From c328bcf840f2fe21e87246b10fb8c75dfa640d1d Mon Sep 17 00:00:00 2001 From: Frederic Guillot Date: Sun, 18 Sep 2016 22:05:20 -0400 Subject: Enforce restrictions for column menus --- app/Controller/TaskBulkController.php | 9 ++++++--- app/Template/board/table_column.php | 16 +++++++++------- 2 files changed, 15 insertions(+), 10 deletions(-) diff --git a/app/Controller/TaskBulkController.php b/app/Controller/TaskBulkController.php index df7f589b..4e06f636 100644 --- a/app/Controller/TaskBulkController.php +++ b/app/Controller/TaskBulkController.php @@ -47,7 +47,12 @@ class TaskBulkController extends BaseController $values = $this->request->getValues(); list($valid, $errors) = $this->taskValidator->validateBulkCreation($values); - if ($valid) { + if (! $valid) { + $this->show($values, $errors); + } else if (! $this->helper->projectRole->canCreateTaskInColumn($project['id'], $values['column_id'])) { + $this->flash->failure(t('You cannot create tasks in this column.')); + $this->response->redirect($this->helper->url->to('BoardViewController', 'show', array('project_id' => $project['id'])), true); + } else { $this->createTasks($project, $values); $this->response->redirect($this->helper->url->to( 'BoardViewController', @@ -55,8 +60,6 @@ class TaskBulkController extends BaseController array('project_id' => $project['id']), 'swimlane-'. $values['swimlane_id'] ), true); - } else { - $this->show($values, $errors); } } diff --git a/app/Template/board/table_column.php b/app/Template/board/table_column.php index 3daa8aed..e2976f27 100644 --- a/app/Template/board/table_column.php +++ b/app/Template/board/table_column.php @@ -35,18 +35,20 @@ - user->hasProjectAccess('TaskCreationController', 'show', $column['project_id'])): ?> + projectRole->canCreateTaskInColumn($column['project_id'], $column['id'])): ?>
  • url->link(t('Create tasks in bulk'), 'TaskBulkController', 'show', array('project_id' => $column['project_id'], 'column_id' => $column['id'], 'swimlane_id' => $swimlane['id']), false, 'popover') ?>
    • - 0): ?> -
  • - - url->link(t('Close all tasks of this column'), 'BoardPopoverController', 'confirmCloseColumnTasks', array('project_id' => $column['project_id'], 'column_id' => $column['id'], 'swimlane_id' => $swimlane['id']), false, 'popover') ?> -
    • - + + 0 && $this->projectRole->canChangeTaskStatusInColumn($column['project_id'], $column['id'])): ?> +
  • + + url->link(t('Close all tasks of this column'), 'BoardPopoverController', 'confirmCloseColumnTasks', array('project_id' => $column['project_id'], 'column_id' => $column['id'], 'swimlane_id' => $swimlane['id']), false, 'popover') ?> +
    • + + hook->render('template:board:column:dropdown', array('swimlane' => $swimlane, 'column' => $column)) ?> -- cgit v1.2.3