Commit ca959b03 by Timothy J Warren

Fix some group permission viewing/saving issues

parent 5ef2caa7
......@@ -5,9 +5,9 @@
* An open source application development framework for PHP 5.1.6 or newer
*
* NOTICE OF LICENSE
*
*
* Licensed under the Academic Free License version 3.0
*
*
* This source file is subject to the Academic Free License (AFL 3.0) that is
* bundled with this package in the files license_afl.txt / license_afl.rst.
* It is also available through the world wide web at this URL:
......
......@@ -175,9 +175,8 @@ class Task extends MY_Controller {
*
* @param int $task_id
*/
public function edit($task_id)
public function edit(int $task_id)
{
$task_id = (int) $task_id;
$data = $this->task_model->get_task_by_id($task_id);
$data['cat_list'] = $this->task_model->get_category_select($task_id);
......@@ -190,13 +189,9 @@ class Task extends MY_Controller {
if ($this->input->post('edit_sub') == 'Update Task')
{
$val = $this->task_model->validate_task();
if($val === TRUE)
if($this->task_model->validate_task() === TRUE)
{
$done = $this->task_model->update_task();
if ($done === TRUE)
if ($this->task_model->update_task() === TRUE)
{
//Redirect to task list
$this->session->set_flashdata([
......@@ -205,17 +200,15 @@ class Task extends MY_Controller {
]);
$this->todo->redirect_303(site_url('task/list'));
return;
}
else
{
$data['err'][] = "Database Error, Please try again later.";
}
$data['err'][] = "Database Error, Please try again later.";
}
else
{
$data['err'] = $val;
}
}
$this->page->set_title("Edit Task");
......@@ -229,7 +222,7 @@ class Task extends MY_Controller {
*
* @param int $task_id
*/
public function view($task_id = NULL)
public function view(int $task_id = NULL)
{
if( ! is_numeric($task_id))
{
......@@ -246,7 +239,6 @@ class Task extends MY_Controller {
$data['checklist'] = $this->task_model->get_checklist($task_id);
$data['task'] = $task_id;
$this->page->set_title("View Task");
$this->page->set_body_id("task_details");
$this->page->build('task/view', $data);
......@@ -257,7 +249,7 @@ class Task extends MY_Controller {
/**
* Delete a task
*/
public function delete($task_id)
public function delete(int $task_id)
{
$this->task_model->delete_task((int) $task_id);
}
......
......@@ -4,43 +4,12 @@
* Base controller extending CodeIgniter Controller
*/
class MY_Controller extends CI_Controller {
/**
* @var MY_Session
*/
public $session;
/**
* @var CI_DB_driver
*/
public $db;
/**
* @var CI_Input
*/
public $input;
/**
* @var CI_Uri
*/
public $uri;
/**
* @var MY_Form_validation
*/
public $form_validation;
/**
* @var Validation_Callbacks
*/
public $validation_callbacks;
/**
* @var CI_Output
*/
public $output;
/**
* @var Page
*/
public $page;
......
......@@ -6,7 +6,7 @@
*/
class Task_model extends CI_Model {
private $title, $description, $category, $priority, $due,
protected $title, $description, $category, $priority, $due,
$status, $user_id, $task_id, $reminder, $reminder_time,
$groups, $group_perms, $friends, $friend_perms, $share_type;
......@@ -14,6 +14,13 @@ class Task_model extends CI_Model {
// --------------------------------------------------------------------------
public function __construct()
{
// $this->output->enable_profiler(TRUE);
}
// --------------------------------------------------------------------------
/**
* Get day task list
*
......@@ -473,7 +480,7 @@ class Task_model extends CI_Model {
$share_type = FALSE;
//If the task is shared
if($this->input->post('share') !== FALSE)
if($this->input->post('share') != FALSE)
{
$groups = $this->input->post('group', TRUE);
$group_perms = $this->input->post('group_perms', TRUE);
......@@ -504,14 +511,17 @@ class Task_model extends CI_Model {
$this->user_id = $this->session->userdata('uid');
$this->task_id = ($this->input->post('task_id') != FALSE)
? $this->input->post('task_id')
: $this->db->count_all('item') + 1;
: NULL; //$this->db->count_all('item') + 1;
/* ?><pre><?= print_r([
'class' => $this,
'input' => $this->input->post()
], TRUE); ?><?php die(); */
return TRUE;
}
else //otherwise, return the errors
{
return $err;
}
return $err;
}
// --------------------------------------------------------------------------
......@@ -666,16 +676,17 @@ class Task_model extends CI_Model {
if ( ! empty($friend_list))
{
$this->db->where_in('user_id', $friend_list)
->where('task_id', $task_id)
->or_where('user_id', (int) $this->session->userdata('uid'))
$user_ids = array_merge(
[(int) $this->session->userdata('uid')],
$friend_list
);
$this->db->where_in('user_id', $user_ids)
->where('task_id', $task_id)
->delete('user_task_link');
}
}
//Get groups
if($this->share_type == 'group')
{
......@@ -705,7 +716,9 @@ class Task_model extends CI_Model {
}
if ($this->db->affected_rows() < 1)
{return false;}
{
return false;
}
//Set current user too
$this->db->set('user_id', $this->session->userdata('uid'))
......@@ -1382,7 +1395,7 @@ class Task_model extends CI_Model {
* @param int $task_id
* @return array
*/
private function _get_task_perms($task_id)
private function _get_task_perms(int $task_id)
{
/**
* Get the task shared permissions
......@@ -1394,7 +1407,7 @@ class Task_model extends CI_Model {
->join('group_users_link', 'group_users_link.user_id=user.id', 'inner')
->join('group_task_link', 'group_task_link.group_id=group_users_link.group_id', 'inner')
->join('item', 'item.id=group_task_link.task_id', 'inner')
->where('todo_item.id', (int) $task_id)
->where('todo_item.id', $task_id)
->where('todo_group_task_link.permissions !=', PERM_NO_ACCESS)
->where('todo_user.id', (int) $this->session->userdata('uid'))
->limit(1)
......@@ -1405,7 +1418,7 @@ class Task_model extends CI_Model {
->from('item')
->join('user_task_link', 'user_task_link.task_id=item.id')
->where('todo_user_task_link.permissions !=', PERM_NO_ACCESS)
->where('todo_user_task_link.task_id', (int) $task_id)
->where('todo_user_task_link.task_id', $task_id)
->where('todo_user_task_link.user_id', (int) $this->session->userdata('uid'))
->limit(1)
->get();
......@@ -1456,7 +1469,7 @@ class Task_model extends CI_Model {
->join('group_users_link', 'group_users_link.user_id=user.id', 'inner')
->join('group_task_link', 'group_task_link.group_id=group_users_link.group_id', 'inner')
->where('todo_group_users_link.user_id', (int) $this->session->userdata('uid'))
->where('todo_group_task_link.task_id', (int) $task_id)
->where('todo_group_task_link.task_id', $task_id)
->get();
//Check user permissions
......@@ -1469,14 +1482,14 @@ class Task_model extends CI_Model {
//Check if task admin
$upA = $this->db->select('id')
->from('item')
->where('id', (int) $task_id)
->where('id', $task_id)
->where('user_id', (int) $this->session->userdata('uid'))
->get();
//Check for admin permissions
if($upA->num_rows() > 0)
{
$result_array['user_perms'] = 9;
$result_array['user_perms'] = PERM_ADMIN_ACCESS;
return $result_array;
}
else //User is not admin
......@@ -1492,7 +1505,16 @@ class Task_model extends CI_Model {
if($upU->num_rows() > 0)
{
$up_row = $upU->row_array();
$result_array['user_perms'] = $up_row['permissions'];
// Only overwrite group permissions if there are higher
// user permissions than group permissions
if (
$result_array['user_perms'] == PERM_NO_ACCESS ||
$up_row['permissions'] > $result_array['user_perms']
)
{
$result_array['user_perms'] = $up_row['permissions'];
}
}
//Determine whether the current user can view and/or edit this task
......
......@@ -117,12 +117,12 @@
<dt><label for="friend_perms">Permissions</label></dt>
<dd>
<select name="friend_perms" id="friend_perms">
<option value="-1" <?= ($friend_perms === PERM_NO_ACCESS) ? 'selected="selected"':''?>>No Access</option>
<option value="0" <?= ($friend_perms === PERM_READ_ACCESS) ? 'selected="selected"':''?>>Read-only Access</option>
<option value="1" <?= ($friend_perms === PERM_COMMENT_ACCESS) ? 'selected="selected"':''?>>Comment-only Access</option>
<option value="2" <?= ($friend_perms === PERM_CHECKLIST_ACCESS) ? 'selected="selected"':''?>>Comment and Checklist Access</option>
<option value="3" <?= ($friend_perms === PERM_WRITE_ACCESS) ? 'selected="selected"':''?>>Read and Write Access</option>
<option value="9" <?= ($friend_perms === PERM_ADMIN_ACCESS) ? 'selected="selected"':''?>>Task Admin (Read/Write/Delete)</option>
<option value="-1" <?= ($friend_perms === PERM_NO_ACCESS || !(is_numeric($friend_perms))) ? 'selected="selected"':''?>>No Access</option>
<option value="0" <?= ($friend_perms == PERM_READ_ACCESS) ? 'selected="selected"':''?>>Read-only Access</option>
<option value="1" <?= ($friend_perms == PERM_COMMENT_ACCESS) ? 'selected="selected"':''?>>Comment-only Access</option>
<option value="2" <?= ($friend_perms == PERM_CHECKLIST_ACCESS) ? 'selected="selected"':''?>>Comment and Checklist Access</option>
<option value="3" <?= ($friend_perms == PERM_WRITE_ACCESS) ? 'selected="selected"':''?>>Read and Write Access</option>
<option value="9" <?= ($friend_perms == PERM_ADMIN_ACCESS) ? 'selected="selected"':''?>>Task Admin (Read/Write/Delete)</option>
</select>
</dd>
</dl>
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or sign in to comment