Added application and project roles validation for API procedure calls

author: Frederic Guillot <fred@kanboard.net> 2016-06-26 10:25:13 -0400
committer: Frederic Guillot <fred@kanboard.net> 2016-06-26 10:25:13 -0400
commit: 4a230d331ec220fc32a48525afb308af0d9787fa (patch)
tree: 514aa3d703155b7f97a2c77147c9fd74cef60f84 /app/Model
parent: 922e0fb6de06a98774418612e0b0f75af72b6dbb (diff)
7 files changed, 100 insertions, 0 deletions
diff --git a/app/Model/ActionModel.php b/app/Model/ActionModel.php
index 53393ed5..b5d2bd06 100644
--- a/app/Model/ActionModel.php
+++ b/app/Model/ActionModel.php
@@ -86,6 +86,18 @@ class ActionModel extends Base
     }
 
     /**
+     * Get the projectId by the actionId
+     *
+     * @access public
+     * @param  integer $action_id
+     * @return integer
+     */
+    public function getProjectId($action_id)
+    {
+        return $this->db->table(self::TABLE)->eq('id', $action_id)->findOneColumn('project_id') ?: 0;
+    }
+
+    /**
      * Attach parameters to actions
      *
      * @access private
diff --git a/app/Model/CategoryModel.php b/app/Model/CategoryModel.php
index 62fb5611..024d0026 100644
--- a/app/Model/CategoryModel.php
+++ b/app/Model/CategoryModel.php
@@ -56,6 +56,18 @@ class CategoryModel extends Base
     }
 
     /**
+     * Get the projectId by the category id
+     *
+     * @access public
+     * @param  integer   $category_id    Category id
+     * @return integer
+     */
+    public function getProjectId($category_id)
+    {
+        return $this->db->table(self::TABLE)->eq('id', $category_id)->findOneColumn('project_id') ?: 0;
+    }
+
+    /**
      * Get a category id by the category name and project id
      *
      * @access public
diff --git a/app/Model/ColumnModel.php b/app/Model/ColumnModel.php
index 1adac0f2..795fe692 100644
--- a/app/Model/ColumnModel.php
+++ b/app/Model/ColumnModel.php
@@ -32,6 +32,18 @@ class ColumnModel extends Base
     }
 
     /**
+     * Get projectId by the columnId
+     *
+     * @access public
+     * @param  integer  $column_id    Column id
+     * @return integer
+     */
+    public function getProjectId($column_id)
+    {
+        return $this->db->table(self::TABLE)->eq('id', $column_id)->findOneColumn('project_id');
+    }
+
+    /**
      * Get the first column id for a given project
      *
      * @access public
diff --git a/app/Model/CommentModel.php b/app/Model/CommentModel.php
index 36e1fc48..4231f29d 100644
--- a/app/Model/CommentModel.php
+++ b/app/Model/CommentModel.php
@@ -30,6 +30,22 @@ class CommentModel extends Base
     const EVENT_USER_MENTION = 'comment.user.mention';
 
     /**
+     * Get projectId from commentId
+     *
+     * @access public
+     * @param  integer $comment_id
+     * @return integer
+     */
+    public function getProjectId($comment_id)
+    {
+        return $this->db
+            ->table(self::TABLE)
+            ->eq(self::TABLE.'.id', $comment_id)
+            ->join(TaskModel::TABLE, 'id', 'task_id')
+            ->findOneColumn(TaskModel::TABLE . '.project_id') ?: 0;
+    }
+
+    /**
      * Get all comments for a given task
      *
      * @access public
diff --git a/app/Model/SubtaskModel.php b/app/Model/SubtaskModel.php
index 019064ad..a97bddbf 100644
--- a/app/Model/SubtaskModel.php
+++ b/app/Model/SubtaskModel.php
@@ -52,6 +52,22 @@ class SubtaskModel extends Base
     const EVENT_DELETE = 'subtask.delete';
 
     /**
+     * Get projectId from subtaskId
+     *
+     * @access public
+     * @param  integer $subtask_id
+     * @return integer
+     */
+    public function getProjectId($subtask_id)
+    {
+        return $this->db
+            ->table(self::TABLE)
+            ->eq(self::TABLE.'.id', $subtask_id)
+            ->join(TaskModel::TABLE, 'id', 'task_id')
+            ->findOneColumn(TaskModel::TABLE . '.project_id') ?: 0;
+    }
+    
+    /**
      * Get available status
      *
      * @access public
diff --git a/app/Model/TaskFileModel.php b/app/Model/TaskFileModel.php
index 24c1ad4b..7603019a 100644
--- a/app/Model/TaskFileModel.php
+++ b/app/Model/TaskFileModel.php
@@ -73,6 +73,22 @@ class TaskFileModel extends FileModel
     }
 
     /**
+     * Get projectId from fileId
+     *
+     * @access public
+     * @param  integer $file_id
+     * @return integer
+     */
+    public function getProjectId($file_id)
+    {
+        return $this->db
+            ->table(self::TABLE)
+            ->eq(self::TABLE.'.id', $file_id)
+            ->join(TaskModel::TABLE, 'id', 'task_id')
+            ->findOneColumn(TaskModel::TABLE . '.project_id') ?: 0;
+    }
+
+    /**
      * Handle screenshot upload
      *
      * @access public
diff --git a/app/Model/TaskLinkModel.php b/app/Model/TaskLinkModel.php
index 45225e35..09978eae 100644
--- a/app/Model/TaskLinkModel.php
+++ b/app/Model/TaskLinkModel.php
@@ -29,6 +29,22 @@ class TaskLinkModel extends Base
     const EVENT_CREATE_UPDATE = 'tasklink.create_update';
 
     /**
+     * Get projectId from $task_link_id
+     *
+     * @access public
+     * @param  integer $task_link_id
+     * @return integer
+     */
+    public function getProjectId($task_link_id)
+    {
+        return $this->db
+            ->table(self::TABLE)
+            ->eq(self::TABLE.'.id', $task_link_id)
+            ->join(TaskModel::TABLE, 'id', 'task_id')
+            ->findOneColumn(TaskModel::TABLE . '.project_id') ?: 0;
+    }
+
+    /**
      * Get a task link
      *
      * @access public
author	Frederic Guillot <fred@kanboard.net>	2016-06-26 10:25:13 -0400
committer	Frederic Guillot <fred@kanboard.net>	2016-06-26 10:25:13 -0400
commit	4a230d331ec220fc32a48525afb308af0d9787fa (patch)
tree	514aa3d703155b7f97a2c77147c9fd74cef60f84 /app/Model
parent	922e0fb6de06a98774418612e0b0f75af72b6dbb (diff)