From ddb73063a7889c8dad79dd7148c01c9bc845d9f0 Mon Sep 17 00:00:00 2001
From: Frederic Guillot <fred@kanboard.net>
Date: Mon, 18 Jan 2016 21:20:35 -0500
Subject: Return the highest role for a project when a user is member of
 multiple groups

---
 app/Core/Security/AccessMap.php | 20 ++++++++++++++++++++
 app/Model/ProjectGroupRole.php  |  6 ++++--
 2 files changed, 24 insertions(+), 2 deletions(-)

(limited to 'app')

diff --git a/app/Core/Security/AccessMap.php b/app/Core/Security/AccessMap.php
index 02a4ca45..f34c4b00 100644
--- a/app/Core/Security/AccessMap.php
+++ b/app/Core/Security/AccessMap.php
@@ -86,6 +86,26 @@ class AccessMap
         return $roles;
     }
 
+    /**
+     * Get the highest role from a list
+     *
+     * @access public
+     * @param  array  $roles
+     * @return string
+     */
+    public function getHighestRole(array $roles)
+    {
+        $rank = array();
+
+        foreach ($roles as $role) {
+            $rank[$role] = count($this->getRoleHierarchy($role));
+        }
+
+        asort($rank);
+
+        return key($rank);
+    }
+
     /**
      * Add new access rules
      *
diff --git a/app/Model/ProjectGroupRole.php b/app/Model/ProjectGroupRole.php
index 2fe22ca6..ee6ee7cb 100644
--- a/app/Model/ProjectGroupRole.php
+++ b/app/Model/ProjectGroupRole.php
@@ -48,11 +48,13 @@ class ProjectGroupRole extends Base
      */
     public function getUserRole($project_id, $user_id)
     {
-        return $this->db->table(self::TABLE)
+        $roles = $this->db->table(self::TABLE)
             ->join(GroupMember::TABLE, 'group_id', 'group_id', self::TABLE)
             ->eq(GroupMember::TABLE.'.user_id', $user_id)
             ->eq(self::TABLE.'.project_id', $project_id)
-            ->findOneColumn('role');
+            ->findAllByColumn('role');
+
+        return $this->projectAccessMap->getHighestRole($roles);
     }
 
     /**
-- 
cgit v1.2.3