summaryrefslogtreecommitdiff
path: root/app/Api/Authorization/ProjectAuthorization.php
diff options
context:
space:
mode:
Diffstat (limited to 'app/Api/Authorization/ProjectAuthorization.php')
-rw-r--r--app/Api/Authorization/ProjectAuthorization.php35
1 files changed, 35 insertions, 0 deletions
diff --git a/app/Api/Authorization/ProjectAuthorization.php b/app/Api/Authorization/ProjectAuthorization.php
new file mode 100644
index 00000000..21ecf311
--- /dev/null
+++ b/app/Api/Authorization/ProjectAuthorization.php
@@ -0,0 +1,35 @@
+<?php
+
+namespace Kanboard\Api\Authorization;
+
+use JsonRPC\Exception\AccessDeniedException;
+use Kanboard\Core\Base;
+
+/**
+ * Class ProjectAuthorization
+ *
+ * @package Kanboard\Api\Authorization
+ * @author Frederic Guillot
+ */
+class ProjectAuthorization extends Base
+{
+ public function check($class, $method, $project_id)
+ {
+ if ($this->userSession->isLogged()) {
+ $this->checkProjectPermission($class, $method, $project_id);
+ }
+ }
+
+ protected function checkProjectPermission($class, $method, $project_id)
+ {
+ if (empty($project_id)) {
+ throw new AccessDeniedException('Project not found');
+ }
+
+ $role = $this->projectUserRoleModel->getUserRole($project_id, $this->userSession->getId());
+
+ if (! $this->apiProjectAuthorization->isAllowed($class, $method, $role)) {
+ throw new AccessDeniedException('Project access denied');
+ }
+ }
+}
generated by cgit v1.2.3 (git 2.46.0) at 2024-11-26 19:08:03 +0000