From 0f6a4e9de9b6fb1c07f1fd85bdd2786a5c21e3bd Mon Sep 17 00:00:00 2001
From: Frederic Guillot <fred@kanboard.net>
Date: Mon, 26 Jan 2015 21:35:33 -0500
Subject: Allow urls without project_id

---
 app/Controller/Base.php  | 27 ++++++++++++++++++++++-----
 app/Model/TaskFinder.php | 12 ++++++++++++
 2 files changed, 34 insertions(+), 5 deletions(-)

(limited to 'app')

diff --git a/app/Controller/Base.php b/app/Controller/Base.php
index e0f99d18..232e09bf 100644
--- a/app/Controller/Base.php
+++ b/app/Controller/Base.php
@@ -165,16 +165,17 @@ abstract class Base
         $this->container['dispatcher']->dispatch('session.bootstrap', new Event);
 
         if (! $this->acl->isPublicAction($controller, $action)) {
-            $this->handleAuthenticatedUser($controller, $action);
+            $this->handleAuthentication($controller, $action);
+            $this->handleAuthorization($controller, $action);
         }
     }
 
     /**
-     * Check page access and authentication
+     * Check authentication
      *
      * @access public
      */
-    public function handleAuthenticatedUser($controller, $action)
+    public function handleAuthentication($controller, $action)
     {
         if (! $this->authentication->isAuthenticated()) {
 
@@ -184,8 +185,24 @@ abstract class Base
 
             $this->response->redirect('?controller=user&action=login&redirect_query='.urlencode($this->request->getQueryString()));
         }
+    }
+
+    /**
+     * Check page access and authorization
+     *
+     * @access public
+     */
+    public function handleAuthorization($controller, $action)
+    {
+        $project_id = $this->request->getIntegerParam('project_id');
+        $task_id = $this->request->getIntegerParam('task_id');
+        
+        // Allow urls without "project_id"
+        if ($task_id > 0 && $project_id === 0) {
+            $project_id = $this->taskFinder->getProjectId($task_id);
+        }
 
-        if (! $this->acl->isAllowed($controller, $action, $this->request->getIntegerParam('project_id', 0))) {
+        if (! $this->acl->isAllowed($controller, $action, $project_id)) {
             $this->forbidden();
         }
     }
@@ -287,7 +304,7 @@ abstract class Base
     {
         $task = $this->taskFinder->getDetails($this->request->getIntegerParam('task_id'));
 
-        if (! $task || $task['project_id'] != $this->request->getIntegerParam('project_id')) {
+        if (! $task) {
             $this->notfound();
         }
 
diff --git a/app/Model/TaskFinder.php b/app/Model/TaskFinder.php
index 6a19eeec..42f2f273 100644
--- a/app/Model/TaskFinder.php
+++ b/app/Model/TaskFinder.php
@@ -172,6 +172,18 @@ class TaskFinder extends Base
         return $tasks;
     }
 
+    /**
+     * Get project id for a given task
+     *
+     * @access public
+     * @param  integer   $task_id   Task id
+     * @return integer
+     */
+    public function getProjectId($task_id)
+    {
+        return (int) $this->db->table(Task::TABLE)->eq('id', $task_id)->findOneColumn('project_id') ?: 0;
+    }
+
     /**
      * Fetch a task by the id
      *
-- 
cgit v1.2.3