From 481e767d3533449e63eda1767c5e6c071d3442a3 Mon Sep 17 00:00:00 2001
From: Frederic Guillot <fred@kanboard.net>
Date: Wed, 5 Apr 2017 22:53:54 -0400
Subject: Add new project restriction to block assignee change

---
 app/Helper/ProjectRoleHelper.php | 18 ++++++++++++++++++
 app/Helper/TaskHelper.php        |  4 ++++
 2 files changed, 22 insertions(+)

(limited to 'app/Helper')

diff --git a/app/Helper/ProjectRoleHelper.php b/app/Helper/ProjectRoleHelper.php
index fd7a690b..508dc9e0 100644
--- a/app/Helper/ProjectRoleHelper.php
+++ b/app/Helper/ProjectRoleHelper.php
@@ -171,6 +171,24 @@ class ProjectRoleHelper extends Base
         return false;
     }
 
+    /**
+     * Return true if the user can change assignee
+     *
+     * @public
+     * @param  array $task
+     * @return bool
+     */
+    public function canChangeAssignee(array $task)
+    {
+        $role = $this->getProjectUserRole($task['project_id']);
+
+        if ($this->hasRestriction($task['project_id'], $role, ProjectRoleRestrictionModel::RULE_TASK_CHANGE_ASSIGNEE)) {
+            return false;
+        }
+
+        return true;
+    }
+
     /**
      * Check project access
      *
diff --git a/app/Helper/TaskHelper.php b/app/Helper/TaskHelper.php
index 69520c03..334f4f33 100644
--- a/app/Helper/TaskHelper.php
+++ b/app/Helper/TaskHelper.php
@@ -93,6 +93,10 @@ class TaskHelper extends Base
 
     public function renderAssigneeField(array $users, array $values, array $errors = array(), array $attributes = array())
     {
+        if (isset($values['project_id']) && ! $this->helper->projectRole->canChangeAssignee($values)) {
+            return '';
+        }
+
         $attributes = array_merge(array('tabindex="3"'), $attributes);
 
         $html = $this->helper->form->label(t('Assignee'), 'owner_id');
-- 
cgit v1.2.3