From 95e54d1d300809cb8656c52d029f797ba5961a04 Mon Sep 17 00:00:00 2001
From: Frédéric Guillot <fred@kanboard.net>
Date: Fri, 19 Sep 2014 22:08:04 +0200
Subject: Exclude current user in email notifications, pull-request #273)

---
 app/Core/Session.php       | 16 ++++++++++++++--
 app/Model/Notification.php | 12 ++++++++++--
 app/Model/User.php         |  3 ++-
 3 files changed, 26 insertions(+), 5 deletions(-)

(limited to 'app')

diff --git a/app/Core/Session.php b/app/Core/Session.php
index c824ba64..6028f0b9 100644
--- a/app/Core/Session.php
+++ b/app/Core/Session.php
@@ -19,6 +19,18 @@ class Session
      */
     const SESSION_LIFETIME = 0; // Until the browser is closed
 
+    /**
+     * Return true if the session is open
+     *
+     * @static
+     * @access public
+     * @return boolean
+     */
+    public static function isOpen()
+    {
+        return session_id() !== '';
+    }
+
     /**
      * Open a session
      *
@@ -50,14 +62,14 @@ class Session
         ini_set('session.hash_bits_per_character', 6);
 
         // If session was autostarted with session.auto_start = 1 in php.ini destroy it, otherwise we cannot login
-        if (isset($_SESSION))
-        {
+        if (isset($_SESSION)) {
             session_destroy();
         }
 
         // Custom session name
         session_name('__S');
 
+        // Start the session
         session_start();
 
         // Regenerate the session id to avoid session fixation issue
diff --git a/app/Model/Notification.php b/app/Model/Notification.php
index 89439f37..a7dd7fc0 100644
--- a/app/Model/Notification.php
+++ b/app/Model/Notification.php
@@ -2,6 +2,7 @@
 
 namespace Model;
 
+use Core\Session;
 use Core\Translator;
 use Core\Template;
 use Event\TaskNotificationListener;
@@ -30,15 +31,22 @@ class Notification extends Base
      * Get the list of users to send the notification for a given project
      *
      * @access public
-     * @param  integer   $project_id   Project id
+     * @param  integer   $project_id     Project id
+     * @param  array     $exlude_users   List of user_id to exclude
      * @return array
      */
-    public function getUsersList($project_id)
+    public function getUsersList($project_id, array $exclude_users = array())
     {
+        // Exclude the connected user
+        if (Session::isOpen()) {
+            $exclude_users[] = $this->acl->getUserId();
+        }
+
         $users = $this->db->table(User::TABLE)
                           ->columns('id', 'username', 'name', 'email')
                           ->eq('notifications_enabled', '1')
                           ->neq('email', '')
+                          ->notin('id', $exclude_users)
                           ->findAll();
 
         foreach ($users as $index => $user) {
diff --git a/app/Model/User.php b/app/Model/User.php
index c1a9dcc9..54588cbe 100644
--- a/app/Model/User.php
+++ b/app/Model/User.php
@@ -4,6 +4,7 @@ namespace Model;
 
 use SimpleValidator\Validator;
 use SimpleValidator\Validators;
+use Core\Session;
 
 /**
  * User model
@@ -205,7 +206,7 @@ class User extends Base
         $result = $this->db->table(self::TABLE)->eq('id', $values['id'])->update($values);
 
         // If the user is connected refresh his session
-        if (session_id() !== '' && $_SESSION['user']['id'] == $values['id']) {
+        if (Session::isOpen() && $_SESSION['user']['id'] == $values['id']) {
             $this->updateSession();
         }
 
-- 
cgit v1.2.3