From f0651c48c14f44a21d01c2ee71ebdd0a5ffd81a6 Mon Sep 17 00:00:00 2001
From: Frederic Guillot <fred@kanboard.net>
Date: Sun, 6 Dec 2015 17:39:21 -0500
Subject: Restrict actions for project viewers

---
 app/Template/task/comments.php |  4 ++--
 app/Template/task/details.php  |  2 +-
 app/Template/task/public.php   | 11 ++++++-----
 app/Template/task/show.php     | 35 +++++++++++++++++++++++++++++++----
 4 files changed, 40 insertions(+), 12 deletions(-)

(limited to 'app/Template/task')

diff --git a/app/Template/task/comments.php b/app/Template/task/comments.php
index 070de320..57fb305f 100644
--- a/app/Template/task/comments.php
+++ b/app/Template/task/comments.php
@@ -15,12 +15,12 @@
             'comment' => $comment,
             'task' => $task,
             'project' => $project,
-            'not_editable' => isset($not_editable) && $not_editable,
+            'editable' => $editable,
             'is_public' => isset($is_public) && $is_public,
         )) ?>
     <?php endforeach ?>
 
-    <?php if (! isset($not_editable)): ?>
+    <?php if ($editable): ?>
         <?= $this->render('comment/create', array(
             'skip_cancel' => true,
             'values' => array(
diff --git a/app/Template/task/details.php b/app/Template/task/details.php
index 9cd10dda..74799b15 100644
--- a/app/Template/task/details.php
+++ b/app/Template/task/details.php
@@ -86,7 +86,7 @@
         </li>
         <?php endif ?>
 
-        <?php if (! isset($not_editable) && $task['recurrence_status'] != \Kanboard\Model\Task::RECURRING_STATUS_NONE): ?>
+        <?php if ($editable && $task['recurrence_status'] != \Kanboard\Model\Task::RECURRING_STATUS_NONE): ?>
         <li>
             <strong><?= t('Recurring information') ?></strong>
             <?= $this->render('task/recurring_info', array(
diff --git a/app/Template/task/public.php b/app/Template/task/public.php
index e3105488..7edf097c 100644
--- a/app/Template/task/public.php
+++ b/app/Template/task/public.php
@@ -1,33 +1,34 @@
 <section id="main" class="public-task">
 
-    <?= $this->render('task/details', array('task' => $task, 'project' => $project, 'not_editable' => true)) ?>
+    <?= $this->render('task/details', array('task' => $task, 'project' => $project, 'editable' => false)) ?>
 
     <p class="pull-right"><?= $this->url->link(t('Back to the board'), 'board', 'readonly', array('token' => $project['token'])) ?></p>
 
     <?= $this->render('task/description', array(
         'task' => $task,
         'project' => $project,
-        'is_public' => true
+        'is_public' => true,
     )) ?>
 
     <?= $this->render('tasklink/show', array(
         'task' => $task,
         'links' => $links,
         'project' => $project,
-        'not_editable' => true
+        'editable' => false,
+        'is_public' => true,
     )) ?>
 
     <?= $this->render('subtask/show', array(
         'task' => $task,
         'subtasks' => $subtasks,
-        'not_editable' => true
+        'editable' => false
     )) ?>
 
     <?= $this->render('task/comments', array(
         'task' => $task,
         'comments' => $comments,
         'project' => $project,
-        'not_editable' => true,
+        'editable' => false,
         'is_public' => true,
     )) ?>
 
diff --git a/app/Template/task/show.php b/app/Template/task/show.php
index 713c2b3a..f6d47e53 100644
--- a/app/Template/task/show.php
+++ b/app/Template/task/show.php
@@ -4,6 +4,7 @@
     'recurrence_trigger_list' => $this->task->recurrenceTriggers(),
     'recurrence_timeframe_list' => $this->task->recurrenceTimeframes(),
     'recurrence_basedate_list' => $this->task->recurrenceBasedates(),
+    'editable' => $this->user->hasProjectAccess('taskmodification', 'edit', $project['id']),
 )) ?>
 
 <?php if ($this->user->hasProjectAccess('taskmodification', 'edit', $project['id'])): ?>
@@ -11,8 +12,34 @@
 <?php endif ?>
 
 <?= $this->render('task/description', array('task' => $task)) ?>
-<?= $this->render('tasklink/show', array('task' => $task, 'links' => $links, 'link_label_list' => $link_label_list)) ?>
-<?= $this->render('subtask/show', array('task' => $task, 'subtasks' => $subtasks, 'project' => $project, 'users_list' => isset($users_list) ? $users_list : array())) ?>
+
+<?= $this->render('tasklink/show', array(
+    'task' => $task,
+    'links' => $links,
+    'link_label_list' => $link_label_list,
+    'editable' => $this->user->hasProjectAccess('tasklink', 'edit', $project['id']),
+    'is_public' => false,
+)) ?>
+
+<?= $this->render('subtask/show', array(
+    'task' => $task,
+    'subtasks' => $subtasks,
+    'project' => $project,
+    'users_list' => isset($users_list) ? $users_list : array(),
+    'editable' => $this->user->hasProjectAccess('subtask', 'edit', $project['id']),
+)) ?>
+
 <?= $this->render('task/time_tracking_summary', array('task' => $task)) ?>
-<?= $this->render('file/show', array('task' => $task, 'files' => $files, 'images' => $images)) ?>
-<?= $this->render('task/comments', array('task' => $task, 'comments' => $comments, 'project' => $project)) ?>
+
+<?= $this->render('file/show', array(
+    'task' => $task,
+    'files' => $files,
+    'images' => $images
+)) ?>
+
+<?= $this->render('task/comments', array(
+    'task' => $task,
+    'comments' => $comments,
+    'project' => $project,
+    'editable' => $this->user->hasProjectAccess('comment', 'edit', $project['id']),
+)) ?>
-- 
cgit v1.2.3