From 384b64b7fab59d9de0fea5adb89438c1192b6301 Mon Sep 17 00:00:00 2001
From: toomyem <toomyem@toomyem.net>
Date: Wed, 5 Mar 2014 09:40:06 +0100
Subject: Admin users are not allowed for a project

In function isUserAllowed() it is only checked if:
1. any user is assigned to the project (if no then allow anybody)
2. if logged user is allowed for given project
But also _admin_ users _not assigned_ to the project shall be allowed.
---
 models/project.php | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/models/project.php b/models/project.php
index a2f66478..45cd1baa 100644
--- a/models/project.php
+++ b/models/project.php
@@ -82,6 +82,15 @@ class Project extends Base
 
         if ($nb_users < 1) return true;
 
+        // check if user has admin rights
+        $nb_users = $this->db
+                    ->table(\Model\User::TABLE)
+                    ->eq('id', $user_id)
+                    ->eq('is_admin', 1)
+                    ->count();
+         
+        if ($nb_users > 0) return true;
+
         // Otherwise, allow only specific users
         return (bool) $this->db
                     ->table(self::TABLE_USERS)
-- 
cgit v1.2.3


From 850abb1500a2785e64c0ac7aa621ec55920439c4 Mon Sep 17 00:00:00 2001
From: toomyem <toomyem@toomyem.net>
Date: Wed, 5 Mar 2014 10:55:26 +0100
Subject: Altered test cases for allowed user checking.

Changed test checking if admin used has always access.
Added new test to check if non admin used does not have access if is not added to acl list.
---
 tests/ProjectTest.php | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/tests/ProjectTest.php b/tests/ProjectTest.php
index 6eb39f52..33a35168 100644
--- a/tests/ProjectTest.php
+++ b/tests/ProjectTest.php
@@ -57,7 +57,13 @@ class ProjectTest extends PHPUnit_Framework_TestCase
         $this->assertTrue($p->revokeUser(1, 1));
 
         $this->assertEquals(array('2' => 'unittest'), $p->getAllowedUsers(1));
-        $this->assertFalse($p->isUserAllowed(1, 1));
+        $this->assertTrue($p->isUserAllowed(1, 1)); // has admin priviledges
         $this->assertTrue($p->isUserAllowed(1, 2));
+        
+        // Check if revoked regular user is not allowed
+        $this->assertTrue($p->allowUser(1, 1));
+        $this->assertTrue($p->revokeUser(1, 2));
+        $this->assertEquals(array('1' => 'admin'), $p->getAllowedUsers(1));
+        $this->assertFalse($p->isUserAllowed(1, 2)); // regulat user is not allowed
     }
 }
-- 
cgit v1.2.3