public function can_view_task($task) { if ($task['task_token'] && Get::val('task_token') == $task['task_token']) { return true; } // Split into several separate tests so I can keep track on whats happening. // Project managers and admins allowed always. if ($this->perms('manage_project', $task['project_id']) || $this->perms('is_admin', $task['project_id'])) { return true; } // Allow if "allow anyone to view this project" is checked // and task is not private. if ($this->perms('others_view', $task['project_id']) && !$task['mark_private']) { return true; } if ($this->isAnon()) { // Following checks need identified user. return false; } // Non-private task if (!$task['mark_private']) { // Can view tasks, always allow if ($this->perms('view_tasks', $task['project_id'])) { return true; } // User can view only own tasks if ($this->perms('view_own_tasks', $task['project_id']) && !$this->perms('view_groups_tasks', $task['project_id'])) { if ($task['opened_by'] == $this->id) { return true; } if (in_array($this->id, Flyspray::GetAssignees($task['task_id']))) { return true; } // No use to continue further. return false; } // Ok, user *must* have view_groups_tasks permission, // but do the check anyway just in case... there might // appear more in the future. if ($this->perms('view_groups_tasks', $task['project_id'])) { // Two first checks the same as with view_own_tasks permission. if ($task['opened_by'] == $this->id) { return true; } // Fetch only once, could be needed three times. $assignees = Flyspray::GetAssignees($task['task_id']); if (in_array($this->id, $assignees)) { return true; } // Must fetch other persons in the group now. Find out // how to detect the right group for project and the // other persons in it. Funny, found it in $perms. $group = $this->perms('project_group', $task['project_id']); $others = Project::listUsersIn($group); foreach ($others as $other) { if ($other['user_id'] == $task['opened_by']) { return true; } if (in_array($other['user_id'], $assignees)) { return true; } } // Check the global group next. Note that for users in that group to be included, // the has to be specified at global group level. So even if our permission system // works by OR'ing the permissions together, who is actually considered to be in // in the same group now depends on whether this permission has been given on global // or project level. if ($this->perms('view_groups_tasks', 0)) { $group = $this->perms('project_group', 0); $others = Project::listUsersIn($group); foreach ($others as $other) { if ($other['user_id'] == $task['opened_by']) { return true; } if (in_array($other['user_id'], $assignees)) { return true; } } } // No use to continue further. return false; } } // Private task, user must be either assigned to the task // or have opened it. if ($task['mark_private']) { if ($task['opened_by'] == $this->id) { return true; } if (in_array($this->id, Flyspray::GetAssignees($task['task_id']))) { return true; } // No use to continue further. return false; } // Could not find any permission for viewing the task. return false; }