From 15418a67f0956fbabffefe97ab511593e3a996a8 Mon Sep 17 00:00:00 2001
From: kiswa <kiswa.com@gmail.com>
Date: Wed, 25 May 2016 21:01:31 +0000
Subject: [PATCH] Remove useless route and 'document' route rules

---
 src/api/index.php | 66 +++++++++++++++++++++++------------------------
 1 file changed, 33 insertions(+), 33 deletions(-)

diff --git a/src/api/index.php b/src/api/index.php
index b062df1..62f0c43 100644
--- a/src/api/index.php
+++ b/src/api/index.php
@@ -10,47 +10,47 @@ require 'app-setup.php';
 Auth::CreateInitialAdmin($container);
 Auth::CreateJwtKey();
 
-$app->get   ('/', 'Invalid:noApi');
+// Request | Route               | Handler                         | Minimum Security Level
+//---------|---------------------|---------------------------------|---------------------------
+$app->get   ('/',                 'Invalid:noApi');
 
-$app->get   ('/boards',           'Boards:getAllBoards');
-$app->get   ('/boards/{id}',      'Boards:getBoard');
-$app->post  ('/boards',           'Boards:addBoard');
-$app->post  ('/boards/{id}',      'Boards:updateBoard');
-$app->delete('/boards/{id}',      'Boards:removeBoard');
+$app->get   ('/boards',           'Boards:getAllBoards');           // User (by board access)
+$app->get   ('/boards/{id}',      'Boards:getBoard');               // User (with board access)
+$app->post  ('/boards',           'Boards:addBoard');               // Admin
+$app->post  ('/boards/{id}',      'Boards:updateBoard');            // BoardAdmin (with board access)
+$app->delete('/boards/{id}',      'Boards:removeBoard');            // Admin
 
-$app->get   ('/autoactions',      'AutoActions:getAllActions');
-$app->post  ('/autoactions',      'AutoActions:addAction');
-$app->delete('/autoactions/{id}', 'AutoActions:removeAction');
+$app->get   ('/autoactions',      'AutoActions:getAllActions');     // User
+$app->post  ('/autoactions',      'AutoActions:addAction');         // BoardAdmin
+$app->delete('/autoactions/{id}', 'AutoActions:removeAction');      // BoardAdmin
 
-$app->get   ('/columns/{id}',     'Columns:getColumn');
-$app->post  ('/columns',          'Columns:addColumn');
-$app->post  ('/columns/{id}',     'Columns:updateColumn');
-$app->delete('/columns/{id}',     'Columns:removeColumn');
+$app->get   ('/columns/{id}',     'Columns:getColumn');             // User (with board access)
+$app->post  ('/columns',          'Columns:addColumn');             // BoardAdmin
+$app->post  ('/columns/{id}',     'Columns:updateColumn');          // BoardAdmin
+$app->delete('/columns/{id}',     'Columns:removeColumn');          // BoardAdmin
 
-$app->get   ('/tasks/{id}',       'Tasks:getTask');
-$app->post  ('/tasks',            'Tasks:addTask');
-$app->post  ('/tasks/{id}',       'Tasks:updateTask');
-$app->delete('/tasks/{id}',       'Tasks:removeTask');
+$app->get   ('/tasks/{id}',       'Tasks:getTask');                 // User
+$app->post  ('/tasks',            'Tasks:addTask');                 // User
+$app->post  ('/tasks/{id}',       'Tasks:updateTask');              // BoardAdmin or submitter
+$app->delete('/tasks/{id}',       'Tasks:removeTask');              // BoardAdmin or submitter
 
-$app->get   ('/comments/{id}',    'Comments:getComment');
-$app->post  ('/comments',         'Comments:addComment');
-$app->post  ('/comments/{id}',    'Comments:updateComment');
-$app->delete('/comments/{id}',    'Comments:removeComment');
+$app->get   ('/comments/{id}',    'Comments:getComment');           // User
+$app->post  ('/comments',         'Comments:addComment');           // User
+$app->post  ('/comments/{id}',    'Comments:updateComment');        // BoardAdmin or submitter
+$app->delete('/comments/{id}',    'Comments:removeComment');        // BoardAdmin or submitter
 
-$app->get   ('/attachments/{id}', 'Attachments:getAttachment');
-$app->post  ('/attachments',      'Attachments:addAttachment');
-$app->post  ('/attachments/{id}', 'Attachments:updateAttachment');
-$app->delete('/attachments/{id}', 'Attachments:removeAttachment');
+$app->get   ('/attachments/{id}', 'Attachments:getAttachment');     // User
+$app->post  ('/attachments',      'Attachments:addAttachment');     // User
+$app->delete('/attachments/{id}', 'Attachments:removeAttachment');  // BoardAdmin or submitter
 
-$app->get   ('/users',            'Users:getAllUsers');
-$app->get   ('/users/{id}',       'Users:getUser');
-$app->post  ('/users',            'Users:addUser');
-$app->post  ('/users/{id}',       'Users:updateUser');
-$app->delete('/users/{id}',       'Users:removeUser');
+$app->get   ('/users',            'Users:getAllUsers');             // User (by board access)
+$app->get   ('/users/{id}',       'Users:getUser');                 // User (by board access)
+$app->post  ('/users',            'Users:addUser');                 // Admin
+$app->post  ('/users/{id}',       'Users:updateUser');              // Admin
+$app->delete('/users/{id}',       'Users:removeUser');              // Admin
 
-$app->post('/authenticate',       'Auth:authenticate');
-$app->post('/login',              'Auth:login');
-$app->post('/logout',             'Auth:logout');
+$app->post('/login',              'Auth:login');                    // Unsecured
+$app->post('/logout',             'Auth:logout');                   // Unsecured
 
 $app->run();
 R::close();