Added application and project roles validation for API procedure calls

author: Frederic Guillot <fred@kanboard.net> 2016-06-26 10:25:13 -0400
committer: Frederic Guillot <fred@kanboard.net> 2016-06-26 10:25:13 -0400
commit: 4a230d331ec220fc32a48525afb308af0d9787fa (patch)
tree: 514aa3d703155b7f97a2c77147c9fd74cef60f84 /app/Api/Authorization/UserAuthorization.php
parent: 922e0fb6de06a98774418612e0b0f75af72b6dbb (diff)
1 files changed, 22 insertions, 0 deletions
diff --git a/app/Api/Authorization/UserAuthorization.php b/app/Api/Authorization/UserAuthorization.php
new file mode 100644
index 00000000..3fd6865c
--- /dev/null
+++ b/app/Api/Authorization/UserAuthorization.php
@@ -0,0 +1,22 @@
+<?php
+
+namespace Kanboard\Api\Authorization;
+
+use JsonRPC\Exception\AccessDeniedException;
+use Kanboard\Core\Base;
+
+/**
+ * Class UserAuthorization
+ *
+ * @package Kanboard\Api\Authorization
+ * @author  Frederic Guillot
+ */
+class UserAuthorization extends Base
+{
+    public function check($class, $method)
+    {
+        if ($this->userSession->isLogged() && ! $this->apiAuthorization->isAllowed($class, $method, $this->userSession->getRole())) {
+            throw new AccessDeniedException('You are not allowed to access to this resource');
+        }
+    }
+}
author	Frederic Guillot <fred@kanboard.net>	2016-06-26 10:25:13 -0400
committer	Frederic Guillot <fred@kanboard.net>	2016-06-26 10:25:13 -0400
commit	4a230d331ec220fc32a48525afb308af0d9787fa (patch)
tree	514aa3d703155b7f97a2c77147c9fd74cef60f84 /app/Api/Authorization/UserAuthorization.php
parent	922e0fb6de06a98774418612e0b0f75af72b6dbb (diff)