public function can_view_task($task)
{
if ($task['task_token'] && Get::val('task_token') == $task['task_token']) {
return true;
}
// Split into several separate tests so I can keep track on whats happening.
// Project managers and admins allowed always.
if ($this->perms('manage_project', $task['project_id']) || $this->perms('is_admin', $task['project_id'])) {
return true;
}
// Allow if "allow anyone to view this project" is checked
// and task is not private.
if ($this->perms('others_view', $task['project_id']) && !$task['mark_private']) {
return true;
}
if ($this->isAnon()) {
// Following checks need identified user.
return false;
}
// Non-private task
if (!$task['mark_private']) {
// Can view tasks, always allow
if ($this->perms('view_tasks', $task['project_id'])) {
return true;
}
// User can view only own tasks
if ($this->perms('view_own_tasks', $task['project_id']) && !$this->perms('view_groups_tasks', $task['project_id'])) {
if ($task['opened_by'] == $this->id) {
return true;
}
if (in_array($this->id, Flyspray::GetAssignees($task['task_id']))) {
return true;
}
// No use to continue further.
return false;
}
// Ok, user *must* have view_groups_tasks permission,
// but do the check anyway just in case... there might
// appear more in the future.
if ($this->perms('view_groups_tasks', $task['project_id'])) {
// Two first checks the same as with view_own_tasks permission.
if ($task['opened_by'] == $this->id) {
return true;
}
// Fetch only once, could be needed three times.
$assignees = Flyspray::GetAssignees($task['task_id']);
if (in_array($this->id, $assignees)) {
return true;
}
// Must fetch other persons in the group now. Find out
// how to detect the right group for project and the
// other persons in it. Funny, found it in $perms.
$group = $this->perms('project_group', $task['project_id']);
$others = Project::listUsersIn($group);
foreach ($others as $other) {
if ($other['user_id'] == $task['opened_by']) {
return true;
}
if (in_array($other['user_id'], $assignees)) {
return true;
}
}
// Check the global group next. Note that for users in that group to be included,
// the has to be specified at global group level. So even if our permission system
// works by OR'ing the permissions together, who is actually considered to be in
// in the same group now depends on whether this permission has been given on global
// or project level.
if ($this->perms('view_groups_tasks', 0)) {
$group = $this->perms('project_group', 0);
$others = Project::listUsersIn($group);
foreach ($others as $other) {
if ($other['user_id'] == $task['opened_by']) {
return true;
}
if (in_array($other['user_id'], $assignees)) {
return true;
}
}
}
// No use to continue further.
return false;
}
}
// Private task, user must be either assigned to the task
// or have opened it.
if ($task['mark_private']) {
if ($task['opened_by'] == $this->id) {
return true;
}
if (in_array($this->id, Flyspray::GetAssignees($task['task_id']))) {
return true;
}
// No use to continue further.
return false;
}
// Could not find any permission for viewing the task.
return false;
}
