From 0f6a4e9de9b6fb1c07f1fd85bdd2786a5c21e3bd Mon Sep 17 00:00:00 2001 From: Frederic Guillot Date: Mon, 26 Jan 2015 21:35:33 -0500 Subject: Allow urls without project_id --- app/Controller/Base.php | 27 ++++++++++++++++++++++----- 1 file changed, 22 insertions(+), 5 deletions(-) (limited to 'app/Controller') diff --git a/app/Controller/Base.php b/app/Controller/Base.php index e0f99d18..232e09bf 100644 --- a/app/Controller/Base.php +++ b/app/Controller/Base.php @@ -165,16 +165,17 @@ abstract class Base $this->container['dispatcher']->dispatch('session.bootstrap', new Event); if (! $this->acl->isPublicAction($controller, $action)) { - $this->handleAuthenticatedUser($controller, $action); + $this->handleAuthentication($controller, $action); + $this->handleAuthorization($controller, $action); } } /** - * Check page access and authentication + * Check authentication * * @access public */ - public function handleAuthenticatedUser($controller, $action) + public function handleAuthentication($controller, $action) { if (! $this->authentication->isAuthenticated()) { @@ -184,8 +185,24 @@ abstract class Base $this->response->redirect('?controller=user&action=login&redirect_query='.urlencode($this->request->getQueryString())); } + } + + /** + * Check page access and authorization + * + * @access public + */ + public function handleAuthorization($controller, $action) + { + $project_id = $this->request->getIntegerParam('project_id'); + $task_id = $this->request->getIntegerParam('task_id'); + + // Allow urls without "project_id" + if ($task_id > 0 && $project_id === 0) { + $project_id = $this->taskFinder->getProjectId($task_id); + } - if (! $this->acl->isAllowed($controller, $action, $this->request->getIntegerParam('project_id', 0))) { + if (! $this->acl->isAllowed($controller, $action, $project_id)) { $this->forbidden(); } } @@ -287,7 +304,7 @@ abstract class Base { $task = $this->taskFinder->getDetails($this->request->getIntegerParam('task_id')); - if (! $task || $task['project_id'] != $this->request->getIntegerParam('project_id')) { + if (! $task) { $this->notfound(); } -- cgit v1.2.3