From d8f6d8568396816a6bfaca1e01211384e803cf91 Mon Sep 17 00:00:00 2001 From: Frederic Guillot Date: Sun, 11 Sep 2016 16:08:03 -0400 Subject: Add project restrictions for custom roles --- app/Controller/BoardAjaxController.php | 8 +- app/Controller/ColumnMoveRestrictionController.php | 4 +- .../ProjectRoleRestrictionController.php | 96 ++++++++++++++++++++++ app/Controller/TaskSuppressionController.php | 4 +- 4 files changed, 101 insertions(+), 11 deletions(-) create mode 100644 app/Controller/ProjectRoleRestrictionController.php (limited to 'app/Controller') diff --git a/app/Controller/BoardAjaxController.php b/app/Controller/BoardAjaxController.php index cc3b846e..484ef67d 100644 --- a/app/Controller/BoardAjaxController.php +++ b/app/Controller/BoardAjaxController.php @@ -28,14 +28,8 @@ class BoardAjaxController extends BaseController } $values = $this->request->getJson(); - $canMoveTask = $this->columnMoveRestrictionModel->isAllowed( - $project_id, - $this->helper->user->getProjectUserRole($project_id), - $values['src_column_id'], - $values['dst_column_id'] - ); - if (! $canMoveTask) { + if (! $this->helper->projectRole->canMoveTask($project_id, $values['src_column_id'], $values['dst_column_id'])) { throw new AccessForbiddenException(e("You don't have the permission to move this task")); } diff --git a/app/Controller/ColumnMoveRestrictionController.php b/app/Controller/ColumnMoveRestrictionController.php index 3f1b878f..b12f6b77 100644 --- a/app/Controller/ColumnMoveRestrictionController.php +++ b/app/Controller/ColumnMoveRestrictionController.php @@ -45,14 +45,14 @@ class ColumnMoveRestrictionController extends BaseController list($valid, $errors) = $this->columnMoveRestrictionValidator->validateCreation($values); if ($valid) { - $role_id = $this->columnMoveRestrictionModel->create( + $restriction_id = $this->columnMoveRestrictionModel->create( $project['id'], $values['role_id'], $values['src_column_id'], $values['dst_column_id'] ); - if ($role_id !== false) { + if ($restriction_id !== false) { $this->flash->success(t('The column restriction has been created successfully.')); } else { $this->flash->failure(t('Unable to create this column restriction.')); diff --git a/app/Controller/ProjectRoleRestrictionController.php b/app/Controller/ProjectRoleRestrictionController.php new file mode 100644 index 00000000..4fa9b13b --- /dev/null +++ b/app/Controller/ProjectRoleRestrictionController.php @@ -0,0 +1,96 @@ +getProject(); + $role_id = $this->request->getIntegerParam('role_id'); + $role = $this->projectRoleModel->getById($project['id'], $role_id); + + $this->response->html($this->template->render('project_role_restriction/create', array( + 'project' => $project, + 'role' => $role, + 'values' => $values + array('project_id' => $project['id'], 'role_id' => $role['role_id']), + 'errors' => $errors, + 'restrictions' => $this->projectRoleRestrictionModel->getRules(), + ))); + } + + /** + * Save new restriction + */ + public function save() + { + $project = $this->getProject(); + $values = $this->request->getValues(); + + $restriction_id = $this->projectRoleRestrictionModel->create( + $project['id'], + $values['role_id'], + $values['rule'] + ); + + if ($restriction_id !== false) { + $this->flash->success(t('The project restriction has been created successfully.')); + } else { + $this->flash->failure(t('Unable to create this project restriction.')); + } + + $this->response->redirect($this->helper->url->to('ProjectRoleController', 'show', array('project_id' => $project['id']))); + } + + /** + * Confirm suppression + * + * @access public + */ + public function confirm() + { + $project = $this->getProject(); + $restriction_id = $this->request->getIntegerParam('restriction_id'); + + $this->response->html($this->helper->layout->project('project_role_restriction/remove', array( + 'project' => $project, + 'restriction' => $this->projectRoleRestrictionModel->getById($project['id'], $restriction_id), + 'restrictions' => $this->projectRoleRestrictionModel->getRules(), + ))); + } + + /** + * Remove a restriction + * + * @access public + */ + public function remove() + { + $project = $this->getProject(); + $this->checkCSRFParam(); + $restriction_id = $this->request->getIntegerParam('restriction_id'); + + if ($this->projectRoleRestrictionModel->remove($restriction_id)) { + $this->flash->success(t('Project restriction removed successfully.')); + } else { + $this->flash->failure(t('Unable to remove this restriction.')); + } + + $this->response->redirect($this->helper->url->to('ProjectRoleController', 'show', array('project_id' => $project['id']))); + } +} diff --git a/app/Controller/TaskSuppressionController.php b/app/Controller/TaskSuppressionController.php index 600107c9..019bd97c 100644 --- a/app/Controller/TaskSuppressionController.php +++ b/app/Controller/TaskSuppressionController.php @@ -19,7 +19,7 @@ class TaskSuppressionController extends BaseController { $task = $this->getTask(); - if (! $this->helper->user->canRemoveTask($task)) { + if (! $this->helper->projectRole->canRemoveTask($task)) { throw new AccessForbiddenException(); } @@ -37,7 +37,7 @@ class TaskSuppressionController extends BaseController $task = $this->getTask(); $this->checkCSRFParam(); - if (! $this->helper->user->canRemoveTask($task)) { + if (! $this->helper->projectRole->canRemoveTask($task)) { throw new AccessForbiddenException(); } -- cgit v1.2.3