Browse Source

Fix some group permission viewing/saving issues

Timothy J. Warren 1 year ago
parent
commit
ca959b0367

+ 2 - 2
application/config/profiler.php View File

@@ -5,9 +5,9 @@
5 5
  * An open source application development framework for PHP 5.1.6 or newer
6 6
  *
7 7
  * NOTICE OF LICENSE
8
- * 
8
+ *
9 9
  * Licensed under the Academic Free License version 3.0
10
- * 
10
+ *
11 11
  * This source file is subject to the Academic Free License (AFL 3.0) that is
12 12
  * bundled with this package in the files license_afl.txt / license_afl.rst.
13 13
  * It is also available through the world wide web at this URL:

+ 8 - 16
application/controllers/task.php View File

@@ -175,9 +175,8 @@ class Task extends MY_Controller {
175 175
 	 *
176 176
 	 * @param int $task_id
177 177
 	 */
178
-	public function edit($task_id)
178
+	public function edit(int $task_id)
179 179
 	{
180
-		$task_id = (int) $task_id;
181 180
 		$data = $this->task_model->get_task_by_id($task_id);
182 181
 
183 182
 		$data['cat_list'] = $this->task_model->get_category_select($task_id);
@@ -190,13 +189,9 @@ class Task extends MY_Controller {
190 189
 
191 190
 		if ($this->input->post('edit_sub') == 'Update Task')
192 191
 		{
193
-			$val = $this->task_model->validate_task();
194
-
195
-			if($val === TRUE)
192
+			if($this->task_model->validate_task() === TRUE)
196 193
 			{
197
-				$done = $this->task_model->update_task();
198
-
199
-				if ($done === TRUE)
194
+				if ($this->task_model->update_task() === TRUE)
200 195
 				{
201 196
 					//Redirect to task list
202 197
 					$this->session->set_flashdata([
@@ -205,17 +200,15 @@ class Task extends MY_Controller {
205 200
 					]);
206 201
 
207 202
 					$this->todo->redirect_303(site_url('task/list'));
203
+					return;
208 204
 				}
209
-				else
210
-				{
211
-					$data['err'][] = "Database Error, Please try again later.";
212
-				}
205
+
206
+				$data['err'][] = "Database Error, Please try again later.";
213 207
 			}
214 208
 			else
215 209
 			{
216 210
 				$data['err'] = $val;
217 211
 			}
218
-
219 212
 		}
220 213
 
221 214
 		$this->page->set_title("Edit Task");
@@ -229,7 +222,7 @@ class Task extends MY_Controller {
229 222
 	 *
230 223
 	 * @param int $task_id
231 224
 	 */
232
-	public function view($task_id = NULL)
225
+	public function view(int $task_id = NULL)
233 226
 	{
234 227
 		if( ! is_numeric($task_id))
235 228
 		{
@@ -246,7 +239,6 @@ class Task extends MY_Controller {
246 239
 		$data['checklist'] = $this->task_model->get_checklist($task_id);
247 240
 		$data['task'] = $task_id;
248 241
 
249
-
250 242
 		$this->page->set_title("View Task");
251 243
 		$this->page->set_body_id("task_details");
252 244
 		$this->page->build('task/view', $data);
@@ -257,7 +249,7 @@ class Task extends MY_Controller {
257 249
 	/**
258 250
 	 * Delete a task
259 251
 	 */
260
-	public function delete($task_id)
252
+	public function delete(int $task_id)
261 253
 	{
262 254
 		$this->task_model->delete_task((int) $task_id);
263 255
 	}

+ 0 - 31
application/core/MY_Controller.php View File

@@ -4,42 +4,11 @@
4 4
  * Base controller extending CodeIgniter Controller
5 5
  */
6 6
 class MY_Controller extends CI_Controller {
7
-
8
-	/**
9
-	 * @var MY_Session
10
-	 */
11
-	public $session;
12
-
13
-	/**
14
-	 * @var CI_DB_driver
15
-	 */
16
-	public $db;
17
-
18
-	/**
19
-	 * @var CI_Input
20
-	 */
21
-	public $input;
22
-
23
-	/**
24
-	 * @var CI_Uri
25
-	 */
26
-	public $uri;
27
-
28
-	/**
29
-	 * @var MY_Form_validation
30
-	 */
31
-	public $form_validation;
32
-
33 7
 	/**
34 8
 	 * @var Validation_Callbacks
35 9
 	 */
36 10
 	public $validation_callbacks;
37 11
 
38
-	/**
39
-	 * @var CI_Output
40
-	 */
41
-	public $output;
42
-
43 12
 	/**
44 13
 	 * @var Page
45 14
 	 */

+ 41 - 19
application/models/task_model.php View File

@@ -6,7 +6,7 @@
6 6
  */
7 7
 class Task_model extends CI_Model {
8 8
 
9
-	private $title, $description, $category, $priority, $due,
9
+	protected $title, $description, $category, $priority, $due,
10 10
 			$status, $user_id, $task_id, $reminder, $reminder_time,
11 11
 			$groups, $group_perms, $friends, $friend_perms, $share_type;
12 12
 
@@ -14,6 +14,13 @@ class Task_model extends CI_Model {
14 14
 
15 15
 	// --------------------------------------------------------------------------
16 16
 
17
+	public function __construct()
18
+	{
19
+		// $this->output->enable_profiler(TRUE);
20
+	}
21
+
22
+	// --------------------------------------------------------------------------
23
+
17 24
 	/**
18 25
 	 * Get day task list
19 26
 	 *
@@ -473,7 +480,7 @@ class Task_model extends CI_Model {
473 480
 		$share_type = FALSE;
474 481
 
475 482
 		//If the task is shared
476
-		if($this->input->post('share') !== FALSE)
483
+		if($this->input->post('share') != FALSE)
477 484
 		{
478 485
 			$groups = $this->input->post('group', TRUE);
479 486
 			$group_perms = $this->input->post('group_perms', TRUE);
@@ -504,14 +511,17 @@ class Task_model extends CI_Model {
504 511
 			$this->user_id = $this->session->userdata('uid');
505 512
 			$this->task_id = ($this->input->post('task_id') != FALSE)
506 513
 				? $this->input->post('task_id')
507
-				: $this->db->count_all('item') + 1;
514
+				: NULL; //$this->db->count_all('item') + 1;
515
+
516
+/* ?><pre><?= print_r([
517
+	'class' => $this,
518
+	'input' => $this->input->post()
519
+], TRUE); ?><?php die(); */
508 520
 
509 521
 			return TRUE;
510 522
 		}
511
-		else //otherwise, return the errors
512
-		{
513
-			return $err;
514
-		}
523
+
524
+		return $err;
515 525
 	}
516 526
 
517 527
 	// --------------------------------------------------------------------------
@@ -666,16 +676,17 @@ class Task_model extends CI_Model {
666 676
 
667 677
 			if ( ! empty($friend_list))
668 678
 			{
669
-				$this->db->where_in('user_id', $friend_list)
670
-					->where('task_id', $task_id)
671
-					->or_where('user_id', (int) $this->session->userdata('uid'))
679
+				$user_ids = array_merge(
680
+					[(int) $this->session->userdata('uid')],
681
+					$friend_list
682
+				);
683
+				$this->db->where_in('user_id', $user_ids)
672 684
 					->where('task_id', $task_id)
673 685
 					->delete('user_task_link');
674 686
 			}
675 687
 
676 688
 		}
677 689
 
678
-
679 690
 		//Get groups
680 691
 		if($this->share_type == 'group')
681 692
 		{
@@ -705,7 +716,9 @@ class Task_model extends CI_Model {
705 716
 				}
706 717
 
707 718
 				if ($this->db->affected_rows() < 1)
708
-						{return false;}
719
+				{
720
+					return false;
721
+				}
709 722
 
710 723
 				//Set current user too
711 724
 				$this->db->set('user_id', $this->session->userdata('uid'))
@@ -1382,7 +1395,7 @@ class Task_model extends CI_Model {
1382 1395
 	 * @param int $task_id
1383 1396
 	 * @return array
1384 1397
 	 */
1385
-	private function _get_task_perms($task_id)
1398
+	private function _get_task_perms(int $task_id)
1386 1399
 	{
1387 1400
 		/**
1388 1401
 		 * Get the task shared permissions
@@ -1394,7 +1407,7 @@ class Task_model extends CI_Model {
1394 1407
 			->join('group_users_link', 'group_users_link.user_id=user.id', 'inner')
1395 1408
 			->join('group_task_link', 'group_task_link.group_id=group_users_link.group_id', 'inner')
1396 1409
 			->join('item', 'item.id=group_task_link.task_id', 'inner')
1397
-			->where('todo_item.id', (int) $task_id)
1410
+			->where('todo_item.id', $task_id)
1398 1411
 			->where('todo_group_task_link.permissions !=', PERM_NO_ACCESS)
1399 1412
 			->where('todo_user.id', (int) $this->session->userdata('uid'))
1400 1413
 			->limit(1)
@@ -1405,7 +1418,7 @@ class Task_model extends CI_Model {
1405 1418
 			->from('item')
1406 1419
 			->join('user_task_link', 'user_task_link.task_id=item.id')
1407 1420
 			->where('todo_user_task_link.permissions !=', PERM_NO_ACCESS)
1408
-			->where('todo_user_task_link.task_id', (int) $task_id)
1421
+			->where('todo_user_task_link.task_id', $task_id)
1409 1422
 			->where('todo_user_task_link.user_id', (int) $this->session->userdata('uid'))
1410 1423
 			->limit(1)
1411 1424
 			->get();
@@ -1456,7 +1469,7 @@ class Task_model extends CI_Model {
1456 1469
 			->join('group_users_link', 'group_users_link.user_id=user.id', 'inner')
1457 1470
 			->join('group_task_link', 'group_task_link.group_id=group_users_link.group_id', 'inner')
1458 1471
 			->where('todo_group_users_link.user_id', (int) $this->session->userdata('uid'))
1459
-			->where('todo_group_task_link.task_id', (int) $task_id)
1472
+			->where('todo_group_task_link.task_id', $task_id)
1460 1473
 			->get();
1461 1474
 
1462 1475
 		//Check user permissions
@@ -1469,14 +1482,14 @@ class Task_model extends CI_Model {
1469 1482
 		//Check if task admin
1470 1483
 		$upA = $this->db->select('id')
1471 1484
 			->from('item')
1472
-			->where('id', (int) $task_id)
1485
+			->where('id', $task_id)
1473 1486
 			->where('user_id', (int) $this->session->userdata('uid'))
1474 1487
 			->get();
1475 1488
 
1476 1489
 		//Check for admin permissions
1477 1490
 		if($upA->num_rows() > 0)
1478 1491
 		{
1479
-			$result_array['user_perms'] = 9;
1492
+			$result_array['user_perms'] = PERM_ADMIN_ACCESS;
1480 1493
 			return $result_array;
1481 1494
 		}
1482 1495
 		else //User is not admin
@@ -1492,7 +1505,16 @@ class Task_model extends CI_Model {
1492 1505
 			if($upU->num_rows() > 0)
1493 1506
 			{
1494 1507
 				$up_row = $upU->row_array();
1495
-				$result_array['user_perms'] = $up_row['permissions'];
1508
+
1509
+				// Only overwrite group permissions if there are higher
1510
+				// user permissions than group permissions
1511
+				if (
1512
+					$result_array['user_perms'] == PERM_NO_ACCESS ||
1513
+					$up_row['permissions'] > $result_array['user_perms']
1514
+					)
1515
+				{
1516
+					$result_array['user_perms'] = $up_row['permissions'];
1517
+				}
1496 1518
 			}
1497 1519
 
1498 1520
 			//Determine whether the current user can view and/or edit this task

+ 6 - 6
application/views/task/edit.php View File

@@ -117,12 +117,12 @@
117 117
 						<dt><label for="friend_perms">Permissions</label></dt>
118 118
 						<dd>
119 119
 						<select name="friend_perms" id="friend_perms">
120
-							<option value="-1" <?= ($friend_perms === PERM_NO_ACCESS) ? 'selected="selected"':''?>>No Access</option>
121
-							<option value="0" <?= ($friend_perms === PERM_READ_ACCESS) ? 'selected="selected"':''?>>Read-only Access</option>
122
-							<option value="1" <?= ($friend_perms === PERM_COMMENT_ACCESS) ? 'selected="selected"':''?>>Comment-only Access</option>
123
-							<option value="2" <?= ($friend_perms === PERM_CHECKLIST_ACCESS) ? 'selected="selected"':''?>>Comment and Checklist Access</option>
124
-							<option value="3" <?= ($friend_perms === PERM_WRITE_ACCESS) ? 'selected="selected"':''?>>Read and Write Access</option>
125
-							<option value="9" <?= ($friend_perms === PERM_ADMIN_ACCESS) ? 'selected="selected"':''?>>Task Admin (Read/Write/Delete)</option>
120
+							<option value="-1" <?= ($friend_perms === PERM_NO_ACCESS || !(is_numeric($friend_perms))) ? 'selected="selected"':''?>>No Access</option>
121
+							<option value="0" <?= ($friend_perms == PERM_READ_ACCESS) ? 'selected="selected"':''?>>Read-only Access</option>
122
+							<option value="1" <?= ($friend_perms == PERM_COMMENT_ACCESS) ? 'selected="selected"':''?>>Comment-only Access</option>
123
+							<option value="2" <?= ($friend_perms == PERM_CHECKLIST_ACCESS) ? 'selected="selected"':''?>>Comment and Checklist Access</option>
124
+							<option value="3" <?= ($friend_perms == PERM_WRITE_ACCESS) ? 'selected="selected"':''?>>Read and Write Access</option>
125
+							<option value="9" <?= ($friend_perms == PERM_ADMIN_ACCESS) ? 'selected="selected"':''?>>Task Admin (Read/Write/Delete)</option>
126 126
 						</select>
127 127
 						</dd>
128 128
 					</dl>