summaryrefslogtreecommitdiff
path: root/app/ServiceProvider/AuthenticationProvider.php
diff options
context:
space:
mode:
authorJLGC @monolinux <monolinux@junglacode.org>2016-08-15 23:13:16 -0500
committerJLGC @monolinux <monolinux@junglacode.org>2016-08-15 23:13:16 -0500
commit683c0464093f6a7976236c68653c2a2cc5dae280 (patch)
treebf176ecd82415cc4952eea071b7d264dd5fd68b4 /app/ServiceProvider/AuthenticationProvider.php
parentb1e795fc5b45369f7b9b565b1e106d2673361977 (diff)
parent5f82a942c0011bf91947b2c1d627c0907bda0c92 (diff)
Merge https://github.com/kanboard/kanboard
Diffstat (limited to 'app/ServiceProvider/AuthenticationProvider.php')
-rw-r--r--app/ServiceProvider/AuthenticationProvider.php61
1 files changed, 61 insertions, 0 deletions
diff --git a/app/ServiceProvider/AuthenticationProvider.php b/app/ServiceProvider/AuthenticationProvider.php
index 2fad8a3a..978bc05b 100644
--- a/app/ServiceProvider/AuthenticationProvider.php
+++ b/app/ServiceProvider/AuthenticationProvider.php
@@ -46,9 +46,13 @@ class AuthenticationProvider implements ServiceProviderInterface
$container['projectAccessMap'] = $this->getProjectAccessMap();
$container['applicationAccessMap'] = $this->getApplicationAccessMap();
+ $container['apiAccessMap'] = $this->getApiAccessMap();
+ $container['apiProjectAccessMap'] = $this->getApiProjectAccessMap();
$container['projectAuthorization'] = new Authorization($container['projectAccessMap']);
$container['applicationAuthorization'] = new Authorization($container['applicationAccessMap']);
+ $container['apiAuthorization'] = new Authorization($container['apiAccessMap']);
+ $container['apiProjectAuthorization'] = new Authorization($container['apiProjectAccessMap']);
return $container;
}
@@ -88,6 +92,7 @@ class AuthenticationProvider implements ServiceProviderInterface
$acl->add('ProjectFileController', '*', Role::PROJECT_MEMBER);
$acl->add('ProjectUserOverviewController', '*', Role::PROJECT_MANAGER);
$acl->add('ProjectStatusController', '*', Role::PROJECT_MANAGER);
+ $acl->add('ProjectTagController', '*', Role::PROJECT_MANAGER);
$acl->add('SubtaskController', '*', Role::PROJECT_MEMBER);
$acl->add('SubtaskRestrictionController', '*', Role::PROJECT_MEMBER);
$acl->add('SubtaskStatusController', '*', Role::PROJECT_MEMBER);
@@ -131,6 +136,7 @@ class AuthenticationProvider implements ServiceProviderInterface
$acl->add('AvatarFileController', 'show', Role::APP_PUBLIC);
$acl->add('ConfigController', '*', Role::APP_ADMIN);
+ $acl->add('TagController', '*', Role::APP_ADMIN);
$acl->add('PluginController', '*', Role::APP_ADMIN);
$acl->add('CurrencyController', '*', Role::APP_ADMIN);
$acl->add('ProjectGanttController', '*', Role::APP_MANAGER);
@@ -149,4 +155,59 @@ class AuthenticationProvider implements ServiceProviderInterface
return $acl;
}
+
+ /**
+ * Get ACL for the API
+ *
+ * @access public
+ * @return AccessMap
+ */
+ public function getApiAccessMap()
+ {
+ $acl = new AccessMap;
+ $acl->setDefaultRole(Role::APP_USER);
+ $acl->setRoleHierarchy(Role::APP_ADMIN, array(Role::APP_MANAGER, Role::APP_USER, Role::APP_PUBLIC));
+ $acl->setRoleHierarchy(Role::APP_MANAGER, array(Role::APP_USER, Role::APP_PUBLIC));
+
+ $acl->add('UserProcedure', '*', Role::APP_ADMIN);
+ $acl->add('GroupMemberProcedure', '*', Role::APP_ADMIN);
+ $acl->add('GroupProcedure', '*', Role::APP_ADMIN);
+ $acl->add('LinkProcedure', '*', Role::APP_ADMIN);
+ $acl->add('TaskProcedure', array('getOverdueTasks'), Role::APP_ADMIN);
+ $acl->add('ProjectProcedure', array('getAllProjects'), Role::APP_ADMIN);
+ $acl->add('ProjectProcedure', array('createProject'), Role::APP_MANAGER);
+
+ return $acl;
+ }
+
+ /**
+ * Get ACL for the API
+ *
+ * @access public
+ * @return AccessMap
+ */
+ public function getApiProjectAccessMap()
+ {
+ $acl = new AccessMap;
+ $acl->setDefaultRole(Role::PROJECT_VIEWER);
+ $acl->setRoleHierarchy(Role::PROJECT_MANAGER, array(Role::PROJECT_MEMBER, Role::PROJECT_VIEWER));
+ $acl->setRoleHierarchy(Role::PROJECT_MEMBER, array(Role::PROJECT_VIEWER));
+
+ $acl->add('ActionProcedure', array('removeAction', 'getActions', 'createAction'), Role::PROJECT_MANAGER);
+ $acl->add('CategoryProcedure', '*', Role::PROJECT_MANAGER);
+ $acl->add('ColumnProcedure', '*', Role::PROJECT_MANAGER);
+ $acl->add('CommentProcedure', array('removeComment', 'createComment', 'updateComment'), Role::PROJECT_MEMBER);
+ $acl->add('ProjectPermissionProcedure', '*', Role::PROJECT_MANAGER);
+ $acl->add('ProjectProcedure', array('updateProject', 'removeProject', 'enableProject', 'disableProject', 'enableProjectPublicAccess', 'disableProjectPublicAccess'), Role::PROJECT_MANAGER);
+ $acl->add('SubtaskProcedure', '*', Role::PROJECT_MEMBER);
+ $acl->add('SubtaskTimeTrackingProcedure', '*', Role::PROJECT_MEMBER);
+ $acl->add('SwimlaneProcedure', '*', Role::PROJECT_MANAGER);
+ $acl->add('ProjectFileProcedure', '*', Role::PROJECT_MEMBER);
+ $acl->add('TaskFileProcedure', '*', Role::PROJECT_MEMBER);
+ $acl->add('TaskLinkProcedure', '*', Role::PROJECT_MEMBER);
+ $acl->add('TaskExternalLinkProcedure', array('createExternalTaskLink', 'updateExternalTaskLink', 'removeExternalTaskLink'), Role::PROJECT_MEMBER);
+ $acl->add('TaskProcedure', '*', Role::PROJECT_MEMBER);
+
+ return $acl;
+ }
}