Added application and project roles validation for API procedure calls
This commit is contained in:
Frederic Guillot
32
app/Api/Authorization/ProcedureAuthorization.php
Normal file
32
app/Api/Authorization/ProcedureAuthorization.php
Normal file
@@ -0,0 +1,32 @@
|
||||
<?php
|
||||
|
||||
namespace Kanboard\Api\Authorization;
|
||||
|
||||
use JsonRPC\Exception\AccessDeniedException;
|
||||
use Kanboard\Core\Base;
|
||||
|
||||
/**
|
||||
* Class ProcedureAuthorization
|
||||
*
|
||||
* @package Kanboard\Api\Authorization
|
||||
* @author Frederic Guillot
|
||||
*/
|
||||
class ProcedureAuthorization extends Base
|
||||
{
|
||||
private $userSpecificProcedures = array(
|
||||
'getMe',
|
||||
'getMyDashboard',
|
||||
'getMyActivityStream',
|
||||
'createMyPrivateProject',
|
||||
'getMyProjectsList',
|
||||
'getMyProjects',
|
||||
'getMyOverdueTasks',
|
||||
);
|
||||
|
||||
public function check($procedure)
|
||||
{
|
||||
if (! $this->userSession->isLogged() && in_array($procedure, $this->userSpecificProcedures)) {
|
||||
throw new AccessDeniedException('This procedure is not available with the API credentials');
|
||||
}
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user