Added application and project roles validation for API procedure calls

app/Api/Procedure/UserProcedure.php

@@ -0,0 +1,131 @@
+<?php
+
+namespace Kanboard\Api\Procedure;
+
+use LogicException;
+use Kanboard\Core\Security\Role;
+use Kanboard\Core\Ldap\Client as LdapClient;
+use Kanboard\Core\Ldap\ClientException as LdapException;
+use Kanboard\Core\Ldap\User as LdapUser;
+
+/**
+ * User API controller
+ *
+ * @package  Kanboard\Api\Procedure
+ * @author   Frederic Guillot
+ */
+class UserProcedure extends BaseProcedure
+{
+    public function getUser($user_id)
+    {
+        return $this->userModel->getById($user_id);
+    }
+
+    public function getUserByName($username)
+    {
+        return $this->userModel->getByUsername($username);
+    }
+
+    public function getAllUsers()
+    {
+        return $this->userModel->getAll();
+    }
+
+    public function removeUser($user_id)
+    {
+        return $this->userModel->remove($user_id);
+    }
+
+    public function disableUser($user_id)
+    {
+        return $this->userModel->disable($user_id);
+    }
+
+    public function enableUser($user_id)
+    {
+        return $this->userModel->enable($user_id);
+    }
+
+    public function isActiveUser($user_id)
+    {
+        return $this->userModel->isActive($user_id);
+    }
+
+    public function createUser($username, $password, $name = '', $email = '', $role = Role::APP_USER)
+    {
+        $values = array(
+            'username' => $username,
+            'password' => $password,
+            'confirmation' => $password,
+            'name' => $name,
+            'email' => $email,
+            'role' => $role,
+        );
+
+        list($valid, ) = $this->userValidator->validateCreation($values);
+        return $valid ? $this->userModel->create($values) : false;
+    }
+
+    /**
+     * Create LDAP user in the database
+     *
+     * Only "anonymous" and "proxy" LDAP authentication are supported by this method
+     *
+     * User information will be fetched from the LDAP server
+     *
+     * @access public
+     * @param  string $username
+     * @return bool|int
+     */
+    public function createLdapUser($username)
+    {
+        if (LDAP_BIND_TYPE === 'user') {
+            $this->logger->error('LDAP authentication "user" is not supported by this API call');
+            return false;
+        }
+
+        try {
+
+            $ldap = LdapClient::connect();
+            $ldap->setLogger($this->logger);
+            $user = LdapUser::getUser($ldap, $username);
+
+            if ($user === null) {
+                $this->logger->info('User not found in LDAP server');
+                return false;
+            }
+
+            if ($user->getUsername() === '') {
+                throw new LogicException('Username not found in LDAP profile, check the parameter LDAP_USER_ATTRIBUTE_USERNAME');
+            }
+
+            $values = array(
+                'username' => $user->getUsername(),
+                'name' => $user->getName(),
+                'email' => $user->getEmail(),
+                'role' => $user->getRole(),
+                'is_ldap_user' => 1,
+            );
+
+            return $this->userModel->create($values);
+
+        } catch (LdapException $e) {
+            $this->logger->error($e->getMessage());
+            return false;
+        }
+    }
+
+    public function updateUser($id, $username = null, $name = null, $email = null, $role = null)
+    {
+        $values = $this->filterValues(array(
+            'id' => $id,
+            'username' => $username,
+            'name' => $name,
+            'email' => $email,
+            'role' => $role,
+        ));
+
+        list($valid, ) = $this->userValidator->validateApiModification($values);
+        return $valid && $this->userModel->update($values);
+    }
+}