diff --git a/Controller.php b/Controller.php index 5a4ec1b..36deb9f 100644 --- a/Controller.php +++ b/Controller.php @@ -20,7 +20,9 @@ use phpOMS\Module\ModuleAbstract; use phpOMS\Module\WebInterface; use phpOMS\Views\View; use phpOMS\Asset\AssetType; +use phpOMS\Account\PermissionType; +use Modules\Kanban\Models\PermissionState; use Modules\Kanban\Models\KanbanBoard; use Modules\Kanban\Models\KanbanBoardMapper; use Modules\Kanban\Models\KanbanLabel; @@ -115,6 +117,15 @@ class Controller extends ModuleAbstract implements WebInterface public function viewKanbanDashboard(RequestAbstract $request, ResponseAbstract $response, $data = null) : \Serializable { $view = new View($this->app, $request, $response); + + if (!$this->app->accountManager->get($request->getHeader()->getAccount())->hasPermission( + PermissionType::READ, 1, $this->app->appName, self::MODULE_ID, PermissionState::DASHBOARD) + ) { + $view->setTemplate('/Web/Backend/Error/403_inline'); + $response->getHeader()->setStatusCode(RequestStatusCode::R_403); + return $view; + } + $view->setTemplate('/Modules/Kanban/Theme/Backend/kanban-dashboard'); $view->addData('nav', $this->app->moduleManager->get('Navigation')->createNavigationMid(1005801001, $request, $response)); @@ -136,10 +147,23 @@ class Controller extends ModuleAbstract implements WebInterface public function viewKanbanBoard(RequestAbstract $request, ResponseAbstract $response, $data = null) : \Serializable { $view = new View($this->app, $request, $response); + + $board = KanbanBoardMapper::get((int) $request->getData('id')); + $accountId = $request->getHeader()->getAccount(); + + if ($board->getCreatedBy()->getId() !== $accountId + && !$this->app->accountManager->get($accountId)->hasPermission( + PermissionType::READ, 1, $this->app->appName, self::MODULE_ID, PermissionState::BOARD, $board->getId()) + ) { + $view->setTemplate('/Web/Backend/Error/403_inline'); + $response->getHeader()->setStatusCode(RequestStatusCode::R_403); + return $view; + } + $view->setTemplate('/Modules/Kanban/Theme/Backend/kanban-board'); $view->addData('nav', $this->app->moduleManager->get('Navigation')->createNavigationMid(1005801001, $request, $response)); - $view->setData('board', KanbanBoardMapper::get((int) $request->getData('id'))); + $view->setData('board', $board); return $view; } @@ -156,6 +180,15 @@ class Controller extends ModuleAbstract implements WebInterface public function viewKanbanBoardCreate(RequestAbstract $request, ResponseAbstract $response, $data = null) : \Serializable { $view = new View($this->app, $request, $response); + + if (!$this->app->accountManager->get($accountId)->hasPermission( + PermissionType::CREATE, 1, $this->app->appName, self::MODULE_ID, PermissionState::BOARD, $board->getId()) + ) { + $view->setTemplate('/Web/Backend/Error/403_inline'); + $response->getHeader()->setStatusCode(RequestStatusCode::R_403); + return $view; + } + $view->setTemplate('/Modules/Kanban/Theme/Backend/kanban-board-create'); $view->addData('nav', $this->app->moduleManager->get('Navigation')->createNavigationMid(1005801001, $request, $response)); @@ -174,20 +207,36 @@ class Controller extends ModuleAbstract implements WebInterface public function viewKanbanCard(RequestAbstract $request, ResponseAbstract $response, $data = null) : \Serializable { $view = new View($this->app, $request, $response); - $view->setTemplate('/Modules/Kanban/Theme/Backend/kanban-card'); - $view->addData('nav', $this->app->moduleManager->get('Navigation')->createNavigationMid(1005801001, $request, $response)); $card = KanbanCardMapper::get((int) $request->getData('id')); - $view->setData('card', $card); + $accountId = $request->getHeader()->getAccount(); - $list = KanbanCardCommentMapper::getNewest(50); - $view->setData('comments', $list); + if ($card->getCreatedBy()->getId() !== $accountId + && !$this->app->accountManager->get($accountId)->hasPermission( + PermissionType::READ, 1, $this->app->appName, self::MODULE_ID, PermissionState::CARD, $card->getId()) + ) { + $view->setTemplate('/Web/Backend/Error/403_inline'); + $response->getHeader()->setStatusCode(RequestStatusCode::R_403); + return $view; + } + + $view->setTemplate('/Modules/Kanban/Theme/Backend/kanban-card'); + $view->addData('nav', $this->app->moduleManager->get('Navigation')->createNavigationMid(1005801001, $request, $response)); + $view->setData('card', $card); return $view; } public function apiKanbanCardCreate(RequestAbstract $request, ResponseAbstract $response, $data = null) { + if (!$this->app->accountManager->get($request->getHeader()->getAccount())->hasPermission( + PermissionType::CREATE, 1, $this->app->appName, self::MODULE_ID, PermissionState::CARD) + ) { + $response->set('kanban_card_create', null); + $response->getHeader()->setStatusCode(RequestStatusCode::R_403); + return; + } + if (!empty($val = $this->validateKanbanCardCreate($request))) { $response->set('kanban_card_create', new FormValidation($val)); @@ -243,6 +292,14 @@ class Controller extends ModuleAbstract implements WebInterface public function apiKanbanBoardCreate(RequestAbstract $request, ResponseAbstract $response, $data = null) { + if (!$this->app->accountManager->get($request->getHeader()->getAccount())->hasPermission( + PermissionType::CREATE, 1, $this->app->appName, self::MODULE_ID, PermissionState::BOARD) + ) { + $response->set('kanban_board_create', null); + $response->getHeader()->setStatusCode(RequestStatusCode::R_403); + return; + } + if (!empty($val = $this->validateKanbanBoardCreate($request))) { $response->set('kanban_board_create', new FormValidation($val)); @@ -287,6 +344,14 @@ class Controller extends ModuleAbstract implements WebInterface public function apiKanbanColumnCreate(RequestAbstract $request, ResponseAbstract $response, $data = null) { + if (!$this->app->accountManager->get($request->getHeader()->getAccount())->hasPermission( + PermissionType::CREATE, 1, $this->app->appName, self::MODULE_ID, PermissionState::COLUMN) + ) { + $response->set('kanban_column_create', null); + $response->getHeader()->setStatusCode(RequestStatusCode::R_403); + return; + } + if (!empty($val = $this->validateKanbanColumnCreate($request))) { $response->set('kanban_column_create', new FormValidation($val)); @@ -331,6 +396,16 @@ class Controller extends ModuleAbstract implements WebInterface public function apiKanbanLabelCreate(RequestAbstract $request, ResponseAbstract $response, $data = null) { + $account = $this->app->accountManager->get($request->getHeader()->getAccount()); + + if (!$account->hasPermission(PermissionType::CREATE, 1, $this->app->appName, self::MODULE_ID, PermissionState::BOARD) + && !$account->hasPermission(PermissionType::CREATE, 1, $this->app->appName, self::MODULE_ID, PermissionState::LABEL) + ) { + $response->set('kanban_label_create', null); + $response->getHeader()->setStatusCode(RequestStatusCode::R_403); + return; + } + if (!empty($val = $this->validateKanbanLabelCreate($request))) { $response->set('kanban_label_create', new FormValidation($val)); diff --git a/Models/PermissionState.php b/Models/PermissionState.php new file mode 100644 index 0000000..16c5127 --- /dev/null +++ b/Models/PermissionState.php @@ -0,0 +1,36 @@ +