Merge branch 'stable' of https://github.com/kanboard/kanboard

author: Teamjungla{CODE} <junglacode@gmail.com> 2016-08-20 13:47:12 -0500
committer: Teamjungla{CODE} <junglacode@gmail.com> 2016-08-20 13:47:12 -0500
commit: fe8e9cdcfe3afc1475c7e7f4392d2b2cc601a12b (patch)
tree: 001403874e9e3716de7c6d51a9f536e9b3c3be5e /app/ServiceProvider/AuthenticationProvider.php
parent: b1e795fc5b45369f7b9b565b1e106d2673361977 (diff)
parent: 98efcf21e355ed6ac3827058b99df86ca67c75bb (diff)
1 files changed, 61 insertions, 0 deletions
diff --git a/app/ServiceProvider/AuthenticationProvider.php b/app/ServiceProvider/AuthenticationProvider.php
index 2fad8a3a..978bc05b 100644
--- a/app/ServiceProvider/AuthenticationProvider.php
+++ b/app/ServiceProvider/AuthenticationProvider.php
@@ -46,9 +46,13 @@ class AuthenticationProvider implements ServiceProviderInterface
 
         $container['projectAccessMap'] = $this->getProjectAccessMap();
         $container['applicationAccessMap'] = $this->getApplicationAccessMap();
+        $container['apiAccessMap'] = $this->getApiAccessMap();
+        $container['apiProjectAccessMap'] = $this->getApiProjectAccessMap();
 
         $container['projectAuthorization'] = new Authorization($container['projectAccessMap']);
         $container['applicationAuthorization'] = new Authorization($container['applicationAccessMap']);
+        $container['apiAuthorization'] = new Authorization($container['apiAccessMap']);
+        $container['apiProjectAuthorization'] = new Authorization($container['apiProjectAccessMap']);
 
         return $container;
     }
@@ -88,6 +92,7 @@ class AuthenticationProvider implements ServiceProviderInterface
         $acl->add('ProjectFileController', '*', Role::PROJECT_MEMBER);
         $acl->add('ProjectUserOverviewController', '*', Role::PROJECT_MANAGER);
         $acl->add('ProjectStatusController', '*', Role::PROJECT_MANAGER);
+        $acl->add('ProjectTagController', '*', Role::PROJECT_MANAGER);
         $acl->add('SubtaskController', '*', Role::PROJECT_MEMBER);
         $acl->add('SubtaskRestrictionController', '*', Role::PROJECT_MEMBER);
         $acl->add('SubtaskStatusController', '*', Role::PROJECT_MEMBER);
@@ -131,6 +136,7 @@ class AuthenticationProvider implements ServiceProviderInterface
         $acl->add('AvatarFileController', 'show', Role::APP_PUBLIC);
 
         $acl->add('ConfigController', '*', Role::APP_ADMIN);
+        $acl->add('TagController', '*', Role::APP_ADMIN);
         $acl->add('PluginController', '*', Role::APP_ADMIN);
         $acl->add('CurrencyController', '*', Role::APP_ADMIN);
         $acl->add('ProjectGanttController', '*', Role::APP_MANAGER);
@@ -149,4 +155,59 @@ class AuthenticationProvider implements ServiceProviderInterface
 
         return $acl;
     }
+
+    /**
+     * Get ACL for the API
+     *
+     * @access public
+     * @return AccessMap
+     */
+    public function getApiAccessMap()
+    {
+        $acl = new AccessMap;
+        $acl->setDefaultRole(Role::APP_USER);
+        $acl->setRoleHierarchy(Role::APP_ADMIN, array(Role::APP_MANAGER, Role::APP_USER, Role::APP_PUBLIC));
+        $acl->setRoleHierarchy(Role::APP_MANAGER, array(Role::APP_USER, Role::APP_PUBLIC));
+
+        $acl->add('UserProcedure', '*', Role::APP_ADMIN);
+        $acl->add('GroupMemberProcedure', '*', Role::APP_ADMIN);
+        $acl->add('GroupProcedure', '*', Role::APP_ADMIN);
+        $acl->add('LinkProcedure', '*', Role::APP_ADMIN);
+        $acl->add('TaskProcedure', array('getOverdueTasks'), Role::APP_ADMIN);
+        $acl->add('ProjectProcedure', array('getAllProjects'), Role::APP_ADMIN);
+        $acl->add('ProjectProcedure', array('createProject'), Role::APP_MANAGER);
+
+        return $acl;
+    }
+
+    /**
+     * Get ACL for the API
+     *
+     * @access public
+     * @return AccessMap
+     */
+    public function getApiProjectAccessMap()
+    {
+        $acl = new AccessMap;
+        $acl->setDefaultRole(Role::PROJECT_VIEWER);
+        $acl->setRoleHierarchy(Role::PROJECT_MANAGER, array(Role::PROJECT_MEMBER, Role::PROJECT_VIEWER));
+        $acl->setRoleHierarchy(Role::PROJECT_MEMBER, array(Role::PROJECT_VIEWER));
+
+        $acl->add('ActionProcedure', array('removeAction', 'getActions', 'createAction'), Role::PROJECT_MANAGER);
+        $acl->add('CategoryProcedure', '*', Role::PROJECT_MANAGER);
+        $acl->add('ColumnProcedure', '*', Role::PROJECT_MANAGER);
+        $acl->add('CommentProcedure', array('removeComment', 'createComment', 'updateComment'), Role::PROJECT_MEMBER);
+        $acl->add('ProjectPermissionProcedure', '*', Role::PROJECT_MANAGER);
+        $acl->add('ProjectProcedure', array('updateProject', 'removeProject', 'enableProject', 'disableProject', 'enableProjectPublicAccess', 'disableProjectPublicAccess'), Role::PROJECT_MANAGER);
+        $acl->add('SubtaskProcedure', '*', Role::PROJECT_MEMBER);
+        $acl->add('SubtaskTimeTrackingProcedure', '*', Role::PROJECT_MEMBER);
+        $acl->add('SwimlaneProcedure', '*', Role::PROJECT_MANAGER);
+        $acl->add('ProjectFileProcedure', '*', Role::PROJECT_MEMBER);
+        $acl->add('TaskFileProcedure', '*', Role::PROJECT_MEMBER);
+        $acl->add('TaskLinkProcedure', '*', Role::PROJECT_MEMBER);
+        $acl->add('TaskExternalLinkProcedure', array('createExternalTaskLink', 'updateExternalTaskLink', 'removeExternalTaskLink'), Role::PROJECT_MEMBER);
+        $acl->add('TaskProcedure', '*', Role::PROJECT_MEMBER);
+
+        return $acl;
+    }
 }
author	Teamjungla{CODE} <junglacode@gmail.com>	2016-08-20 13:47:12 -0500
committer	Teamjungla{CODE} <junglacode@gmail.com>	2016-08-20 13:47:12 -0500
commit	fe8e9cdcfe3afc1475c7e7f4392d2b2cc601a12b (patch)
tree	001403874e9e3716de7c6d51a9f536e9b3c3be5e /app/ServiceProvider/AuthenticationProvider.php
parent	b1e795fc5b45369f7b9b565b1e106d2673361977 (diff)
parent	98efcf21e355ed6ac3827058b99df86ca67c75bb (diff)