Added application and project roles validation for API procedure calls

2016-06-26 10:25:13 -04:00
parent 922e0fb6de
commit 4a230d331e
79 changed files with 1772 additions and 761 deletions
--- a/doc/api-authentication.markdown
+++ b/doc/api-authentication.markdown
@@ -1,48 +1,26 @@
 API Authentication
 ==================

+API endpoint
+------------
+
+URL: `https://YOUR_SERVER/jsonrpc.php`
+
+
 Default method (HTTP Basic)
 ---------------------------

-The API credentials are available on the settings page.
-
- API end-point: `https://YOUR_SERVER/jsonrpc.php`
-
-If you want to use the "application api":
+### Application credentials

 - Username: `jsonrpc`
 - Password: API token on the settings page

-Otherwise for the "user api", just use the real username/passsword.
+### User credentials
+
+- Use the real username and password

 The API use the [HTTP Basic Authentication Scheme described in the RFC2617](http://www.ietf.org/rfc/rfc2617.txt).
-If there is an authentication error, you will receive the HTTP status code `401 Not Authorized`.

-### Authorized User API procedures
-
- getMe
- getMyDashboard
- getMyActivityStream
- createMyPrivateProject
- getMyProjectsList
- getMyProjects
- getTimezone
- getVersion
- getDefaultTaskColor
- getDefaultTaskColors
- getColorList
- getProjectById
- getTask
- getTaskByReference
- getAllTasks
- openTask
- closeTask
- moveTaskPosition
- createTask
- updateTask
- getBoard
- getProjectActivity
- getMyOverdueTasks

 Custom HTTP header
 ------------------
@@ -64,3 +42,14 @@ curl \
 -d '{"jsonrpc": "2.0", "method": "getAllProjects", "id": 1}' \
 http://localhost/kanboard/jsonrpc.php
 ```
+
+Authentication error
+--------------------
+
+If the credentials are wrong, you will receive a `401 Not Authorized` and the corresponding JSON response.
+
+
+Authorization error
+-------------------
+
+If the connected user is not allowed to access to the resource, you will receive a `403 Forbidden`.