Fix some group permission viewing/saving issues

This commit is contained in:
Timothy Warren 2016-12-30 13:38:43 -05:00
parent 5ef2caa70e
commit ca959b0367
5 changed files with 57 additions and 74 deletions

4
application/config/profiler.php Executable file → Normal file
View File

@ -5,9 +5,9 @@
* An open source application development framework for PHP 5.1.6 or newer * An open source application development framework for PHP 5.1.6 or newer
* *
* NOTICE OF LICENSE * NOTICE OF LICENSE
* *
* Licensed under the Academic Free License version 3.0 * Licensed under the Academic Free License version 3.0
* *
* This source file is subject to the Academic Free License (AFL 3.0) that is * This source file is subject to the Academic Free License (AFL 3.0) that is
* bundled with this package in the files license_afl.txt / license_afl.rst. * bundled with this package in the files license_afl.txt / license_afl.rst.
* It is also available through the world wide web at this URL: * It is also available through the world wide web at this URL:

24
application/controllers/task.php Executable file → Normal file
View File

@ -175,9 +175,8 @@ class Task extends MY_Controller {
* *
* @param int $task_id * @param int $task_id
*/ */
public function edit($task_id) public function edit(int $task_id)
{ {
$task_id = (int) $task_id;
$data = $this->task_model->get_task_by_id($task_id); $data = $this->task_model->get_task_by_id($task_id);
$data['cat_list'] = $this->task_model->get_category_select($task_id); $data['cat_list'] = $this->task_model->get_category_select($task_id);
@ -190,13 +189,9 @@ class Task extends MY_Controller {
if ($this->input->post('edit_sub') == 'Update Task') if ($this->input->post('edit_sub') == 'Update Task')
{ {
$val = $this->task_model->validate_task(); if($this->task_model->validate_task() === TRUE)
if($val === TRUE)
{ {
$done = $this->task_model->update_task(); if ($this->task_model->update_task() === TRUE)
if ($done === TRUE)
{ {
//Redirect to task list //Redirect to task list
$this->session->set_flashdata([ $this->session->set_flashdata([
@ -205,17 +200,15 @@ class Task extends MY_Controller {
]); ]);
$this->todo->redirect_303(site_url('task/list')); $this->todo->redirect_303(site_url('task/list'));
return;
} }
else
{ $data['err'][] = "Database Error, Please try again later.";
$data['err'][] = "Database Error, Please try again later.";
}
} }
else else
{ {
$data['err'] = $val; $data['err'] = $val;
} }
} }
$this->page->set_title("Edit Task"); $this->page->set_title("Edit Task");
@ -229,7 +222,7 @@ class Task extends MY_Controller {
* *
* @param int $task_id * @param int $task_id
*/ */
public function view($task_id = NULL) public function view(int $task_id = NULL)
{ {
if( ! is_numeric($task_id)) if( ! is_numeric($task_id))
{ {
@ -246,7 +239,6 @@ class Task extends MY_Controller {
$data['checklist'] = $this->task_model->get_checklist($task_id); $data['checklist'] = $this->task_model->get_checklist($task_id);
$data['task'] = $task_id; $data['task'] = $task_id;
$this->page->set_title("View Task"); $this->page->set_title("View Task");
$this->page->set_body_id("task_details"); $this->page->set_body_id("task_details");
$this->page->build('task/view', $data); $this->page->build('task/view', $data);
@ -257,7 +249,7 @@ class Task extends MY_Controller {
/** /**
* Delete a task * Delete a task
*/ */
public function delete($task_id) public function delete(int $task_id)
{ {
$this->task_model->delete_task((int) $task_id); $this->task_model->delete_task((int) $task_id);
} }

31
application/core/MY_Controller.php Executable file → Normal file
View File

@ -4,42 +4,11 @@
* Base controller extending CodeIgniter Controller * Base controller extending CodeIgniter Controller
*/ */
class MY_Controller extends CI_Controller { class MY_Controller extends CI_Controller {
/**
* @var MY_Session
*/
public $session;
/**
* @var CI_DB_driver
*/
public $db;
/**
* @var CI_Input
*/
public $input;
/**
* @var CI_Uri
*/
public $uri;
/**
* @var MY_Form_validation
*/
public $form_validation;
/** /**
* @var Validation_Callbacks * @var Validation_Callbacks
*/ */
public $validation_callbacks; public $validation_callbacks;
/**
* @var CI_Output
*/
public $output;
/** /**
* @var Page * @var Page
*/ */

View File

@ -6,7 +6,7 @@
*/ */
class Task_model extends CI_Model { class Task_model extends CI_Model {
private $title, $description, $category, $priority, $due, protected $title, $description, $category, $priority, $due,
$status, $user_id, $task_id, $reminder, $reminder_time, $status, $user_id, $task_id, $reminder, $reminder_time,
$groups, $group_perms, $friends, $friend_perms, $share_type; $groups, $group_perms, $friends, $friend_perms, $share_type;
@ -14,6 +14,13 @@ class Task_model extends CI_Model {
// -------------------------------------------------------------------------- // --------------------------------------------------------------------------
public function __construct()
{
// $this->output->enable_profiler(TRUE);
}
// --------------------------------------------------------------------------
/** /**
* Get day task list * Get day task list
* *
@ -473,7 +480,7 @@ class Task_model extends CI_Model {
$share_type = FALSE; $share_type = FALSE;
//If the task is shared //If the task is shared
if($this->input->post('share') !== FALSE) if($this->input->post('share') != FALSE)
{ {
$groups = $this->input->post('group', TRUE); $groups = $this->input->post('group', TRUE);
$group_perms = $this->input->post('group_perms', TRUE); $group_perms = $this->input->post('group_perms', TRUE);
@ -504,14 +511,17 @@ class Task_model extends CI_Model {
$this->user_id = $this->session->userdata('uid'); $this->user_id = $this->session->userdata('uid');
$this->task_id = ($this->input->post('task_id') != FALSE) $this->task_id = ($this->input->post('task_id') != FALSE)
? $this->input->post('task_id') ? $this->input->post('task_id')
: $this->db->count_all('item') + 1; : NULL; //$this->db->count_all('item') + 1;
/* ?><pre><?= print_r([
'class' => $this,
'input' => $this->input->post()
], TRUE); ?><?php die(); */
return TRUE; return TRUE;
} }
else //otherwise, return the errors
{ return $err;
return $err;
}
} }
// -------------------------------------------------------------------------- // --------------------------------------------------------------------------
@ -666,16 +676,17 @@ class Task_model extends CI_Model {
if ( ! empty($friend_list)) if ( ! empty($friend_list))
{ {
$this->db->where_in('user_id', $friend_list) $user_ids = array_merge(
->where('task_id', $task_id) [(int) $this->session->userdata('uid')],
->or_where('user_id', (int) $this->session->userdata('uid')) $friend_list
);
$this->db->where_in('user_id', $user_ids)
->where('task_id', $task_id) ->where('task_id', $task_id)
->delete('user_task_link'); ->delete('user_task_link');
} }
} }
//Get groups //Get groups
if($this->share_type == 'group') if($this->share_type == 'group')
{ {
@ -705,7 +716,9 @@ class Task_model extends CI_Model {
} }
if ($this->db->affected_rows() < 1) if ($this->db->affected_rows() < 1)
{return false;} {
return false;
}
//Set current user too //Set current user too
$this->db->set('user_id', $this->session->userdata('uid')) $this->db->set('user_id', $this->session->userdata('uid'))
@ -1382,7 +1395,7 @@ class Task_model extends CI_Model {
* @param int $task_id * @param int $task_id
* @return array * @return array
*/ */
private function _get_task_perms($task_id) private function _get_task_perms(int $task_id)
{ {
/** /**
* Get the task shared permissions * Get the task shared permissions
@ -1394,7 +1407,7 @@ class Task_model extends CI_Model {
->join('group_users_link', 'group_users_link.user_id=user.id', 'inner') ->join('group_users_link', 'group_users_link.user_id=user.id', 'inner')
->join('group_task_link', 'group_task_link.group_id=group_users_link.group_id', 'inner') ->join('group_task_link', 'group_task_link.group_id=group_users_link.group_id', 'inner')
->join('item', 'item.id=group_task_link.task_id', 'inner') ->join('item', 'item.id=group_task_link.task_id', 'inner')
->where('todo_item.id', (int) $task_id) ->where('todo_item.id', $task_id)
->where('todo_group_task_link.permissions !=', PERM_NO_ACCESS) ->where('todo_group_task_link.permissions !=', PERM_NO_ACCESS)
->where('todo_user.id', (int) $this->session->userdata('uid')) ->where('todo_user.id', (int) $this->session->userdata('uid'))
->limit(1) ->limit(1)
@ -1405,7 +1418,7 @@ class Task_model extends CI_Model {
->from('item') ->from('item')
->join('user_task_link', 'user_task_link.task_id=item.id') ->join('user_task_link', 'user_task_link.task_id=item.id')
->where('todo_user_task_link.permissions !=', PERM_NO_ACCESS) ->where('todo_user_task_link.permissions !=', PERM_NO_ACCESS)
->where('todo_user_task_link.task_id', (int) $task_id) ->where('todo_user_task_link.task_id', $task_id)
->where('todo_user_task_link.user_id', (int) $this->session->userdata('uid')) ->where('todo_user_task_link.user_id', (int) $this->session->userdata('uid'))
->limit(1) ->limit(1)
->get(); ->get();
@ -1456,7 +1469,7 @@ class Task_model extends CI_Model {
->join('group_users_link', 'group_users_link.user_id=user.id', 'inner') ->join('group_users_link', 'group_users_link.user_id=user.id', 'inner')
->join('group_task_link', 'group_task_link.group_id=group_users_link.group_id', 'inner') ->join('group_task_link', 'group_task_link.group_id=group_users_link.group_id', 'inner')
->where('todo_group_users_link.user_id', (int) $this->session->userdata('uid')) ->where('todo_group_users_link.user_id', (int) $this->session->userdata('uid'))
->where('todo_group_task_link.task_id', (int) $task_id) ->where('todo_group_task_link.task_id', $task_id)
->get(); ->get();
//Check user permissions //Check user permissions
@ -1469,14 +1482,14 @@ class Task_model extends CI_Model {
//Check if task admin //Check if task admin
$upA = $this->db->select('id') $upA = $this->db->select('id')
->from('item') ->from('item')
->where('id', (int) $task_id) ->where('id', $task_id)
->where('user_id', (int) $this->session->userdata('uid')) ->where('user_id', (int) $this->session->userdata('uid'))
->get(); ->get();
//Check for admin permissions //Check for admin permissions
if($upA->num_rows() > 0) if($upA->num_rows() > 0)
{ {
$result_array['user_perms'] = 9; $result_array['user_perms'] = PERM_ADMIN_ACCESS;
return $result_array; return $result_array;
} }
else //User is not admin else //User is not admin
@ -1492,7 +1505,16 @@ class Task_model extends CI_Model {
if($upU->num_rows() > 0) if($upU->num_rows() > 0)
{ {
$up_row = $upU->row_array(); $up_row = $upU->row_array();
$result_array['user_perms'] = $up_row['permissions'];
// Only overwrite group permissions if there are higher
// user permissions than group permissions
if (
$result_array['user_perms'] == PERM_NO_ACCESS ||
$up_row['permissions'] > $result_array['user_perms']
)
{
$result_array['user_perms'] = $up_row['permissions'];
}
} }
//Determine whether the current user can view and/or edit this task //Determine whether the current user can view and/or edit this task

12
application/views/task/edit.php Executable file → Normal file
View File

@ -117,12 +117,12 @@
<dt><label for="friend_perms">Permissions</label></dt> <dt><label for="friend_perms">Permissions</label></dt>
<dd> <dd>
<select name="friend_perms" id="friend_perms"> <select name="friend_perms" id="friend_perms">
<option value="-1" <?= ($friend_perms === PERM_NO_ACCESS) ? 'selected="selected"':''?>>No Access</option> <option value="-1" <?= ($friend_perms === PERM_NO_ACCESS || !(is_numeric($friend_perms))) ? 'selected="selected"':''?>>No Access</option>
<option value="0" <?= ($friend_perms === PERM_READ_ACCESS) ? 'selected="selected"':''?>>Read-only Access</option> <option value="0" <?= ($friend_perms == PERM_READ_ACCESS) ? 'selected="selected"':''?>>Read-only Access</option>
<option value="1" <?= ($friend_perms === PERM_COMMENT_ACCESS) ? 'selected="selected"':''?>>Comment-only Access</option> <option value="1" <?= ($friend_perms == PERM_COMMENT_ACCESS) ? 'selected="selected"':''?>>Comment-only Access</option>
<option value="2" <?= ($friend_perms === PERM_CHECKLIST_ACCESS) ? 'selected="selected"':''?>>Comment and Checklist Access</option> <option value="2" <?= ($friend_perms == PERM_CHECKLIST_ACCESS) ? 'selected="selected"':''?>>Comment and Checklist Access</option>
<option value="3" <?= ($friend_perms === PERM_WRITE_ACCESS) ? 'selected="selected"':''?>>Read and Write Access</option> <option value="3" <?= ($friend_perms == PERM_WRITE_ACCESS) ? 'selected="selected"':''?>>Read and Write Access</option>
<option value="9" <?= ($friend_perms === PERM_ADMIN_ACCESS) ? 'selected="selected"':''?>>Task Admin (Read/Write/Delete)</option> <option value="9" <?= ($friend_perms == PERM_ADMIN_ACCESS) ? 'selected="selected"':''?>>Task Admin (Read/Write/Delete)</option>
</select> </select>
</dd> </dd>
</dl> </dl>