diff options
Diffstat (limited to 'app/ServiceProvider/AuthenticationProvider.php')
| -rw-r--r-- | app/ServiceProvider/AuthenticationProvider.php | 29 |
1 files changed, 17 insertions, 12 deletions
diff --git a/app/ServiceProvider/AuthenticationProvider.php b/app/ServiceProvider/AuthenticationProvider.php index adff1e63..6a9a820e 100644 --- a/app/ServiceProvider/AuthenticationProvider.php +++ b/app/ServiceProvider/AuthenticationProvider.php @@ -2,6 +2,7 @@ namespace Kanboard\ServiceProvider; +use Kanboard\Auth\ApiAccessTokenAuth; use Pimple\Container; use Pimple\ServiceProviderInterface; use Kanboard\Core\Security\AuthenticationManager; @@ -44,6 +45,8 @@ class AuthenticationProvider implements ServiceProviderInterface $container['authenticationManager']->register(new LdapAuth($container)); } + $container['authenticationManager']->register(new ApiAccessTokenAuth($container)); + $container['projectAccessMap'] = $this->getProjectAccessMap(); $container['applicationAccessMap'] = $this->getApplicationAccessMap(); $container['apiAccessMap'] = $this->getApiAccessMap(); @@ -85,7 +88,6 @@ class AuthenticationProvider implements ServiceProviderInterface $acl->add('ExportController', '*', Role::PROJECT_MANAGER); $acl->add('TaskFileController', array('screenshot', 'create', 'save', 'remove', 'confirm'), Role::PROJECT_MEMBER); $acl->add('TaskGanttController', '*', Role::PROJECT_MANAGER); - $acl->add('TaskGanttCreationController', '*', Role::PROJECT_MANAGER); $acl->add('ProjectViewController', array('share', 'updateSharing', 'integrations', 'updateIntegrations', 'notifications', 'updateNotifications', 'duplicate', 'doDuplication'), Role::PROJECT_MANAGER); $acl->add('ProjectPermissionController', '*', Role::PROJECT_MANAGER); $acl->add('ProjectEditController', '*', Role::PROJECT_MANAGER); @@ -133,7 +135,8 @@ class AuthenticationProvider implements ServiceProviderInterface $acl->add('BoardViewController', 'readonly', Role::APP_PUBLIC); $acl->add('ICalendarController', '*', Role::APP_PUBLIC); $acl->add('FeedController', '*', Role::APP_PUBLIC); - $acl->add('AvatarFileController', 'show', Role::APP_PUBLIC); + $acl->add('AvatarFileController', array('show', 'image'), Role::APP_PUBLIC); + $acl->add('UserInviteController', array('signup', 'register'), Role::APP_PUBLIC); $acl->add('ConfigController', '*', Role::APP_ADMIN); $acl->add('TagController', '*', Role::APP_ADMIN); @@ -194,19 +197,21 @@ class AuthenticationProvider implements ServiceProviderInterface $acl->setRoleHierarchy(Role::PROJECT_MEMBER, array(Role::PROJECT_VIEWER)); $acl->add('ActionProcedure', array('removeAction', 'getActions', 'createAction'), Role::PROJECT_MANAGER); - $acl->add('CategoryProcedure', '*', Role::PROJECT_MANAGER); - $acl->add('ColumnProcedure', '*', Role::PROJECT_MANAGER); + $acl->add('CategoryProcedure', array('removeCategory', 'createCategory', 'updateCategory'), Role::PROJECT_MANAGER); + $acl->add('ColumnProcedure', array('updateColumn', 'addColumn', 'removeColumn', 'changeColumnPosition'), Role::PROJECT_MANAGER); $acl->add('CommentProcedure', array('removeComment', 'createComment', 'updateComment'), Role::PROJECT_MEMBER); - $acl->add('ProjectPermissionProcedure', '*', Role::PROJECT_MANAGER); + $acl->add('ProjectPermissionProcedure', array('addProjectUser', 'addProjectGroup', 'removeProjectUser', 'removeProjectGroup', 'changeProjectUserRole', 'changeProjectGroupRole'), Role::PROJECT_MANAGER); $acl->add('ProjectProcedure', array('updateProject', 'removeProject', 'enableProject', 'disableProject', 'enableProjectPublicAccess', 'disableProjectPublicAccess'), Role::PROJECT_MANAGER); - $acl->add('SubtaskProcedure', '*', Role::PROJECT_MEMBER); - $acl->add('SubtaskTimeTrackingProcedure', '*', Role::PROJECT_MEMBER); - $acl->add('SwimlaneProcedure', '*', Role::PROJECT_MANAGER); - $acl->add('ProjectFileProcedure', '*', Role::PROJECT_MEMBER); - $acl->add('TaskFileProcedure', '*', Role::PROJECT_MEMBER); - $acl->add('TaskLinkProcedure', '*', Role::PROJECT_MEMBER); + $acl->add('SubtaskProcedure', array('removeSubtask', 'createSubtask', 'updateSubtask'), Role::PROJECT_MEMBER); + $acl->add('SubtaskTimeTrackingProcedure', array('setSubtaskStartTime', 'setSubtaskEndTime'), Role::PROJECT_MEMBER); + $acl->add('SwimlaneProcedure', array('addSwimlane', 'updateSwimlane', 'removeSwimlane', 'disableSwimlane', 'enableSwimlane', 'changeSwimlanePosition'), Role::PROJECT_MANAGER); + $acl->add('ProjectFileProcedure', array('createProjectFile', 'removeProjectFile', 'removeAllProjectFiles'), Role::PROJECT_MEMBER); + $acl->add('TaskFileProcedure', array('createTaskFile', 'removeTaskFile', 'removeAllTaskFiles'), Role::PROJECT_MEMBER); + $acl->add('TaskLinkProcedure', array('createTaskLink', 'updateTaskLink', 'removeTaskLink'), Role::PROJECT_MEMBER); $acl->add('TaskExternalLinkProcedure', array('createExternalTaskLink', 'updateExternalTaskLink', 'removeExternalTaskLink'), Role::PROJECT_MEMBER); - $acl->add('TaskProcedure', '*', Role::PROJECT_MEMBER); + $acl->add('TaskProcedure', array('openTask', 'closeTask', 'removeTask', 'moveTaskPosition', 'moveTaskToProject', 'duplicateTaskToProject', 'createTask', 'updateTask'), Role::PROJECT_MEMBER); + $acl->add('TaskTagProcedure', array('setTaskTags'), Role::PROJECT_MEMBER); + $acl->add('TagProcedure', array('createTag', 'updateTag', 'removeTag'), Role::PROJECT_MEMBER); return $acl; } |