From 4a230d331ec220fc32a48525afb308af0d9787fa Mon Sep 17 00:00:00 2001 From: Frederic Guillot Date: Sun, 26 Jun 2016 10:25:13 -0400 Subject: Added application and project roles validation for API procedure calls --- app/Model/ActionModel.php | 12 ++++++++++++ app/Model/CategoryModel.php | 12 ++++++++++++ app/Model/ColumnModel.php | 12 ++++++++++++ app/Model/CommentModel.php | 16 ++++++++++++++++ app/Model/SubtaskModel.php | 16 ++++++++++++++++ app/Model/TaskFileModel.php | 16 ++++++++++++++++ app/Model/TaskLinkModel.php | 16 ++++++++++++++++ 7 files changed, 100 insertions(+) (limited to 'app/Model') diff --git a/app/Model/ActionModel.php b/app/Model/ActionModel.php index 53393ed5..b5d2bd06 100644 --- a/app/Model/ActionModel.php +++ b/app/Model/ActionModel.php @@ -85,6 +85,18 @@ class ActionModel extends Base return $action; } + /** + * Get the projectId by the actionId + * + * @access public + * @param integer $action_id + * @return integer + */ + public function getProjectId($action_id) + { + return $this->db->table(self::TABLE)->eq('id', $action_id)->findOneColumn('project_id') ?: 0; + } + /** * Attach parameters to actions * diff --git a/app/Model/CategoryModel.php b/app/Model/CategoryModel.php index 62fb5611..024d0026 100644 --- a/app/Model/CategoryModel.php +++ b/app/Model/CategoryModel.php @@ -55,6 +55,18 @@ class CategoryModel extends Base return $this->db->table(self::TABLE)->eq('id', $category_id)->findOneColumn('name') ?: ''; } + /** + * Get the projectId by the category id + * + * @access public + * @param integer $category_id Category id + * @return integer + */ + public function getProjectId($category_id) + { + return $this->db->table(self::TABLE)->eq('id', $category_id)->findOneColumn('project_id') ?: 0; + } + /** * Get a category id by the category name and project id * diff --git a/app/Model/ColumnModel.php b/app/Model/ColumnModel.php index 1adac0f2..795fe692 100644 --- a/app/Model/ColumnModel.php +++ b/app/Model/ColumnModel.php @@ -31,6 +31,18 @@ class ColumnModel extends Base return $this->db->table(self::TABLE)->eq('id', $column_id)->findOne(); } + /** + * Get projectId by the columnId + * + * @access public + * @param integer $column_id Column id + * @return integer + */ + public function getProjectId($column_id) + { + return $this->db->table(self::TABLE)->eq('id', $column_id)->findOneColumn('project_id'); + } + /** * Get the first column id for a given project * diff --git a/app/Model/CommentModel.php b/app/Model/CommentModel.php index 36e1fc48..4231f29d 100644 --- a/app/Model/CommentModel.php +++ b/app/Model/CommentModel.php @@ -29,6 +29,22 @@ class CommentModel extends Base const EVENT_CREATE = 'comment.create'; const EVENT_USER_MENTION = 'comment.user.mention'; + /** + * Get projectId from commentId + * + * @access public + * @param integer $comment_id + * @return integer + */ + public function getProjectId($comment_id) + { + return $this->db + ->table(self::TABLE) + ->eq(self::TABLE.'.id', $comment_id) + ->join(TaskModel::TABLE, 'id', 'task_id') + ->findOneColumn(TaskModel::TABLE . '.project_id') ?: 0; + } + /** * Get all comments for a given task * diff --git a/app/Model/SubtaskModel.php b/app/Model/SubtaskModel.php index 019064ad..a97bddbf 100644 --- a/app/Model/SubtaskModel.php +++ b/app/Model/SubtaskModel.php @@ -51,6 +51,22 @@ class SubtaskModel extends Base const EVENT_CREATE = 'subtask.create'; const EVENT_DELETE = 'subtask.delete'; + /** + * Get projectId from subtaskId + * + * @access public + * @param integer $subtask_id + * @return integer + */ + public function getProjectId($subtask_id) + { + return $this->db + ->table(self::TABLE) + ->eq(self::TABLE.'.id', $subtask_id) + ->join(TaskModel::TABLE, 'id', 'task_id') + ->findOneColumn(TaskModel::TABLE . '.project_id') ?: 0; + } + /** * Get available status * diff --git a/app/Model/TaskFileModel.php b/app/Model/TaskFileModel.php index 24c1ad4b..7603019a 100644 --- a/app/Model/TaskFileModel.php +++ b/app/Model/TaskFileModel.php @@ -72,6 +72,22 @@ class TaskFileModel extends FileModel return self::EVENT_CREATE; } + /** + * Get projectId from fileId + * + * @access public + * @param integer $file_id + * @return integer + */ + public function getProjectId($file_id) + { + return $this->db + ->table(self::TABLE) + ->eq(self::TABLE.'.id', $file_id) + ->join(TaskModel::TABLE, 'id', 'task_id') + ->findOneColumn(TaskModel::TABLE . '.project_id') ?: 0; + } + /** * Handle screenshot upload * diff --git a/app/Model/TaskLinkModel.php b/app/Model/TaskLinkModel.php index 45225e35..09978eae 100644 --- a/app/Model/TaskLinkModel.php +++ b/app/Model/TaskLinkModel.php @@ -28,6 +28,22 @@ class TaskLinkModel extends Base */ const EVENT_CREATE_UPDATE = 'tasklink.create_update'; + /** + * Get projectId from $task_link_id + * + * @access public + * @param integer $task_link_id + * @return integer + */ + public function getProjectId($task_link_id) + { + return $this->db + ->table(self::TABLE) + ->eq(self::TABLE.'.id', $task_link_id) + ->join(TaskModel::TABLE, 'id', 'task_id') + ->findOneColumn(TaskModel::TABLE . '.project_id') ?: 0; + } + /** * Get a task link * -- cgit v1.2.3