5 files changed, 269 insertions, 3 deletions

diff --git a/app/Model/ColumnMoveRestrictionModel.php b/app/Model/ColumnMoveRestrictionModel.php
new file mode 100644
index 00000000..fa44edd1
--- /dev/null
+++ b/app/Model/ColumnMoveRestrictionModel.php
@@ -0,0 +1,92 @@
+<?php
+
+namespace Kanboard\Model;
+
+use Kanboard\Core\Base;
+
+/**
+ * Class ColumnMoveRestrictionModel
+ *
+ * @package Kanboard\Model
+ * @author  Frederic Guillot
+ */
+class ColumnMoveRestrictionModel extends Base
+{
+    const TABLE = 'column_has_move_restrictions';
+
+    /**
+     * Check if the custom project role is allowed to move a task
+     *
+     * @param  int $project_id
+     * @param  string $role
+     * @param  int $src_column_id
+     * @param  int $dst_column_id
+     * @return int
+     */
+    public function isAllowed($project_id, $role, $src_column_id, $dst_column_id)
+    {
+        return ! $this->db->table(self::TABLE)
+            ->left(ProjectRoleModel::TABLE, 'pr', 'role_id', self::TABLE, 'role_id')
+            ->eq(self::TABLE.'.project_id', $project_id)
+            ->eq(self::TABLE.'.src_column_id', $src_column_id)
+            ->eq(self::TABLE.'.dst_column_id', $dst_column_id)
+            ->eq('pr.role', $role)
+            ->exists();
+    }
+
+    /**
+     * Get all project column restrictions
+     *
+     * @param  int $project_id
+     * @return array
+     */
+    public function getAll($project_id)
+    {
+        return $this->db->table(self::TABLE)
+            ->columns(
+                'restriction_id',
+                'src_column_id',
+                'dst_column_id',
+                'pr.role',
+                'sc.title as src_column_title',
+                'dc.title as dst_column_title'
+            )
+            ->left(ColumnModel::TABLE, 'sc', 'id', self::TABLE, 'src_column_id')
+            ->left(ColumnModel::TABLE, 'dc', 'id', self::TABLE, 'dst_column_id')
+            ->left(ProjectRoleModel::TABLE, 'pr', 'role_id', self::TABLE, 'role_id')
+            ->eq(self::TABLE.'.project_id', $project_id)
+            ->findAll();
+    }
+
+    /**
+     * Create a new column restriction
+     *
+     * @param  int    $project_id
+     * @param  int    $role_id
+     * @param  int    $src_column_id
+     * @param  int    $dst_column_id
+     * @return bool|int
+     */
+    public function create($project_id, $role_id, $src_column_id, $dst_column_id)
+    {
+        return $this->db
+            ->table(self::TABLE)
+            ->persist(array(
+                'project_id' => $project_id,
+                'role_id' => $role_id,
+                'src_column_id' => $src_column_id,
+                'dst_column_id' => $dst_column_id,
+            ));
+    }
+
+    /**
+     * Remove a permission
+     *
+     * @param  int $restriction_id
+     * @return bool
+     */
+    public function remove($restriction_id)
+    {
+        return $this->db->table(self::TABLE)->eq('restriction_id', $restriction_id)->remove();
+    }
+}
diff --git a/app/Model/ProjectRoleModel.php b/app/Model/ProjectRoleModel.php
new file mode 100644
index 00000000..93fe1dcc
--- /dev/null
+++ b/app/Model/ProjectRoleModel.php
@@ -0,0 +1,82 @@
+<?php
+
+namespace Kanboard\Model;
+
+use Kanboard\Core\Base;
+
+/**
+ * Class ProjectRoleModel
+ *
+ * @package Kanboard\Model
+ * @author  Frederic Guillot
+ */
+class ProjectRoleModel extends Base
+{
+    const TABLE = 'project_has_roles';
+
+    /**
+     * Get all project roles
+     *
+     * @param  int $project_id
+     * @return array
+     */
+    public function getAll($project_id)
+    {
+        return $this->db->table(self::TABLE)
+            ->eq('project_id', $project_id)
+            ->asc('role')
+            ->findAll();
+    }
+
+    /**
+     * Create a new project role
+     *
+     * @param  int $project_id
+     * @param  string $role
+     * @return bool|int
+     */
+    public function create($project_id, $role)
+    {
+        return $this->db
+            ->table(self::TABLE)
+            ->persist(array(
+                'project_id' => $project_id,
+                'role' => $role,
+            ));
+    }
+
+    /**
+     * Update a project role
+     *
+     * @param  int $role_id
+     * @param  int $project_id
+     * @param  string $role
+     * @return bool
+     */
+    public function update($role_id, $project_id, $role)
+    {
+        return $this->db
+            ->table(self::TABLE)
+            ->eq('role_id', $role_id)
+            ->eq('project_id', $project_id)
+            ->update(array(
+                'role' => $role,
+            ));
+    }
+
+    /**
+     * Remove a project role
+     *
+     * @param  int $project_id
+     * @param  int $role_id
+     * @return bool
+     */
+    public function remove($project_id, $role_id)
+    {
+        return $this->db
+            ->table(self::TABLE)
+            ->eq('project_id', $project_id)
+            ->eq('role_id', $role_id)
+            ->remove();
+    }
+}
diff --git a/app/Schema/Mysql.php b/app/Schema/Mysql.php
index 99fed66f..11c7f232 100644
--- a/app/Schema/Mysql.php
+++ b/app/Schema/Mysql.php
@@ -6,7 +6,40 @@ use PDO;
 use Kanboard\Core\Security\Token;
 use Kanboard\Core\Security\Role;
 
-const VERSION = 112;
+const VERSION = 113;
+
+function version_113(PDO $pdo)
+{
+    $pdo->exec("
+        CREATE TABLE project_has_roles (
+            role_id INT NOT NULL AUTO_INCREMENT,
+            role VARCHAR(255) NOT NULL,
+            project_id INT NOT NULL,
+            UNIQUE(project_id, role),
+            FOREIGN KEY(project_id) REFERENCES projects(id) ON DELETE CASCADE,
+            PRIMARY KEY(role_id)
+        ) ENGINE=InnoDB CHARSET=utf8
+    ");
+
+    $pdo->exec("
+        CREATE TABLE column_has_move_restrictions (
+            restriction_id INT NOT NULL AUTO_INCREMENT,
+            project_id INT NOT NULL,
+            role_id INT NOT NULL,
+            src_column_id INT NOT NULL,
+            dst_column_id INT NOT NULL,
+            UNIQUE(role_id, src_column_id, dst_column_id),
+            FOREIGN KEY(project_id) REFERENCES projects(id) ON DELETE CASCADE,
+            FOREIGN KEY(role_id) REFERENCES project_has_roles(role_id) ON DELETE CASCADE,
+            FOREIGN KEY(src_column_id) REFERENCES columns(id) ON DELETE CASCADE,
+            FOREIGN KEY(dst_column_id) REFERENCES columns(id) ON DELETE CASCADE,
+            PRIMARY KEY(restriction_id)
+        ) ENGINE=InnoDB CHARSET=utf8
+    ");
+
+    $pdo->exec("ALTER TABLE `project_has_users` MODIFY `role` VARCHAR(255) NOT NULL");
+    $pdo->exec("ALTER TABLE `project_has_groups` MODIFY `role` VARCHAR(255) NOT NULL");
+}
 
 function version_112(PDO $pdo)
 {
diff --git a/app/Schema/Postgres.php b/app/Schema/Postgres.php
index b982bcae..2d1695d0 100644
--- a/app/Schema/Postgres.php
+++ b/app/Schema/Postgres.php
@@ -6,7 +6,38 @@ use PDO;
 use Kanboard\Core\Security\Token;
 use Kanboard\Core\Security\Role;
 
-const VERSION = 91;
+const VERSION = 92;
+
+function version_92(PDO $pdo)
+{
+    $pdo->exec("
+        CREATE TABLE project_has_roles (
+            role_id SERIAL PRIMARY KEY,
+            role VARCHAR(255) NOT NULL,
+            project_id INTEGER NOT NULL,
+            UNIQUE(project_id, role),
+            FOREIGN KEY(project_id) REFERENCES projects(id) ON DELETE CASCADE
+        )
+    ");
+
+    $pdo->exec("
+        CREATE TABLE column_has_move_restrictions (
+            restriction_id SERIAL PRIMARY KEY,
+            project_id INTEGER NOT NULL,
+            role_id INTEGER NOT NULL,
+            src_column_id INTEGER NOT NULL,
+            dst_column_id INTEGER NOT NULL,
+            UNIQUE(role_id, src_column_id, dst_column_id),
+            FOREIGN KEY(project_id) REFERENCES projects(id) ON DELETE CASCADE,
+            FOREIGN KEY(role_id) REFERENCES project_has_roles(role_id) ON DELETE CASCADE,
+            FOREIGN KEY(src_column_id) REFERENCES columns(id) ON DELETE CASCADE,
+            FOREIGN KEY(dst_column_id) REFERENCES columns(id) ON DELETE CASCADE
+        )
+    ");
+
+    $pdo->exec('ALTER TABLE "project_has_users" ALTER COLUMN "role" TYPE VARCHAR(255)');
+    $pdo->exec('ALTER TABLE "project_has_groups" ALTER COLUMN "role" TYPE VARCHAR(255)');
+}
 
 function version_91(PDO $pdo)
 {
diff --git a/app/Schema/Sqlite.php b/app/Schema/Sqlite.php
index 2a7735ee..ecfa93de 100644
--- a/app/Schema/Sqlite.php
+++ b/app/Schema/Sqlite.php
@@ -6,7 +6,35 @@ use Kanboard\Core\Security\Token;
 use Kanboard\Core\Security\Role;
 use PDO;
 
-const VERSION = 103;
+const VERSION = 104;
+
+function version_104(PDO $pdo)
+{
+    $pdo->exec("
+        CREATE TABLE project_has_roles (
+            role_id INTEGER PRIMARY KEY,
+            role TEXT NOT NULL,
+            project_id INTEGER NOT NULL,
+            UNIQUE(project_id, role),
+            FOREIGN KEY(project_id) REFERENCES projects(id) ON DELETE CASCADE
+        )
+    ");
+
+    $pdo->exec("
+        CREATE TABLE column_has_move_restrictions (
+            restriction_id INTEGER PRIMARY KEY,
+            project_id INTEGER NOT NULL,
+            role_id INTEGER NOT NULL,
+            src_column_id INTEGER NOT NULL,
+            dst_column_id INTEGER NOT NULL,
+            UNIQUE(role_id, src_column_id, dst_column_id),
+            FOREIGN KEY(project_id) REFERENCES projects(id) ON DELETE CASCADE,
+            FOREIGN KEY(role_id) REFERENCES project_has_roles(role_id) ON DELETE CASCADE,
+            FOREIGN KEY(src_column_id) REFERENCES columns(id) ON DELETE CASCADE,
+            FOREIGN KEY(dst_column_id) REFERENCES columns(id) ON DELETE CASCADE
+        )
+    ");
+}
 
 function version_103(PDO $pdo)
 {