|
<?php |
|
|
|
namespace Kanboard\Helper; |
|
|
|
use Kanboard\Core\Base; |
|
use Kanboard\Core\Security\Role; |
|
use Kanboard\Model\ColumnRestrictionModel; |
|
use Kanboard\Model\ProjectRoleRestrictionModel; |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
class ProjectRoleHelper extends Base |
|
{ |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
public function getProjectUserRole($projectId) |
|
{ |
|
return $this->memoryCache->proxy($this->projectUserRoleModel, 'getUserRole', $projectId, $this->userSession->getId()); |
|
} |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
public function isDraggable(array &$task) |
|
{ |
|
if ($task['is_active'] == 1 && $this->helper->user->hasProjectAccess('BoardAjaxController', 'save', $task['project_id'])) { |
|
return $this->isSortableColumn($task['project_id'], $task['column_id'], $task['owner_id']); |
|
} |
|
|
|
return false; |
|
} |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
public function isSortableColumn($projectId, $columnId, $assigneeId = null) |
|
{ |
|
$role = $this->getProjectUserRole($projectId); |
|
|
|
if ($this->role->isCustomProjectRole($role)) { |
|
$sortableColumns = $this->columnMoveRestrictionCacheDecorator->getSortableColumns($projectId, $role); |
|
|
|
foreach ($sortableColumns as $column) { |
|
if ($column['src_column_id'] == $columnId || $column['dst_column_id'] == $columnId) { |
|
if ($column['only_assigned'] == 1 && $assigneeId !== null && $assigneeId != $this->userSession->getId()) { |
|
return false; |
|
} |
|
|
|
return true; |
|
} |
|
} |
|
|
|
return empty($sortableColumns) && $this->isAllowedToMoveTask($projectId, $role); |
|
} |
|
|
|
return true; |
|
} |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
public function canMoveTask($projectId, $srcColumnId, $dstColumnId) |
|
{ |
|
$role = $this->getProjectUserRole($projectId); |
|
|
|
if ($this->role->isCustomProjectRole($role)) { |
|
if ($srcColumnId == $dstColumnId) { |
|
return true; |
|
} |
|
|
|
$sortableColumns = $this->columnMoveRestrictionCacheDecorator->getSortableColumns($projectId, $role); |
|
|
|
foreach ($sortableColumns as $column) { |
|
if ($column['src_column_id'] == $srcColumnId && $column['dst_column_id'] == $dstColumnId) { |
|
return true; |
|
} |
|
|
|
if ($column['dst_column_id'] == $srcColumnId && $column['src_column_id'] == $dstColumnId) { |
|
return true; |
|
} |
|
} |
|
|
|
return empty($sortableColumns) && $this->isAllowedToMoveTask($projectId, $role); |
|
} |
|
|
|
return true; |
|
} |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
public function canCreateTaskInColumn($projectId, $columnId) |
|
{ |
|
$role = $this->getProjectUserRole($projectId); |
|
|
|
if ($this->role->isCustomProjectRole($role)) { |
|
if (! $this->isAllowedToCreateTask($projectId, $columnId, $role)) { |
|
return false; |
|
} |
|
} |
|
|
|
return $this->helper->user->hasProjectAccess('TaskCreationController', 'show', $projectId); |
|
} |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
public function canChangeTaskStatusInColumn($projectId, $columnId) |
|
{ |
|
$role = $this->getProjectUserRole($projectId); |
|
|
|
if ($this->role->isCustomProjectRole($role)) { |
|
if (! $this->isAllowedToChangeTaskStatus($projectId, $columnId, $role)) { |
|
return false; |
|
} |
|
} |
|
|
|
return $this->helper->user->hasProjectAccess('TaskStatusController', 'close', $projectId); |
|
} |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
public function canRemoveTask(array $task) |
|
{ |
|
$role = $this->getProjectUserRole($task['project_id']); |
|
|
|
if ($this->hasRestriction($task['project_id'], $role, ProjectRoleRestrictionModel::RULE_TASK_SUPPRESSION)) { |
|
return false; |
|
} |
|
|
|
if (isset($task['creator_id']) && $task['creator_id'] == $this->userSession->getId()) { |
|
return true; |
|
} |
|
|
|
if ($this->userSession->isAdmin() || $this->getProjectUserRole($task['project_id']) === Role::PROJECT_MANAGER) { |
|
return true; |
|
} |
|
|
|
return false; |
|
} |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
public function canChangeAssignee(array $task) |
|
{ |
|
$role = $this->getProjectUserRole($task['project_id']); |
|
|
|
if ($this->role->isCustomProjectRole($role) && $this->hasRestriction($task['project_id'], $role, ProjectRoleRestrictionModel::RULE_TASK_CHANGE_ASSIGNEE)) { |
|
return false; |
|
} |
|
|
|
return true; |
|
} |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
public function canUpdateTask(array $task) |
|
{ |
|
$role = $this->getProjectUserRole($task['project_id']); |
|
|
|
if ($this->role->isCustomProjectRole($role) && $task['owner_id'] != $this->userSession->getId() && $this->hasRestriction($task['project_id'], $role, ProjectRoleRestrictionModel::RULE_TASK_UPDATE_ASSIGNED)) { |
|
return false; |
|
} |
|
|
|
return true; |
|
} |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
public function checkProjectAccess($controller, $action, $projectId) |
|
{ |
|
if (! $this->userSession->isLogged()) { |
|
return false; |
|
} |
|
|
|
if ($this->userSession->isAdmin()) { |
|
return true; |
|
} |
|
|
|
if (! $this->helper->user->hasAccess($controller, $action)) { |
|
return false; |
|
} |
|
|
|
$role = $this->getProjectUserRole($projectId); |
|
|
|
if ($this->role->isCustomProjectRole($role)) { |
|
$result = $this->projectAuthorization->isAllowed($controller, $action, Role::PROJECT_MEMBER); |
|
} else { |
|
$result = $this->projectAuthorization->isAllowed($controller, $action, $role); |
|
} |
|
|
|
return $result; |
|
} |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
protected function isAllowedToChangeTaskStatus($projectId, $columnId, $role) |
|
{ |
|
$columnRestrictions = $this->columnRestrictionCacheDecorator->getAllByRole($projectId, $role); |
|
|
|
foreach ($columnRestrictions as $restriction) { |
|
if ($restriction['column_id'] == $columnId) { |
|
if ($restriction['rule'] == ColumnRestrictionModel::RULE_ALLOW_TASK_OPEN_CLOSE) { |
|
return true; |
|
} else if ($restriction['rule'] == ColumnRestrictionModel::RULE_BLOCK_TASK_OPEN_CLOSE) { |
|
return false; |
|
} |
|
} |
|
} |
|
|
|
return ! $this->hasRestriction($projectId, $role, ProjectRoleRestrictionModel::RULE_TASK_OPEN_CLOSE); |
|
} |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
protected function isAllowedToCreateTask($projectId, $columnId, $role) |
|
{ |
|
$columnRestrictions = $this->columnRestrictionCacheDecorator->getAllByRole($projectId, $role); |
|
|
|
foreach ($columnRestrictions as $restriction) { |
|
if ($restriction['column_id'] == $columnId) { |
|
if ($restriction['rule'] == ColumnRestrictionModel::RULE_ALLOW_TASK_CREATION) { |
|
return true; |
|
} else if ($restriction['rule'] == ColumnRestrictionModel::RULE_BLOCK_TASK_CREATION) { |
|
return false; |
|
} |
|
} |
|
} |
|
|
|
return ! $this->hasRestriction($projectId, $role, ProjectRoleRestrictionModel::RULE_TASK_CREATION); |
|
} |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
protected function isAllowedToMoveTask($projectId, $role) |
|
{ |
|
$projectRestrictions = $this->projectRoleRestrictionCacheDecorator->getAllByRole($projectId, $role); |
|
|
|
foreach ($projectRestrictions as $restriction) { |
|
if ($restriction['rule'] == ProjectRoleRestrictionModel::RULE_TASK_MOVE) { |
|
return false; |
|
} |
|
} |
|
|
|
return true; |
|
} |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
protected function hasRestriction($projectId, $role, $rule) |
|
{ |
|
$projectRestrictions = $this->projectRoleRestrictionCacheDecorator->getAllByRole($projectId, $role); |
|
|
|
foreach ($projectRestrictions as $restriction) { |
|
if ($restriction['rule'] == $rule) { |
|
return true; |
|
} |
|
} |
|
|
|
return false; |
|
} |
|
} |
|
|