From 00cdc609d113fedf977da1d55136dc4d699fb308 Mon Sep 17 00:00:00 2001 From: Frédéric Guillot Date: Sat, 20 Sep 2014 12:52:48 +0200 Subject: Extract project permissions to a separate class --- app/Model/Base.php | 1 + app/Model/Project.php | 236 +------------------------------------- app/Model/ProjectPermission.php | 247 ++++++++++++++++++++++++++++++++++++++++ app/Model/Task.php | 4 +- 4 files changed, 252 insertions(+), 236 deletions(-) create mode 100644 app/Model/ProjectPermission.php (limited to 'app/Model') diff --git a/app/Model/Base.php b/app/Model/Base.php index 530ef6c2..e3f194b5 100644 --- a/app/Model/Base.php +++ b/app/Model/Base.php @@ -26,6 +26,7 @@ use PicoDb\Database; * @property \Model\LastLogin $lastLogin * @property \Model\Notification $notification * @property \Model\Project $project + * @property \Model\ProjectPermission $projectPermission * @property \Model\SubTask $subTask * @property \Model\Task $task * @property \Model\TaskExport $taskExport diff --git a/app/Model/Project.php b/app/Model/Project.php index 3edd82c5..1eabe239 100644 --- a/app/Model/Project.php +++ b/app/Model/Project.php @@ -22,13 +22,6 @@ class Project extends Base */ const TABLE = 'projects'; - /** - * SQL table name for users - * - * @var string - */ - const TABLE_USERS = 'project_has_users'; - /** * Value for active project * @@ -43,157 +36,6 @@ class Project extends Base */ const INACTIVE = 0; - /** - * Get a list of people that can be assigned for tasks - * - * @access public - * @param integer $project_id Project id - * @param bool $prepend_unassigned Prepend the 'Unassigned' value - * @param bool $prepend_everybody Prepend the 'Everbody' value - * @return array - */ - public function getUsersList($project_id, $prepend_unassigned = true, $prepend_everybody = false) - { - $allowed_users = $this->getAllowedUsers($project_id); - - if (empty($allowed_users)) { - $allowed_users = $this->user->getList(); - } - - if ($prepend_unassigned) { - $allowed_users = array(t('Unassigned')) + $allowed_users; - } - - if ($prepend_everybody) { - $allowed_users = array(User::EVERYBODY_ID => t('Everybody')) + $allowed_users; - } - - return $allowed_users; - } - - /** - * Get a list of allowed people for a project - * - * @access public - * @param integer $project_id Project id - * @return array - */ - public function getAllowedUsers($project_id) - { - $users = $this->db - ->table(self::TABLE_USERS) - ->join(User::TABLE, 'id', 'user_id') - ->eq('project_id', $project_id) - ->asc('username') - ->columns(User::TABLE.'.id', User::TABLE.'.username', User::TABLE.'.name') - ->findAll(); - - $result = array(); - - foreach ($users as $user) { - $result[$user['id']] = $user['name'] ?: $user['username']; - } - - asort($result); - - return $result; - } - - /** - * Get allowed and not allowed users for a project - * - * @access public - * @param integer $project_id Project id - * @return array - */ - public function getAllUsers($project_id) - { - $users = array( - 'allowed' => array(), - 'not_allowed' => array(), - ); - - $all_users = $this->user->getList(); - - $users['allowed'] = $this->getAllowedUsers($project_id); - - foreach ($all_users as $user_id => $username) { - - if (! isset($users['allowed'][$user_id])) { - $users['not_allowed'][$user_id] = $username; - } - } - - return $users; - } - - /** - * Allow a specific user for a given project - * - * @access public - * @param integer $project_id Project id - * @param integer $user_id User id - * @return bool - */ - public function allowUser($project_id, $user_id) - { - return $this->db - ->table(self::TABLE_USERS) - ->save(array('project_id' => $project_id, 'user_id' => $user_id)); - } - - /** - * Revoke a specific user for a given project - * - * @access public - * @param integer $project_id Project id - * @param integer $user_id User id - * @return bool - */ - public function revokeUser($project_id, $user_id) - { - return $this->db - ->table(self::TABLE_USERS) - ->eq('project_id', $project_id) - ->eq('user_id', $user_id) - ->remove(); - } - - /** - * Check if a specific user is allowed to access to a given project - * - * @access public - * @param integer $project_id Project id - * @param integer $user_id User id - * @return bool - */ - public function isUserAllowed($project_id, $user_id) - { - // If there is nobody specified, everybody have access to the project - $nb_users = $this->db - ->table(self::TABLE_USERS) - ->eq('project_id', $project_id) - ->count(); - - if ($nb_users < 1) return true; - - // Check if user has admin rights - $nb_users = $this->db - ->table(User::TABLE) - ->eq('id', $user_id) - ->eq('is_admin', 1) - ->count(); - - if ($nb_users > 0) return true; - - // Otherwise, allow only specific users - return (bool) $this->db - ->table(self::TABLE_USERS) - ->eq('project_id', $project_id) - ->eq('user_id', $user_id) - ->count(); - } - /** * Get a project by the id * @@ -256,7 +98,7 @@ class Project extends Base foreach ($projects as $key => $project) { - if (! $this->isUserAllowed($project['id'], $this->acl->getUserId())) { + if (! $this->projectPermission->isUserAllowed($project['id'], $this->acl->getUserId())) { unset($projects[$key]); } } @@ -328,37 +170,6 @@ class Project extends Base ->count(); } - /** - * Filter a list of projects for a given user - * - * @access public - * @param array $projects Project list: ['project_id' => 'project_name'] - * @param integer $user_id User id - * @return array - */ - public function filterListByAccess(array $projects, $user_id) - { - foreach ($projects as $project_id => $project_name) { - if (! $this->isUserAllowed($project_id, $user_id)) { - unset($projects[$project_id]); - } - } - - return $projects; - } - - /** - * Return a list of projects for a given user - * - * @access public - * @param integer $user_id User id - * @return array - */ - public function getAvailableList($user_id) - { - return $this->filterListByAccess($this->getListByStatus(self::ACTIVE), $user_id); - } - /** * Gather some task metrics for a given project * @@ -409,27 +220,6 @@ class Project extends Base return $this->db->getConnection()->getLastId(); } - /** - * Copy user access from a project to another one - * - * @author Antonio Rabelo - * @param integer $project_from Project Template - * @return integer $project_to Project that receives the copy - * @return boolean - */ - public function duplicateUsers($project_from, $project_to) - { - $users = $this->getAllowedUsers($project_from); - - foreach ($users as $user_id => $name) { - if (! $this->allowUser($project_to, $user_id)) { - return false; - } - } - - return true; - } - /** * Clone a project * @@ -461,7 +251,7 @@ class Project extends Base } // Clone Allowed Users - if (! $this->duplicateUsers($project_id, $clone_project_id)) { + if (! $this->projectPermission->duplicate($project_id, $clone_project_id)) { $this->db->cancelTransaction(); return false; } @@ -701,28 +491,6 @@ class Project extends Base ); } - /** - * Validate allowed users - * - * @access public - * @param array $values Form values - * @return array $valid, $errors [0] = Success or not, [1] = List of errors - */ - public function validateUserAccess(array $values) - { - $v = new Validator($values, array( - new Validators\Required('project_id', t('The project id is required')), - new Validators\Integer('project_id', t('This value must be an integer')), - new Validators\Required('user_id', t('The user id is required')), - new Validators\Integer('user_id', t('This value must be an integer')), - )); - - return array( - $v->execute(), - $v->getErrors() - ); - } - /** * Attach events * diff --git a/app/Model/ProjectPermission.php b/app/Model/ProjectPermission.php new file mode 100644 index 00000000..51c11735 --- /dev/null +++ b/app/Model/ProjectPermission.php @@ -0,0 +1,247 @@ +getAllowedUsers($project_id); + + if (empty($allowed_users)) { + $allowed_users = $this->user->getList(); + } + + if ($prepend_unassigned) { + $allowed_users = array(t('Unassigned')) + $allowed_users; + } + + if ($prepend_everybody) { + $allowed_users = array(User::EVERYBODY_ID => t('Everybody')) + $allowed_users; + } + + return $allowed_users; + } + + /** + * Get a list of allowed people for a project + * + * @access public + * @param integer $project_id Project id + * @return array + */ + public function getAllowedUsers($project_id) + { + $users = $this->db + ->table(self::TABLE) + ->join(User::TABLE, 'id', 'user_id') + ->eq('project_id', $project_id) + ->asc('username') + ->columns(User::TABLE.'.id', User::TABLE.'.username', User::TABLE.'.name') + ->findAll(); + + $result = array(); + + foreach ($users as $user) { + $result[$user['id']] = $user['name'] ?: $user['username']; + } + + asort($result); + + return $result; + } + + /** + * Get allowed and not allowed users for a project + * + * @access public + * @param integer $project_id Project id + * @return array + */ + public function getAllUsers($project_id) + { + $users = array( + 'allowed' => array(), + 'not_allowed' => array(), + ); + + $all_users = $this->user->getList(); + + $users['allowed'] = $this->getAllowedUsers($project_id); + + foreach ($all_users as $user_id => $username) { + + if (! isset($users['allowed'][$user_id])) { + $users['not_allowed'][$user_id] = $username; + } + } + + return $users; + } + + /** + * Allow a specific user for a given project + * + * @access public + * @param integer $project_id Project id + * @param integer $user_id User id + * @return bool + */ + public function allowUser($project_id, $user_id) + { + return $this->db + ->table(self::TABLE) + ->save(array('project_id' => $project_id, 'user_id' => $user_id)); + } + + /** + * Revoke a specific user for a given project + * + * @access public + * @param integer $project_id Project id + * @param integer $user_id User id + * @return bool + */ + public function revokeUser($project_id, $user_id) + { + return $this->db + ->table(self::TABLE) + ->eq('project_id', $project_id) + ->eq('user_id', $user_id) + ->remove(); + } + + /** + * Check if a specific user is allowed to access to a given project + * + * @access public + * @param integer $project_id Project id + * @param integer $user_id User id + * @return bool + */ + public function isUserAllowed($project_id, $user_id) + { + // If there is nobody specified, everybody have access to the project + $nb_users = $this->db + ->table(self::TABLE) + ->eq('project_id', $project_id) + ->count(); + + if ($nb_users < 1) return true; + + // Check if user has admin rights + $nb_users = $this->db + ->table(User::TABLE) + ->eq('id', $user_id) + ->eq('is_admin', 1) + ->count(); + + if ($nb_users > 0) return true; + + // Otherwise, allow only specific users + return (bool) $this->db + ->table(self::TABLE) + ->eq('project_id', $project_id) + ->eq('user_id', $user_id) + ->count(); + } + + /** + * Filter a list of projects for a given user + * + * @access public + * @param array $projects Project list: ['project_id' => 'project_name'] + * @param integer $user_id User id + * @return array + */ + public function filterProjects(array $projects, $user_id) + { + foreach ($projects as $project_id => $project_name) { + if (! $this->isUserAllowed($project_id, $user_id)) { + unset($projects[$project_id]); + } + } + + return $projects; + } + + /** + * Return a list of projects for a given user + * + * @access public + * @param integer $user_id User id + * @return array + */ + public function getAllowedProjects($user_id) + { + return $this->filterProjects($this->project->getListByStatus(Project::ACTIVE), $user_id); + } + + /** + * Copy user access from a project to another one + * + * @author Antonio Rabelo + * @param integer $project_from Project Template + * @return integer $project_to Project that receives the copy + * @return boolean + */ + public function duplicate($project_from, $project_to) + { + $users = $this->getAllowedUsers($project_from); + + foreach ($users as $user_id => $name) { + if (! $this->allowUser($project_to, $user_id)) { + return false; + } + } + + return true; + } + + /** + * Validate allowed users + * + * @access public + * @param array $values Form values + * @return array $valid, $errors [0] = Success or not, [1] = List of errors + */ + public function validateModification(array $values) + { + $v = new Validator($values, array( + new Validators\Required('project_id', t('The project id is required')), + new Validators\Integer('project_id', t('This value must be an integer')), + new Validators\Required('user_id', t('The user id is required')), + new Validators\Integer('user_id', t('This value must be an integer')), + )); + + return array( + $v->execute(), + $v->getErrors() + ); + } +} diff --git a/app/Model/Task.php b/app/Model/Task.php index eacf0b5b..8f544ac9 100644 --- a/app/Model/Task.php +++ b/app/Model/Task.php @@ -279,7 +279,7 @@ class Task extends Base $values['category_id'] = 0; // Check if the assigned user is allowed for the new project - if ($task['owner_id'] && $this->project->isUserAllowed($values['project_id'], $task['owner_id'])) { + if ($task['owner_id'] && $this->projectPermission->isUserAllowed($values['project_id'], $task['owner_id'])) { $values['owner_id'] = $task['owner_id']; } @@ -673,7 +673,7 @@ class Task extends Base $values['owner_id'] = 0; // Check if the assigned user is allowed for the new project - if ($task['owner_id'] && $this->project->isUserAllowed($project_id, $task['owner_id'])) { + if ($task['owner_id'] && $this->projectPermission->isUserAllowed($project_id, $task['owner_id'])) { $values['owner_id'] = $task['owner_id']; } -- cgit v1.2.3