13 files changed, 122 insertions, 20 deletions

diff --git a/app/Api/Authorization/ProjectAuthorization.php b/app/Api/Authorization/ProjectAuthorization.php
index 21ecf311..7dcdc445 100644
--- a/app/Api/Authorization/ProjectAuthorization.php
+++ b/app/Api/Authorization/ProjectAuthorization.php
@@ -23,13 +23,13 @@ class ProjectAuthorization extends Base
     protected function checkProjectPermission($class, $method, $project_id)
     {
         if (empty($project_id)) {
-            throw new AccessDeniedException('Project not found');
+            throw new AccessDeniedException('Project Not Found');
         }
         
         $role = $this->projectUserRoleModel->getUserRole($project_id, $this->userSession->getId());
 
         if (! $this->apiProjectAuthorization->isAllowed($class, $method, $role)) {
-            throw new AccessDeniedException('Project access denied');
+            throw new AccessDeniedException('Project Access Denied');
         }
     }
 }
diff --git a/app/Api/Authorization/TagAuthorization.php b/app/Api/Authorization/TagAuthorization.php
new file mode 100644
index 00000000..247f57db
--- /dev/null
+++ b/app/Api/Authorization/TagAuthorization.php
@@ -0,0 +1,23 @@
+<?php
+
+namespace Kanboard\Api\Authorization;
+
+/**
+ * Class TagAuthorization
+ *
+ * @package Kanboard\Api\Authorization
+ * @author  Frederic Guillot
+ */
+class TagAuthorization extends ProjectAuthorization
+{
+    public function check($class, $method, $tag_id)
+    {
+        if ($this->userSession->isLogged()) {
+            $tag = $this->tagModel->getById($tag_id);
+
+            if (! empty($tag)) {
+                $this->checkProjectPermission($class, $method, $tag['project_id']);
+            }
+        }
+    }
+}
diff --git a/app/Api/Authorization/TaskAuthorization.php b/app/Api/Authorization/TaskAuthorization.php
index db93b76b..6e044211 100644
--- a/app/Api/Authorization/TaskAuthorization.php
+++ b/app/Api/Authorization/TaskAuthorization.php
@@ -10,10 +10,10 @@ namespace Kanboard\Api\Authorization;
  */
 class TaskAuthorization extends ProjectAuthorization
 {
-    public function check($class, $method, $category_id)
+    public function check($class, $method, $task_id)
     {
         if ($this->userSession->isLogged()) {
-            $this->checkProjectPermission($class, $method, $this->taskFinderModel->getProjectId($category_id));
+            $this->checkProjectPermission($class, $method, $this->taskFinderModel->getProjectId($task_id));
         }
     }
 }
diff --git a/app/Api/Middleware/AuthenticationMiddleware.php b/app/Api/Middleware/AuthenticationMiddleware.php
index 8e309593..174dc467 100644
--- a/app/Api/Middleware/AuthenticationMiddleware.php
+++ b/app/Api/Middleware/AuthenticationMiddleware.php
@@ -28,9 +28,10 @@ class AuthenticationMiddleware extends Base implements MiddlewareInterface
     public function execute($username, $password, $procedureName)
     {
         $this->dispatcher->dispatch('app.bootstrap');
+        $this->sessionStorage->scope = 'API';
 
         if ($this->isUserAuthenticated($username, $password)) {
-            $this->userSession->initialize($this->userModel->getByUsername($username));
+            $this->userSession->initialize($this->userCacheDecorator->getByUsername($username));
         } elseif (! $this->isAppAuthenticated($username, $password)) {
             $this->logger->error('API authentication failure for '.$username);
             throw new AuthenticationFailureException('Wrong credentials');
diff --git a/app/Api/Procedure/ActionProcedure.php b/app/Api/Procedure/ActionProcedure.php
index 4043dbb9..72fb9bbe 100644
--- a/app/Api/Procedure/ActionProcedure.php
+++ b/app/Api/Procedure/ActionProcedure.php
@@ -15,17 +15,17 @@ class ActionProcedure extends BaseProcedure
 {
     public function getAvailableActions()
     {
-        return $this->actionManager->getAvailableActions();
+        return (object) $this->actionManager->getAvailableActions();
     }
 
     public function getAvailableActionEvents()
     {
-        return $this->eventManager->getAll();
+        return (object) $this->eventManager->getAll();
     }
 
     public function getCompatibleActionEvents($action_name)
     {
-        return $this->actionManager->getCompatibleEvents($action_name);
+        return (object) $this->actionManager->getCompatibleEvents($action_name);
     }
 
     public function removeAction($action_id)
diff --git a/app/Api/Procedure/BoardProcedure.php b/app/Api/Procedure/BoardProcedure.php
index 674b5466..69daaf09 100644
--- a/app/Api/Procedure/BoardProcedure.php
+++ b/app/Api/Procedure/BoardProcedure.php
@@ -3,7 +3,6 @@
 namespace Kanboard\Api\Procedure;
 
 use Kanboard\Api\Authorization\ProjectAuthorization;
-use Kanboard\Formatter\BoardFormatter;
 
 /**
  * Board API controller
@@ -17,7 +16,7 @@ class BoardProcedure extends BaseProcedure
     {
         ProjectAuthorization::getInstance($this->container)->check($this->getClassName(), 'getBoard', $project_id);
         
-        return BoardFormatter::getInstance($this->container)
+        return $this->boardFormatter
             ->withProjectId($project_id)
             ->withQuery($this->taskFinderModel->getExtendedQuery())
             ->format();
diff --git a/app/Api/Procedure/MeProcedure.php b/app/Api/Procedure/MeProcedure.php
index e59e6522..71d5555b 100644
--- a/app/Api/Procedure/MeProcedure.php
+++ b/app/Api/Procedure/MeProcedure.php
@@ -54,7 +54,7 @@ class MeProcedure extends BaseProcedure
 
     public function getMyProjectsList()
     {
-        return $this->projectUserRoleModel->getProjectsByUser($this->userSession->getId());
+        return (object) $this->projectUserRoleModel->getProjectsByUser($this->userSession->getId());
     }
 
     public function getMyOverdueTasks()
diff --git a/app/Api/Procedure/ProjectPermissionProcedure.php b/app/Api/Procedure/ProjectPermissionProcedure.php
index e22e1d62..1938a067 100644
--- a/app/Api/Procedure/ProjectPermissionProcedure.php
+++ b/app/Api/Procedure/ProjectPermissionProcedure.php
@@ -16,13 +16,13 @@ class ProjectPermissionProcedure extends BaseProcedure
     public function getProjectUsers($project_id)
     {
         ProjectAuthorization::getInstance($this->container)->check($this->getClassName(), 'getProjectUsers', $project_id);
-        return $this->projectUserRoleModel->getAllUsers($project_id);
+        return (object) $this->projectUserRoleModel->getAllUsers($project_id);
     }
 
     public function getAssignableUsers($project_id, $prepend_unassigned = false)
     {
         ProjectAuthorization::getInstance($this->container)->check($this->getClassName(), 'getAssignableUsers', $project_id);
-        return $this->projectUserRoleModel->getAssignableUsersList($project_id, $prepend_unassigned);
+        return (object) $this->projectUserRoleModel->getAssignableUsersList($project_id, $prepend_unassigned);
     }
 
     public function addProjectUser($project_id, $user_id, $role = Role::PROJECT_MEMBER)
diff --git a/app/Api/Procedure/ProjectProcedure.php b/app/Api/Procedure/ProjectProcedure.php
index a580c8d9..e8a34cd3 100644
--- a/app/Api/Procedure/ProjectProcedure.php
+++ b/app/Api/Procedure/ProjectProcedure.php
@@ -32,6 +32,13 @@ class ProjectProcedure extends BaseProcedure
         return $this->formatProject($project);
     }
 
+    public function getProjectByEmail($email)
+    {
+        $project = $this->formatProject($this->projectModel->getByEmail($email));
+        ProjectAuthorization::getInstance($this->container)->check($this->getClassName(), 'getProjectByEmail', $project['id']);
+        return $this->formatProject($project);
+    }
+
     public function getAllProjects()
     {
         return $this->formatProjects($this->projectModel->getAll());
diff --git a/app/Api/Procedure/TagProcedure.php b/app/Api/Procedure/TagProcedure.php
new file mode 100644
index 00000000..f1c06d01
--- /dev/null
+++ b/app/Api/Procedure/TagProcedure.php
@@ -0,0 +1,44 @@
+<?php
+
+namespace Kanboard\Api\Procedure;
+
+use Kanboard\Api\Authorization\ProjectAuthorization;
+use Kanboard\Api\Authorization\TagAuthorization;
+
+/**
+ * Class TagProcedure
+ *
+ * @package Kanboard\Api\Procedure
+ * @author  Frederic Guillot
+ */
+class TagProcedure extends BaseProcedure
+{
+    public function getAllTags()
+    {
+        return $this->tagModel->getAll();
+    }
+
+    public function getTagsByProject($project_id)
+    {
+        ProjectAuthorization::getInstance($this->container)->check($this->getClassName(), 'getTagsByProject', $project_id);
+        return $this->tagModel->getAllByProject($project_id);
+    }
+
+    public function createTag($project_id, $tag)
+    {
+        ProjectAuthorization::getInstance($this->container)->check($this->getClassName(), 'createTag', $project_id);
+        return $this->tagModel->findOrCreateTag($project_id, $tag);
+    }
+
+    public function updateTag($tag_id, $tag)
+    {
+        TagAuthorization::getInstance($this->container)->check($this->getClassName(), 'updateTag', $tag_id);
+        return $this->tagModel->update($tag_id, $tag);
+    }
+
+    public function removeTag($tag_id)
+    {
+        TagAuthorization::getInstance($this->container)->check($this->getClassName(), 'removeTag', $tag_id);
+        return $this->tagModel->remove($tag_id);
+    }
+}
diff --git a/app/Api/Procedure/TaskMetadataProcedure.php b/app/Api/Procedure/TaskMetadataProcedure.php
index 169482f5..ab6c32d0 100644
--- a/app/Api/Procedure/TaskMetadataProcedure.php
+++ b/app/Api/Procedure/TaskMetadataProcedure.php
@@ -15,7 +15,7 @@ class TaskMetadataProcedure extends BaseProcedure
     public function getTaskMetadata($task_id)
     {
         TaskAuthorization::getInstance($this->container)->check($this->getClassName(), 'getTask', $task_id);
-        return $this->taskMetadataModel->getAll($task_id);
+        return (object) $this->taskMetadataModel->getAll($task_id);
     }
 
     public function getTaskMetadataByName($task_id, $name)
diff --git a/app/Api/Procedure/TaskProcedure.php b/app/Api/Procedure/TaskProcedure.php
index ee9242d1..af67f3de 100644
--- a/app/Api/Procedure/TaskProcedure.php
+++ b/app/Api/Procedure/TaskProcedure.php
@@ -87,9 +87,9 @@ class TaskProcedure extends BaseProcedure
     }
 
     public function createTask($title, $project_id, $color_id = '', $column_id = 0, $owner_id = 0, $creator_id = 0,
-                                $date_due = '', $description = '', $category_id = 0, $score = 0, $swimlane_id = 0, $priority = 0,
-                                $recurrence_status = 0, $recurrence_trigger = 0, $recurrence_factor = 0, $recurrence_timeframe = 0,
-                                $recurrence_basedate = 0, $reference = '')
+                               $date_due = '', $description = '', $category_id = 0, $score = 0, $swimlane_id = 0, $priority = 0,
+                               $recurrence_status = 0, $recurrence_trigger = 0, $recurrence_factor = 0, $recurrence_timeframe = 0,
+                               $recurrence_basedate = 0, $reference = '', array $tags = array())
     {
         ProjectAuthorization::getInstance($this->container)->check($this->getClassName(), 'createTask', $project_id);
 
@@ -120,6 +120,7 @@ class TaskProcedure extends BaseProcedure
             'recurrence_basedate' => $recurrence_basedate,
             'reference' => $reference,
             'priority' => $priority,
+            'tags' => $tags,
         );
 
         list($valid, ) = $this->taskValidator->validateCreation($values);
@@ -128,9 +129,9 @@ class TaskProcedure extends BaseProcedure
     }
 
     public function updateTask($id, $title = null, $color_id = null, $owner_id = null,
-                                $date_due = null, $description = null, $category_id = null, $score = null, $priority = null,
-                                $recurrence_status = null, $recurrence_trigger = null, $recurrence_factor = null,
-                                $recurrence_timeframe = null, $recurrence_basedate = null, $reference = null)
+                               $date_due = null, $description = null, $category_id = null, $score = null, $priority = null,
+                               $recurrence_status = null, $recurrence_trigger = null, $recurrence_factor = null,
+                               $recurrence_timeframe = null, $recurrence_basedate = null, $reference = null, $tags = null)
     {
         TaskAuthorization::getInstance($this->container)->check($this->getClassName(), 'updateTask', $id);
         $project_id = $this->taskFinderModel->getProjectId($id);
@@ -159,6 +160,7 @@ class TaskProcedure extends BaseProcedure
             'recurrence_basedate' => $recurrence_basedate,
             'reference' => $reference,
             'priority' => $priority,
+            'tags' => $tags,
         ));
 
         list($valid) = $this->taskValidator->validateApiModification($values);
diff --git a/app/Api/Procedure/TaskTagProcedure.php b/app/Api/Procedure/TaskTagProcedure.php
new file mode 100644
index 00000000..55dac8d4
--- /dev/null
+++ b/app/Api/Procedure/TaskTagProcedure.php
@@ -0,0 +1,26 @@
+<?php
+
+namespace Kanboard\Api\Procedure;
+
+use Kanboard\Api\Authorization\TaskAuthorization;
+
+/**
+ * Class TaskTagProcedure
+ *
+ * @package Kanboard\Api\Procedure
+ * @author  Frederic Guillot
+ */
+class TaskTagProcedure extends BaseProcedure
+{
+    public function setTaskTags($project_id, $task_id, array $tags)
+    {
+        TaskAuthorization::getInstance($this->container)->check($this->getClassName(), 'setTaskTags', $task_id);
+        return $this->taskTagModel->save($project_id, $task_id, $tags);
+    }
+
+    public function getTaskTags($task_id)
+    {
+        TaskAuthorization::getInstance($this->container)->check($this->getClassName(), 'getTaskTags', $task_id);
+        return (object) $this->taskTagModel->getList($task_id);
+    }
+}