diff options
| author | Frédéric Guillot <contact@fredericguillot.com> | 2014-03-01 19:51:09 -0500 |
|---|---|---|
| committer | Frédéric Guillot <contact@fredericguillot.com> | 2014-03-01 19:51:09 -0500 |
| commit | 28bc4246bff405367c9e5640bca356b307962026 (patch) | |
| tree | 897fa49d471c1f4c6fc00bbd7e6d427239d01bd3 /models/acl.php | |
| parent | e7db71b593f2d9856a5b3aacde00a638d074d601 (diff) | |
Add acl and access list for projects
Diffstat (limited to 'models/acl.php')
| -rw-r--r-- | models/acl.php | 64 |
1 files changed, 64 insertions, 0 deletions
diff --git a/models/acl.php b/models/acl.php new file mode 100644 index 00000000..7c363272 --- /dev/null +++ b/models/acl.php @@ -0,0 +1,64 @@ +<?php + +namespace Model; + +class Acl extends Base +{ + // Controllers and actions allowed from outside + private $public_actions = array( + 'user' => array('login', 'check'), + 'task' => array('add'), + 'board' => array('readonly'), + ); + + // Controllers and actions allowed for regular users + private $user_actions = array( + 'app' => array('index'), + 'board' => array('index', 'show', 'assign', 'assigntask', 'save'), + 'project' => array('tasks', 'index', 'forbidden'), + 'task' => array('show', 'create', 'save', 'edit', 'update', 'close', 'confirmclose', 'open', 'confirmopen'), + 'user' => array('index', 'edit', 'update', 'forbidden', 'logout', 'index'), + 'config' => array('index'), + ); + + public function isAllowedAction(array $acl, $controller, $action) + { + if (isset($acl[$controller])) { + return in_array($action, $acl[$controller]); + } + + return false; + } + + public function isPublicAction($controller, $action) + { + return $this->isAllowedAction($this->public_actions, $controller, $action); + } + + public function isUserAction($controller, $action) + { + return $this->isAllowedAction($this->user_actions, $controller, $action); + } + + public function isAdminUser() + { + return isset($_SESSION['user']['is_admin']) && $_SESSION['user']['is_admin'] === '1'; + } + + public function isRegularUser() + { + return isset($_SESSION['user']['is_admin']) && $_SESSION['user']['is_admin'] === '0'; + } + + public function getUserId() + { + return isset($_SESSION['user']['id']) ? (int) $_SESSION['user']['id'] : 0; + } + + public function isPageAccessAllowed($controller, $action) + { + return $this->isPublicAction($controller, $action) || + $this->isAdminUser() || + ($this->isRegularUser() && $this->isUserAction($controller, $action)); + } +} |