summaryrefslogtreecommitdiff
path: root/app/Api/Authorization/ProjectAuthorization.php
blob: 7dcdc4455c5c2eddf34c7b4b45c0adc8297e1cf8 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
<?php

namespace Kanboard\Api\Authorization;

use JsonRPC\Exception\AccessDeniedException;
use Kanboard\Core\Base;

/**
 * Class ProjectAuthorization
 *
 * @package Kanboard\Api\Authorization
 * @author  Frederic Guillot
 */
class ProjectAuthorization extends Base
{
    public function check($class, $method, $project_id)
    {
        if ($this->userSession->isLogged()) {
            $this->checkProjectPermission($class, $method, $project_id);
        }
    }
    
    protected function checkProjectPermission($class, $method, $project_id)
    {
        if (empty($project_id)) {
            throw new AccessDeniedException('Project Not Found');
        }
        
        $role = $this->projectUserRoleModel->getUserRole($project_id, $this->userSession->getId());

        if (! $this->apiProjectAuthorization->isAllowed($class, $method, $role)) {
            throw new AccessDeniedException('Project Access Denied');
        }
    }
}