Kanboard supports multiple roles at the application level and at the project level.
For each HTTP request:
- Authorize or not access to the resource based on the application access list
- If the resource is for a project (board, task…):
- Fetch user role for this project
- Grant/Denied access based on the project access map
Extending Access Map¶
The Access List (ACL) is based on the controller class name and the
method name. The list of access is handled by the class
There are two access map: one for the application and another one for projects.
- Application access map:
- Project access map:
Examples to define a new policy from your plugin:
// All methods of the class MyController: $this->projectAccessMap->add('MyController', '*', Role::PROJECT_MANAGER); // Specific methods: $this->projectAccessMap->add('MyOtherController', array('create', 'save'), Role::PROJECT_MEMBER);
Roles are defined in the class
The Authorization class (
check the access for each page.