From f0651c48c14f44a21d01c2ee71ebdd0a5ffd81a6 Mon Sep 17 00:00:00 2001
From: Frederic Guillot <fred@kanboard.net>
Date: Sun, 6 Dec 2015 17:39:21 -0500
Subject: Restrict actions for project viewers

---
 app/Template/task/show.php | 35 +++++++++++++++++++++++++++++++----
 1 file changed, 31 insertions(+), 4 deletions(-)

(limited to 'app/Template/task/show.php')

diff --git a/app/Template/task/show.php b/app/Template/task/show.php
index 713c2b3a..f6d47e53 100644
--- a/app/Template/task/show.php
+++ b/app/Template/task/show.php
@@ -4,6 +4,7 @@
     'recurrence_trigger_list' => $this->task->recurrenceTriggers(),
     'recurrence_timeframe_list' => $this->task->recurrenceTimeframes(),
     'recurrence_basedate_list' => $this->task->recurrenceBasedates(),
+    'editable' => $this->user->hasProjectAccess('taskmodification', 'edit', $project['id']),
 )) ?>
 
 <?php if ($this->user->hasProjectAccess('taskmodification', 'edit', $project['id'])): ?>
@@ -11,8 +12,34 @@
 <?php endif ?>
 
 <?= $this->render('task/description', array('task' => $task)) ?>
-<?= $this->render('tasklink/show', array('task' => $task, 'links' => $links, 'link_label_list' => $link_label_list)) ?>
-<?= $this->render('subtask/show', array('task' => $task, 'subtasks' => $subtasks, 'project' => $project, 'users_list' => isset($users_list) ? $users_list : array())) ?>
+
+<?= $this->render('tasklink/show', array(
+    'task' => $task,
+    'links' => $links,
+    'link_label_list' => $link_label_list,
+    'editable' => $this->user->hasProjectAccess('tasklink', 'edit', $project['id']),
+    'is_public' => false,
+)) ?>
+
+<?= $this->render('subtask/show', array(
+    'task' => $task,
+    'subtasks' => $subtasks,
+    'project' => $project,
+    'users_list' => isset($users_list) ? $users_list : array(),
+    'editable' => $this->user->hasProjectAccess('subtask', 'edit', $project['id']),
+)) ?>
+
 <?= $this->render('task/time_tracking_summary', array('task' => $task)) ?>
-<?= $this->render('file/show', array('task' => $task, 'files' => $files, 'images' => $images)) ?>
-<?= $this->render('task/comments', array('task' => $task, 'comments' => $comments, 'project' => $project)) ?>
+
+<?= $this->render('file/show', array(
+    'task' => $task,
+    'files' => $files,
+    'images' => $images
+)) ?>
+
+<?= $this->render('task/comments', array(
+    'task' => $task,
+    'comments' => $comments,
+    'project' => $project,
+    'editable' => $this->user->hasProjectAccess('comment', 'edit', $project['id']),
+)) ?>
-- 
cgit v1.2.3