kanboard_ynh/sources/app/Model/Acl.php

<?php

namespace Model;

/**
 * Access List
 *
 * @package  model
 * @author   Frederic Guillot
 */
class Acl extends Base
{
    /**
     * Controllers and actions allowed from outside
     *
     * @access private
     * @var array
     */
    private $public_acl = array(
        'user' => array('login', 'check', 'google', 'github'),
        'task' => array('readonly'),
        'board' => array('readonly'),
        'project' => array('feed'),
        'webhook' => '*',
        'app' => array('colors'),
    );

    /**
     * Controllers and actions for project members
     *
     * @access private
     * @var array
     */
    private $member_acl = array(
        'board' => '*',
        'comment' => '*',
        'file' => '*',
        'project' => array('show', 'tasks', 'search', 'activity'),
        'subtask' => '*',
        'task' => '*',
        'tasklink' => '*',
        'calendar' => array('show', 'project'),
    );

    /**
     * Controllers and actions for project managers
     *
     * @access private
     * @var array
     */
    private $manager_acl = array(
        'action' => '*',
        'analytic' => '*',
        'board' => array('movecolumn', 'edit', 'editcolumn', 'updatecolumn', 'add', 'remove'),
        'category' => '*',
        'export' => array('tasks', 'subtasks', 'summary'),
        'project' => array('edit', 'update', 'share', 'integration', 'users', 'alloweverybody', 'allow', 'setowner', 'revoke', 'duplicate', 'disable', 'enable'),
        'swimlane' => '*',
    );

    /**
     * Controllers and actions for admins
     *
     * @access private
     * @var array
     */
    private $admin_acl = array(
        'app' => array('dashboard'),
        'user' => array('index', 'create', 'save', 'remove'),
        'config' => '*',
        'link' => '*',
        'project' => array('remove'),
    );

    /**
     * Return true if the specified controller/action match the given acl
     *
     * @access public
     * @param  array    $acl          Acl list
     * @param  string   $controller   Controller name
     * @param  string   $action       Action name
     * @return bool
     */
    public function matchAcl(array $acl, $controller, $action)
    {
        $action = strtolower($action);
        return isset($acl[$controller]) && $this->hasAction($action, $acl[$controller]);
    }

    /**
     * Return true if the specified action is inside the list of actions
     *
     * @access public
     * @param  string   $action       Action name
     * @param  mixed    $action       Actions list
     * @return bool
     */
    public function hasAction($action, $actions)
    {
        if (is_array($actions)) {
            return in_array($action, $actions);
        }

        return $actions === '*';
    }

    /**
     * Return true if the given action is public
     *
     * @access public
     * @param  string   $controller   Controller name
     * @param  string   $action       Action name
     * @return bool
     */
    public function isPublicAction($controller, $action)
    {
        return $this->matchAcl($this->public_acl, $controller, $action);
    }

    /**
     * Return true if the given action is for admins
     *
     * @access public
     * @param  string   $controller   Controller name
     * @param  string   $action       Action name
     * @return bool
     */
    public function isAdminAction($controller, $action)
    {
        return $this->matchAcl($this->admin_acl, $controller, $action);
    }

    /**
     * Return true if the given action is for project managers
     *
     * @access public
     * @param  string   $controller   Controller name
     * @param  string   $action       Action name
     * @return bool
     */
    public function isManagerAction($controller, $action)
    {
        return $this->matchAcl($this->manager_acl, $controller, $action);
    }

    /**
     * Return true if the given action is for project members
     *
     * @access public
     * @param  string   $controller   Controller name
     * @param  string   $action       Action name
     * @return bool
     */
    public function isMemberAction($controller, $action)
    {
        return $this->matchAcl($this->member_acl, $controller, $action);
    }

    /**
     * Return true if the visitor is allowed to access to the given page
     * We suppose the user already authenticated
     *
     * @access public
     * @param  string   $controller   Controller name
     * @param  string   $action       Action name
     * @param  integer  $project_id   Project id
     * @return bool
     */
    public function isAllowed($controller, $action, $project_id = 0)
    {
        // If you are admin you have access to everything
        if ($this->userSession->isAdmin()) {
            return true;
        }

        // If you access to an admin action, your are not allowed
        if ($this->isAdminAction($controller, $action)) {
            return false;
        }

        // Check project manager permissions
        if ($this->isManagerAction($controller, $action)) {
            return $this->isManagerActionAllowed($project_id);
        }

        // Check project member permissions
        if ($this->isMemberAction($controller, $action)) {
            return $project_id > 0 && $this->projectPermission->isMember($project_id, $this->userSession->getId());
        }

        // Other applications actions are allowed
        return true;
    }

    public function isManagerActionAllowed($project_id)
    {
        if ($this->userSession->isAdmin()) {
            return true;
        }

        return $project_id > 0 && $this->projectPermission->isManager($project_id, $this->userSession->getId());
    }
}
Init files + sources Kanboard 1.0.6 2014-07-20 12:26:15 +02:00			`<?php`

			`namespace Model;`

			`/**`
Update kanboard v1.0.11 2015-01-16 14:23:05 +01:00			`* Access List`
Init files + sources Kanboard 1.0.6 2014-07-20 12:26:15 +02:00			`*`
			`* @package model`
			`* @author Frederic Guillot`
			`*/`
			`class Acl extends Base`
			`{`
			`/**`
			`* Controllers and actions allowed from outside`
			`*`
			`* @access private`
			`* @var array`
			`*/`
Update kanboard v1.0.11 2015-01-16 14:23:05 +01:00			`private $public_acl = array(`
Init files + sources Kanboard 1.0.6 2014-07-20 12:26:15 +02:00			`'user' => array('login', 'check', 'google', 'github'),`
Update kanboard v1.0.9 2014-11-23 20:13:38 +01:00			`'task' => array('readonly'),`
Init files + sources Kanboard 1.0.6 2014-07-20 12:26:15 +02:00			`'board' => array('readonly'),`
Update kanboard v1.0.8 2014-10-22 19:59:09 +02:00			`'project' => array('feed'),`
Update kanboard v1.0.11 2015-01-16 14:23:05 +01:00			`'webhook' => '*',`
Update kanboard v1.0.12 2015-02-25 17:29:06 +01:00			`'app' => array('colors'),`
Init files + sources Kanboard 1.0.6 2014-07-20 12:26:15 +02:00			`);`

			`/**`
Update kanboard v1.0.11 2015-01-16 14:23:05 +01:00			`* Controllers and actions for project members`
Init files + sources Kanboard 1.0.6 2014-07-20 12:26:15 +02:00			`*`
			`* @access private`
			`* @var array`
			`*/`
Update kanboard v1.0.11 2015-01-16 14:23:05 +01:00			`private $member_acl = array(`
			`'board' => '*',`
			`'comment' => '*',`
			`'file' => '*',`
			`'project' => array('show', 'tasks', 'search', 'activity'),`
			`'subtask' => '*',`
			`'task' => '*',`
Update kanboard v1.0.12 2015-02-25 17:29:06 +01:00			`'tasklink' => '*',`
			`'calendar' => array('show', 'project'),`
Init files + sources Kanboard 1.0.6 2014-07-20 12:26:15 +02:00			`);`

			`/**`
Update kanboard v1.0.11 2015-01-16 14:23:05 +01:00			`* Controllers and actions for project managers`
Init files + sources Kanboard 1.0.6 2014-07-20 12:26:15 +02:00			`*`
Update kanboard v1.0.11 2015-01-16 14:23:05 +01:00			`* @access private`
			`* @var array`
Init files + sources Kanboard 1.0.6 2014-07-20 12:26:15 +02:00			`*/`
Update kanboard v1.0.11 2015-01-16 14:23:05 +01:00			`private $manager_acl = array(`
			`'action' => '*',`
			`'analytic' => '*',`
Update kanboard v1.0.12 2015-02-25 17:29:06 +01:00			`'board' => array('movecolumn', 'edit', 'editcolumn', 'updatecolumn', 'add', 'remove'),`
Update kanboard v1.0.11 2015-01-16 14:23:05 +01:00			`'category' => '*',`
			`'export' => array('tasks', 'subtasks', 'summary'),`
			`'project' => array('edit', 'update', 'share', 'integration', 'users', 'alloweverybody', 'allow', 'setowner', 'revoke', 'duplicate', 'disable', 'enable'),`
			`'swimlane' => '*',`
			`);`
Init files + sources Kanboard 1.0.6 2014-07-20 12:26:15 +02:00
Update kanboard v1.0.11 2015-01-16 14:23:05 +01:00			`/**`
			`* Controllers and actions for admins`
			`*`
			`* @access private`
			`* @var array`
			`*/`
			`private $admin_acl = array(`
Update kanboard v1.0.12 2015-02-25 17:29:06 +01:00			`'app' => array('dashboard'),`
Update kanboard v1.0.11 2015-01-16 14:23:05 +01:00			`'user' => array('index', 'create', 'save', 'remove'),`
			`'config' => '*',`
Update kanboard v1.0.12 2015-02-25 17:29:06 +01:00			`'link' => '*',`
Update kanboard v1.0.11 2015-01-16 14:23:05 +01:00			`'project' => array('remove'),`
			`);`
Init files + sources Kanboard 1.0.6 2014-07-20 12:26:15 +02:00
			`/**`
Update kanboard v1.0.11 2015-01-16 14:23:05 +01:00			`* Return true if the specified controller/action match the given acl`
Init files + sources Kanboard 1.0.6 2014-07-20 12:26:15 +02:00			`*`
			`* @access public`
Update kanboard v1.0.11 2015-01-16 14:23:05 +01:00			`* @param array $acl Acl list`
Init files + sources Kanboard 1.0.6 2014-07-20 12:26:15 +02:00			`* @param string $controller Controller name`
			`* @param string $action Action name`
			`* @return bool`
			`*/`
Update kanboard v1.0.11 2015-01-16 14:23:05 +01:00			`public function matchAcl(array $acl, $controller, $action)`
Init files + sources Kanboard 1.0.6 2014-07-20 12:26:15 +02:00			`{`
Update kanboard v1.0.11 2015-01-16 14:23:05 +01:00			`$action = strtolower($action);`
			`return isset($acl[$controller]) && $this->hasAction($action, $acl[$controller]);`
Init files + sources Kanboard 1.0.6 2014-07-20 12:26:15 +02:00			`}`

			`/**`
Update kanboard v1.0.11 2015-01-16 14:23:05 +01:00			`* Return true if the specified action is inside the list of actions`
Init files + sources Kanboard 1.0.6 2014-07-20 12:26:15 +02:00			`*`
			`* @access public`
			`* @param string $action Action name`
Update kanboard v1.0.11 2015-01-16 14:23:05 +01:00			`* @param mixed $action Actions list`
Init files + sources Kanboard 1.0.6 2014-07-20 12:26:15 +02:00			`* @return bool`
			`*/`
Update kanboard v1.0.11 2015-01-16 14:23:05 +01:00			`public function hasAction($action, $actions)`
Init files + sources Kanboard 1.0.6 2014-07-20 12:26:15 +02:00			`{`
Update kanboard v1.0.11 2015-01-16 14:23:05 +01:00			`if (is_array($actions)) {`
			`return in_array($action, $actions);`
			`}`

			`return $actions === '*';`
Init files + sources Kanboard 1.0.6 2014-07-20 12:26:15 +02:00			`}`

			`/**`
Update kanboard v1.0.11 2015-01-16 14:23:05 +01:00			`* Return true if the given action is public`
Init files + sources Kanboard 1.0.6 2014-07-20 12:26:15 +02:00			`*`
			`* @access public`
Update kanboard v1.0.11 2015-01-16 14:23:05 +01:00			`* @param string $controller Controller name`
			`* @param string $action Action name`
Init files + sources Kanboard 1.0.6 2014-07-20 12:26:15 +02:00			`* @return bool`
			`*/`
Update kanboard v1.0.11 2015-01-16 14:23:05 +01:00			`public function isPublicAction($controller, $action)`
Init files + sources Kanboard 1.0.6 2014-07-20 12:26:15 +02:00			`{`
Update kanboard v1.0.11 2015-01-16 14:23:05 +01:00			`return $this->matchAcl($this->public_acl, $controller, $action);`
Init files + sources Kanboard 1.0.6 2014-07-20 12:26:15 +02:00			`}`

			`/**`
Update kanboard v1.0.11 2015-01-16 14:23:05 +01:00			`* Return true if the given action is for admins`
Init files + sources Kanboard 1.0.6 2014-07-20 12:26:15 +02:00			`*`
			`* @access public`
Update kanboard v1.0.11 2015-01-16 14:23:05 +01:00			`* @param string $controller Controller name`
			`* @param string $action Action name`
Init files + sources Kanboard 1.0.6 2014-07-20 12:26:15 +02:00			`* @return bool`
			`*/`
Update kanboard v1.0.11 2015-01-16 14:23:05 +01:00			`public function isAdminAction($controller, $action)`
Init files + sources Kanboard 1.0.6 2014-07-20 12:26:15 +02:00			`{`
Update kanboard v1.0.11 2015-01-16 14:23:05 +01:00			`return $this->matchAcl($this->admin_acl, $controller, $action);`
Init files + sources Kanboard 1.0.6 2014-07-20 12:26:15 +02:00			`}`

			`/**`
Update kanboard v1.0.11 2015-01-16 14:23:05 +01:00			`* Return true if the given action is for project managers`
Init files + sources Kanboard 1.0.6 2014-07-20 12:26:15 +02:00			`*`
			`* @access public`
Update kanboard v1.0.11 2015-01-16 14:23:05 +01:00			`* @param string $controller Controller name`
			`* @param string $action Action name`
			`* @return bool`
Init files + sources Kanboard 1.0.6 2014-07-20 12:26:15 +02:00			`*/`
Update kanboard v1.0.11 2015-01-16 14:23:05 +01:00			`public function isManagerAction($controller, $action)`
Init files + sources Kanboard 1.0.6 2014-07-20 12:26:15 +02:00			`{`
Update kanboard v1.0.11 2015-01-16 14:23:05 +01:00			`return $this->matchAcl($this->manager_acl, $controller, $action);`
Init files + sources Kanboard 1.0.6 2014-07-20 12:26:15 +02:00			`}`

			`/**`
Update kanboard v1.0.11 2015-01-16 14:23:05 +01:00			`* Return true if the given action is for project members`
Init files + sources Kanboard 1.0.6 2014-07-20 12:26:15 +02:00			`*`
			`* @access public`
Update kanboard v1.0.11 2015-01-16 14:23:05 +01:00			`* @param string $controller Controller name`
			`* @param string $action Action name`
Init files + sources Kanboard 1.0.6 2014-07-20 12:26:15 +02:00			`* @return bool`
			`*/`
Update kanboard v1.0.11 2015-01-16 14:23:05 +01:00			`public function isMemberAction($controller, $action)`
Init files + sources Kanboard 1.0.6 2014-07-20 12:26:15 +02:00			`{`
Update kanboard v1.0.11 2015-01-16 14:23:05 +01:00			`return $this->matchAcl($this->member_acl, $controller, $action);`
Init files + sources Kanboard 1.0.6 2014-07-20 12:26:15 +02:00			`}`

			`/**`
Update kanboard v1.0.11 2015-01-16 14:23:05 +01:00			`* Return true if the visitor is allowed to access to the given page`
			`* We suppose the user already authenticated`
Init files + sources Kanboard 1.0.6 2014-07-20 12:26:15 +02:00			`*`
			`* @access public`
Update kanboard v1.0.11 2015-01-16 14:23:05 +01:00			`* @param string $controller Controller name`
			`* @param string $action Action name`
			`* @param integer $project_id Project id`
Init files + sources Kanboard 1.0.6 2014-07-20 12:26:15 +02:00			`* @return bool`
			`*/`
Update kanboard v1.0.11 2015-01-16 14:23:05 +01:00			`public function isAllowed($controller, $action, $project_id = 0)`
Init files + sources Kanboard 1.0.6 2014-07-20 12:26:15 +02:00			`{`
Update kanboard v1.0.11 2015-01-16 14:23:05 +01:00			`// If you are admin you have access to everything`
			`if ($this->userSession->isAdmin()) {`
			`return true;`
Init files + sources Kanboard 1.0.6 2014-07-20 12:26:15 +02:00			`}`

Update kanboard v1.0.11 2015-01-16 14:23:05 +01:00			`// If you access to an admin action, your are not allowed`
			`if ($this->isAdminAction($controller, $action)) {`
			`return false;`
			`}`

			`// Check project manager permissions`
			`if ($this->isManagerAction($controller, $action)) {`
			`return $this->isManagerActionAllowed($project_id);`
			`}`

			`// Check project member permissions`
			`if ($this->isMemberAction($controller, $action)) {`
			`return $project_id > 0 && $this->projectPermission->isMember($project_id, $this->userSession->getId());`
			`}`

			`// Other applications actions are allowed`
			`return true;`
Init files + sources Kanboard 1.0.6 2014-07-20 12:26:15 +02:00			`}`

Update kanboard v1.0.11 2015-01-16 14:23:05 +01:00			`public function isManagerActionAllowed($project_id)`
Init files + sources Kanboard 1.0.6 2014-07-20 12:26:15 +02:00			`{`
Update kanboard v1.0.11 2015-01-16 14:23:05 +01:00			`if ($this->userSession->isAdmin()) {`
			`return true;`
			`}`

			`return $project_id > 0 && $this->projectPermission->isManager($project_id, $this->userSession->getId());`
Init files + sources Kanboard 1.0.6 2014-07-20 12:26:15 +02:00			`}`
			`}`