1 files changed, 52 insertions, 16 deletions

diff --git a/app/Helper/User.php b/app/Helper/User.php
index 9ef20b38..b242dbb4 100644
--- a/app/Helper/User.php
+++ b/app/Helper/User.php
@@ -2,6 +2,8 @@
 
 namespace Kanboard\Helper;
 
+use Kanboard\Core\Security\Role;
+
 /**
  * User helpers
  *
@@ -65,6 +67,7 @@ class User extends \Kanboard\Core\Base
             array('user_id' => $this->userSession->getId())
         );
     }
+
     /**
      * Check if the given user_id is the connected user
      *
@@ -88,44 +91,77 @@ class User extends \Kanboard\Core\Base
     }
 
     /**
-     * Return if the logged user is project admin
+     * Get role name
      *
      * @access public
-     * @return boolean
+     * @param  string  $role
+     * @return string
      */
-    public function isProjectAdmin()
+    public function getRoleName($role = '')
     {
-        return $this->userSession->isProjectAdmin();
+        return $this->role->getRoleName($role ?: $this->userSession->getRole());
     }
 
     /**
-     * Check for project administration actions access (Project Admin group)
+     * Check application access
      *
-     * @access public
-     * @return boolean
+     * @param  string  $controller
+     * @param  string  $action
+     * @return bool
      */
-    public function isProjectAdministrationAllowed($project_id)
+    public function hasAccess($controller, $action)
     {
-        if ($this->userSession->isAdmin()) {
-            return true;
+        $key = 'app_access:'.$controller.$action;
+        $result = $this->memoryCache->get($key);
+
+        if ($result === null) {
+            $result = $this->applicationAuthorization->isAllowed($controller, $action, $this->userSession->getRole());
+            $this->memoryCache->set($key, $result);
         }
 
-        return $this->memoryCache->proxy($this->container['acl'], 'handleProjectAdminPermissions', $project_id);
+        return $result;
     }
 
     /**
-     * Check for project management actions access (Regular users who are Project Managers)
+     * Check project access
      *
-     * @access public
-     * @return boolean
+     * @param  string  $controller
+     * @param  string  $action
+     * @param  integer $project_id
+     * @return bool
      */
-    public function isProjectManagementAllowed($project_id)
+    public function hasProjectAccess($controller, $action, $project_id)
     {
         if ($this->userSession->isAdmin()) {
             return true;
         }
 
-        return $this->memoryCache->proxy($this->container['acl'], 'handleProjectManagerPermissions', $project_id);
+        if (! $this->hasAccess($controller, $action)) {
+            return false;
+        }
+
+        $key = 'project_access:'.$controller.$action.$project_id;
+        $result = $this->memoryCache->get($key);
+
+        if ($result === null) {
+            $role = $this->getProjectUserRole($project_id);
+            $result = $this->projectAuthorization->isAllowed($controller, $action, $role);
+            $this->memoryCache->set($key, $result);
+        }
+
+        return $result;
+    }
+
+    /**
+     * Get project role for the current user
+     *
+     * @access public
+     * @param  integer $project_id
+     * @return string
+     */
+    public function getProjectUserRole($project_id)
+    {
+        return $this->memoryCache->proxy($this->projectUserRole, 'getUserRole', $project_id, $this->userSession->getId());
     }
 
     /**