* initial commit

2018-11-11 12:01:18 +01:00
commit 17ec066110
165 changed files with 20529 additions and 0 deletions
--- a/config/autoload/authx2.global.php
+++ b/config/autoload/authx2.global.php
@@ -0,0 +1,93 @@
+<?php
+
+/**
+ * Authorization, authentication config
+ */
+
+return [
+    'acl_config' => [
+        'unguarded_routes' => [
+            'api.auth.login',
+            'api.ping',
+            'api.xlsx',
+            'show-attachment',
+            'hibajegy-pdf',
+            'karbantartasjegy-pdf',
+            'havi-riport-pdf',
+        ],
+
+        'route_guard' => [
+            'roles' => [
+                /**
+                 * child role => parents[]
+                 * parentrole has all child roles permissions
+                 * order of roles DO matter, referenced parents MUST exist, so should be defined first
+                 */
+                // karbantartó oldal
+                'uzemeltetesi_vezeto' => [
+                    'ufo',
+                ],
+                'betekinto' => [
+                    'uzemeltetesi_vezeto',
+                ],
+                // ügyfél oldal
+                'karbantarto' => [
+                    'projektvezeto'
+                ],
+                'user' => [
+                    'betekinto',
+                    'karbantarto',
+                ],
+            ],
+            'permissions' => [
+                // 'admin' role has full access
+                'uzemeltetesi_vezeto' => [
+                    'api.fault.post',
+                    'api.fault.put',
+                    'api.report.post',
+                    'api.fault-attachment.post',
+                    'api.fault-comment.post',
+                    'api.fault-reject.post',
+                    'api.maintenance',
+                    'api.maintenance.upcoming'
+                ],
+                'ufo' => [
+                    'api.fault.put',
+                    'api.fault-attachment.post',
+                    'api.fault-comment.post',
+                    'api.fault-reject.post',
+                ],
+//              'betekinto' => [
+//                  'api.fault.get',
+//              ],
+
+                'projektvezeto' => [
+                    'api.fault.put',
+                    'api.report.post',
+                    'api.fault-attachment.post',
+                    'api.fault-comment.post',
+                    'api.maintenance',
+                    'api.maintenance.put',
+                    'api.maintenance.upcoming',
+                ],
+                'karbantarto' => [
+                ],
+                // anybody logged in has the 'user' meta role, its not assignable otherwise
+                // api endpoints defined here are accessible to all authenticated users
+                'user' => [
+                    'api.auth.renew',
+                    'api.user.list',
+                    'api.user.profile',
+                    'api.user.password',
+//                    'api.settings.post',
+                    'api.error-category.get',
+                    'api.error-origin.get',
+                    'api.facility-location.get',
+                    'api.solution-time-interval.get',
+                    'api.fault.get',
+                    'show-attachment',
+                ],
+            ],
+        ],
+    ],
+];