for project admins + * + * @access public + * @param integer $project_id + * @return boolean + */ + public function handleProjectAdminPermissions($project_id) + { + if (! $this->userSession->isProjectAdmin()) { + return false; } - return $project_id > 0 && $this->projectPermission->isManager($project_id, $this->userSession->getId()); + if ($project_id > 0) { + return $this->projectPermission->isMember($project_id, $this->userSession->getId()); + } + + return true; } } diff --git a/app/Model/SubtaskTimeTracking.php b/app/Model/SubtaskTimeTracking.php index 9f17ee3f..997031e8 100644 --- a/app/Model/SubtaskTimeTracking.php +++ b/app/Model/SubtaskTimeTracking.php @@ -301,7 +301,6 @@ class SubtaskTimeTracking extends Base ->findOneColumn('start'); if ($start_time) { - $start = new DateTime; $start->setTimestamp($start_time); @@ -341,18 +340,24 @@ class SubtaskTimeTracking extends Base public function updateTaskTimeTracking($task_id) { $result = $this->calculateSubtaskTime($task_id); + $values = array(); + + if ($result['total_spent'] > 0) { + $values['time_spent'] = $result['total_spent']; + } - if (empty($result['total_spent']) && empty($result['total_estimated'])) { + if ($result['total_estimated'] > 0) { + $values['time_estimated'] = $result['total_estimated']; + } + + if (empty($values)) { return true; } return $this->db ->table(Task::TABLE) ->eq('id', $task_id) - ->update(array( - 'time_spent' => $result['total_spent'], - 'time_estimated' => $result['total_estimated'], - )); + ->update($values); } /** diff --git a/app/Model/User.php b/app/Model/User.php index 8daef3f2..76af342d 100644 --- a/app/Model/User.php +++ b/app/Model/User.php @@ -57,6 +57,7 @@ class User extends Base 'name', 'email', 'is_admin', + 'is_project_admin', 'is_ldap_user', 'notifications_enabled', 'google_id', @@ -254,7 +255,7 @@ class User extends Base } $this->removeFields($values, array('confirmation', 'current_password')); - $this->resetFields($values, array('is_admin', 'is_ldap_user')); + $this->resetFields($values, array('is_admin', 'is_ldap_user', 'is_project_admin')); } /** @@ -442,6 +443,7 @@ class User extends Base new Validators\Unique('username', t('The username must be unique'), $this->db->getConnection(), self::TABLE, 'id'), new Validators\Email('email', t('Email address invalid')), new Validators\Integer('is_admin', t('This value must be an integer')), + new Validators\Integer('is_project_admin', t('This value must be an integer')), new Validators\Integer('is_ldap_user', t('This value must be an integer')), ); } diff --git a/app/Model/UserSession.php b/app/Model/UserSession.php index 44a9c2a2..1ae3fdf4 100644 --- a/app/Model/UserSession.php +++ b/app/Model/UserSession.php @@ -34,6 +34,7 @@ class UserSession extends Base $user['id'] = (int) $user['id']; $user['is_admin'] = (bool) $user['is_admin']; + $user['is_project_admin'] = (bool) $user['is_project_admin']; $user['is_ldap_user'] = (bool) $user['is_ldap_user']; $user['twofactor_activated'] = (bool) $user['twofactor_activated']; @@ -74,6 +75,17 @@ class UserSession extends Base } /** + * Return true if the logged user is project admin + * + * @access public + * @return bool + */ + public function isProjectAdmin() + { + return isset($this->session['user']['is_project_admin']) && $this->session['user']['is_project_admin'] === true; + } + + /** * Get the connected user id * * @access public |