Feature: make issue readonly to users by tag use

Issue #39

app/Form/Tag.php

@@ -76,6 +76,12 @@ public function fields()
                 'options' => $roles,
                 'help'    => trans('tinyissue.limit_message_help'),
             ],
+            'readonly' => [
+                'type'    => 'select',
+                'label'   => 'readonly',
+                'options' => $roles,
+                'help'    => trans('tinyissue.readonly_tag_help'),
+            ],
         ];
 
         return $fields;

app/Http/Middleware/Permission.php

@@ -71,7 +71,7 @@ public function handle(Request $request, Closure $next)
             && $project instanceof ProjectModel && !$project->isPrivate()) {
             // Ignore we are ok to view issues in public project
         } elseif (!$this->auth->guest()
-            && (!$user->permission($permission) || !$user->permissionInContext($request->route()->parameters()))) {
+            && (!$user->permission($permission) || !$user->permissionInContext($request->route()))) {
             abort(401);
         }
 

app/Model/Project/Issue.php

@@ -11,6 +11,7 @@
 
 namespace Tinyissue\Model\Project;
 
+use Illuminate\Database\Eloquent\Collection;
 use Illuminate\Database\Eloquent\Model as BaseModel;
 use Tinyissue\Model;
 use Tinyissue\Model\Traits\CountAttributeTrait;
@@ -175,4 +176,18 @@ public function isOpen()
     {
         return (boolean) $this->status;
     }
+
+    /**
+     * Check if the issue contains a tag with option to set the issue as readonly to current user.
+     *
+     * @param Model\User $user
+     *
+     * @return bool
+     */
+    public function hasReadOnlyTag(Model\User $user)
+    {
+        $hasReadOnly = $this->tags->where('readonly', $user->role_id);
+
+        return !$hasReadOnly->isEmpty();
+    }
 }

app/Model/Tag.php

@@ -27,6 +27,7 @@
  * @property Tag    $parent
  * @property int    $role_limit
  * @property int    $message_limit
+ * @property int    $readonly
  */
 class Tag extends Model
 {
@@ -82,7 +83,7 @@ class Tag extends Model
      *
      * @var array
      */
-    public $fillable = ['parent_id', 'name', 'bgcolor', 'group', 'role_limit', 'message_limit'];
+    public $fillable = ['parent_id', 'name', 'bgcolor', 'group', 'role_limit', 'message_limit', 'readonly'];
 
     /**
      * Name of database table.
@@ -123,6 +124,16 @@ public function canView()
         return auth()->user()->role_id >= $this->role_limit;
     }
 
+    /**
+     * Whether or not the tag to mark issue as ready only.
+     *
+     * @return bool
+     */
+    public function isReadOnly()
+    {
+        return (boolean) $this->readonly;
+    }
+
     /**
      * Return an array of tag details.
      *

app/Model/User.php

@@ -18,6 +18,7 @@
 use Illuminate\Contracts\Auth\CanResetPassword as CanResetPasswordContract;
 use Illuminate\Database\Eloquent;
 use Illuminate\Database\Eloquent\Model;
+use Illuminate\Routing\Route;
 use Tinyissue\Model\Project\Issue;
 
 /**
@@ -155,31 +156,34 @@ public function me()
      * Whether or not the user has a valid permission in current context
      * e.g. can access the issue or the project.
      *
-     * @param array $params
+     * @param Route $route
      *
      * @return bool
      */
-    public function permissionInContext(array $params)
+    public function permissionInContext(Route $route)
     {
         // Can access all projects
         if ($this->permission(Permission::PERM_PROJECT_ALL)) {
             return true;
         }
 
-        $project = array_get($params, 'project', function () use ($params) {
-            $issue = array_get($params, 'issue');
-            if ($issue instanceof Issue) {
-                return $issue->project;
-            }
-
-            return;
-        });
+        $project = $route->getParameter('project');
+        $issue = $route->getParameter('issue');
+        if (!$project instanceof Project && $issue instanceof Issue) {
+            $project = $issue->project;
+        }
 
         // Is member of the project
-        if ($project && !$project->isMember($this->id)) {
+        if ($project instanceof Project && !$project->isMember($this->id)) {
             return false;
         }
 
+        // Check if issue is in readonly tag
+        $permission = array_get($route->getAction(), 'permission');
+        if ($issue instanceof Issue && $permission === Permission::PERM_ISSUE_MODIFY) {
+            return !$issue->hasReadOnlyTag($this);
+        }
+
         return true;
     }
 

database/migrations/2016_06_26_124851_add_readonly_to_tags.php

@@ -0,0 +1,31 @@
+<?php
+
+use Illuminate\Database\Migrations\Migration;
+use Illuminate\Database\Schema\Blueprint;
+
+class AddReadonlyToTags extends Migration
+{
+    /**
+     * Run the migrations.
+     *
+     * @return void
+     */
+    public function up()
+    {
+        Schema::table('tags', function (Blueprint $table) {
+            $table->bigInteger('readonly')->nullable();
+        });
+    }
+
+    /**
+     * Reverse the migrations.
+     *
+     * @return void
+     */
+    public function down()
+    {
+        Schema::table('tags', function (Blueprint $table) {
+            $table->dropColumn('readonly');
+        });
+    }
+}

resources/lang/en/tinyissue.php

@@ -226,4 +226,5 @@
     'delete_issue_confirm'               => 'Are you sure you want to delete this issue?',
     'issue_has_been_deleted'             => 'The issue has been deleted.',
     'role_limit_help'                    => 'Limit the use of this tag to the selected role and the roles above it.',
+    'readonly_tag_help'                  => 'Prevent editing an issue by users with the selected role and the roles below it.',
 ];

resources/lang/en/validation.php

@@ -104,5 +104,6 @@
         'kanban_board'                       => 'Kanban board',
         'internal_status'                    => 'Internal status',
         'extended_user_settings'             => 'Extended user settings',
+        'readonly'                           => 'Read only'
     ],
 ];