404 changed files with 4120 additions and 53467 deletions
--- a/.env.dist
+++ b/.env.dist
@ -70,11 +70,8 @@ INVENTORY_API_AUTH_TOKEN=insert_auth_token_here
 # API logging
 API_LOGGING=set_to_true_or_false

-# customer distance limit in km for mobile
-CUST_DISTANCE_LIMIT=5
-
-# customer distance limit in km for admin panel
-CUST_DISTANCE_LIMIT_ADMIN_PANEL=5
+# customer distance limit in km
+CUST_DISTANCE_LIMIT=set_to_number

 MAPTILER_API_KEY=map_tiler_api_key

@ -83,10 +80,3 @@ API_VERSION=insert_api_version_here

 #SSL_ENABLE for websockets
 SSL_ENABLE=set_to_true_or_false
-
-# for hub filtering round robin
-HUB_JO_KEY=hub_jo_count
-
-# hub geofence
-HUB_GEOFENCE_ENABLE=set_to_true_or_false
-HUB_FILTER_ENABLE=set_to_true_or_false
--- a/.gitignore
+++ b/.gitignore
@ -11,7 +11,3 @@
 ###< symfony/framework-bundle ###

 *.swp
-/public/warranty_uploads/*
-.vscode
-*__pycache__
-/public/assets/images/insurance-premiums.png
--- a/catalyst/api-bundle/Access/Generator.php
+++ b/catalyst/api-bundle/Access/Generator.php
@ -0,0 +1,9 @@
+<?php
+
+namespace Catalyst\APIBundle\Access;
+
+use Catalyst\AuthBundle\Service\ACLGenerator as BaseGenerator;
+
+class Generator extends BaseGenerator
+{
+}
--- a/catalyst/api-bundle/Access/Voter.php
+++ b/catalyst/api-bundle/Access/Voter.php
@ -0,0 +1,10 @@
+<?php
+
+namespace Catalyst\APIBundle\Access;
+
+use Catalyst\AuthBundle\Service\ACLVoter as BaseVoter;
+
+class Voter extends BaseVoter
+{
+}
+
--- a/catalyst/api-bundle/CatalystAPIBundle.php
+++ b/catalyst/api-bundle/CatalystAPIBundle.php
@ -0,0 +1,9 @@
+<?php
+
+namespace Catalyst\APIBundle;
+
+use Symfony\Component\HttpKernel\Bundle\Bundle;
+
+class CatalystAPIBundle extends Bundle
+{
+}
--- a/catalyst/api-bundle/Command/TestAPICommand.php
+++ b/catalyst/api-bundle/Command/TestAPICommand.php
@ -0,0 +1,155 @@
+<?php
+
+namespace Catalyst\APIBundle\Command;
+
+use Symfony\Component\Console\Command\Command;
+use Symfony\Component\Console\Input\InputArgument;
+use Symfony\Component\Console\Input\InputOption;
+use Symfony\Component\Console\Input\InputInterface;
+use Symfony\Component\Console\Output\OutputInterface;
+use Symfony\Component\Security\Core\Encoder\EncoderFactoryInterface;
+
+use Catalyst\APIBundle\Connector\Client as APIClient;
+
+
+class TestAPICommand extends Command
+{
+    protected function configure()
+    {
+        $this->setName('api:test-connector-all')
+            ->setDescription('Test API connector with all commands.')
+            ->setHelp('Test API Connector with all commands.')
+            ->addArgument('protocol', InputArgument::REQUIRED, 'protocol')
+            ->addArgument('server', InputArgument::REQUIRED, 'server')
+            ->addArgument('api_key', InputArgument::REQUIRED, 'api_key')
+            ->addArgument('secret_key', InputArgument::REQUIRED, 'secret_key');
+    }
+
+    protected function execute(InputInterface $input, OutputInterface $output)
+    {
+        $protocol = $input->getArgument('protocol');
+        $server = $input->getArgument('server');
+        $api_key = $input->getArgument('api_key');
+        $secret_key = $input->getArgument('secret_key');
+
+        // api client
+        $api = new APIClient($server, $api_key, $secret_key);
+        $api->setProtocol($protocol);
+
+        // test
+        $api->get('/capi/test');
+
+        // TODO: shift this out of the bundle, since it's project specific
+
+        // warranty register
+        $serial = 'AJ34LJADR12134LKJL5';
+        $plate_num = 'XEN918';
+        $params = [
+            'serial' => $serial,
+            'plate_number' => $plate_num,
+            'warranty_class' => 'private',
+            'sku' => 'WMEB24CB-CPN00-LX',
+            'date_purchase' => '20181001',
+            'date_expire' => '20191001',
+            'first_name' => 'First',
+            'last_name' => 'Last',
+            'mobile_number' => '09231234567',
+        ];
+        //$api->post('/capi/warranties', $params);
+
+        // get all warranties
+        $params = [
+            'order' => 'DESC',
+            'limit' => '5',
+            'start' => '1',
+        ];
+
+        //$api->get('/capi/warranties', $params);
+
+        
+        // warranty find
+        //$api->get('/capi/warranties/' . $serial);
+
+        // warranty update
+        $id = 86811;
+        $params = [
+            'serial' => $serial,
+            'plate_number' => $plate_num,
+            'warranty_class' => 'private',
+            'sku' => 'WMEB24CB-CPN00-LX',
+            'date_purchase' => '20181001',
+            'date_expire' => '20191001',
+            'first_name' => 'First',
+            'last_name' => 'Last',
+            'mobile_number' => '123456789111',
+        ];
+        //$api->post('/capi/warranties/'. $id, $params);
+
+        // warranty set privacy policy
+        $id = 86811;
+        $policy_id = 2;
+        $params = [
+            'privacy_policy_id' => $policy_id,
+        ];
+        //$api->post('/capi/warranties/' . $id .'/privacypolicy', $params);
+
+        // warranty claim
+        $id = 86811;
+        $serial = 'AJ34LJADR12134LKJL5';
+        $params = [
+            'serial' => $serial,
+        ];
+        //$api->post('/capi/warranties/' . $id . '/claim', $params);
+
+        // warranty cancel
+        $id = 86811;
+        //$api->get('/capi/warranties/' . $id . '/cancel');
+
+        // plate warranty
+        //$api->get('/capi/plates/' . $plate_num . '/warranties');
+
+        // warranty delete
+        $id = 86811;
+        //$api->post('/capi/warranties/' . $id . '/delete');
+
+        // battery
+        //$api->get('/capi/battery_brands');
+        //$api->get('/capi/battery_sizes');
+        //$api->get('/capi/batteries');
+
+        // vehicle
+        //$api->get('/capi/vehicle_manufacturers');
+        //$api->get('/capi/vehicles');
+
+        // privacy policy
+        $privacy_policy_id = 2;
+        //$api->get('/capi/privacy_policy/' . $privacy_policy_id );
+
+        // register new customer
+        $params = [
+            'first_name' => 'Krispups',
+            'last_name' =>'Porzindog',
+            'mobile_number' => '9221111111',
+            'v_make_id' => '22241',
+            'v_model_year' => '2018',
+            'v_plate_number' => 'KPP1234',
+            'v_color' => 'White',
+            'v_condition' => 'new',
+            'v_fuel_type' => 'gas',
+        ];
+        //$api->post('/capi/quick_registration', $params);
+
+        // get warranties given list of serial numbers
+        $serial_list = [
+            'AJ34LJADR12134LKJM4',
+            'AJ34LJADR12134LKJL5', 
+            'test',
+        ];
+
+        $params = [
+            'serial_list' => $serial_list,
+        ];
+
+        $api->post('/capi/warranties_list', $params); 
+    }
+}
--- a/catalyst/api-bundle/Command/TestCommand.php
+++ b/catalyst/api-bundle/Command/TestCommand.php
@ -0,0 +1,104 @@
+<?php
+
+namespace Catalyst\APIBundle\Command;
+
+use Symfony\Component\Console\Command\Command;
+use Symfony\Component\Console\Input\InputArgument;
+use Symfony\Component\Console\Input\InputOption;
+use Symfony\Component\Console\Input\InputInterface;
+use Symfony\Component\Console\Output\OutputInterface;
+use Symfony\Component\Security\Core\Encoder\EncoderFactoryInterface;
+
+use Catalyst\APIBundle\Connector\Client as APIClient;
+
+
+class TestCommand extends Command
+{
+    protected function configure()
+    {
+        $this->setName('api:test-connector')
+            ->setDescription('Test API connector.')
+            ->setHelp('Test API Connector.')
+            ->addArgument('protocol', InputArgument::REQUIRED, 'protocol')
+            ->addArgument('server', InputArgument::REQUIRED, 'server')
+            ->addArgument('api_key', InputArgument::REQUIRED, 'api_key')
+            ->addArgument('secret_key', InputArgument::REQUIRED, 'secret_key');
+    }
+
+    protected function execute(InputInterface $input, OutputInterface $output)
+    {
+        $protocol = $input->getArgument('protocol');
+        $server = $input->getArgument('server');
+        $api_key = $input->getArgument('api_key');
+        $secret_key = $input->getArgument('secret_key');
+
+        // api client
+        $api = new APIClient($server, $api_key, $secret_key);
+        $api->setProtocol($protocol);
+
+        // test
+        $api->get('/capi/test');
+
+        // TODO: shift this out of the bundle, since it's project specific
+
+
+        // warranty register
+        $serial = 'AJ34LJADR12134LKJL5';
+        $plate_num = 'XEN918';
+        $params = [
+            'serial' => $serial,
+            'plate_number' => $plate_num,
+            'warranty_class' => 'private',
+            'sku' => 'WMEB24CB-CPN00-LX',
+            'date_purchase' => '20181001',
+            'date_expire' => '20191001',
+            'first_name' => 'First',
+            'last_name' => 'Last',
+            'mobile_number' => '12345678910',
+        ];
+        $api->post('/capi/warranties', $params);
+
+        // get all warranties
+        $api->get('/capi/warranties');
+
+        
+        /*
+        // warranty find
+        $api->get('/capi/warranties/' . $serial);
+        */
+
+        // warranty claim
+        $id = 86811;
+        $serial = 'AJ34LJADR12134LKJL';
+        $params = [
+            'serial' => $serial,
+        ];
+        $api->post('/capi/warranties/' . $id . '/claim', $params);
+
+        // add battery
+        $sku = 'WZMB31QT-CPP00-S';
+        $brand_id = '4';
+        $size_id = '1';
+        $params = [
+            'sku' => $sku,
+            'brand_id' => $brand_id,
+            'size_id' => $size_id,
+        ];
+        $api->post('/capi/batteries', $params);
+
+        /*
+
+        // plate warranty
+        $api->get('/capi/plates/' . $plate_num . '/warranties');
+
+        // battery
+        $api->get('/capi/battery_brands');
+        $api->get('/capi/battery_sizes');
+        $api->get('/capi/batteries');
+
+        // vehicle
+        // $api->get('/capi/vehicle_manufacturers');
+        // $api->get('/capi/vehicles');
+        */
+    }
+}
--- a/catalyst/api-bundle/Command/UserCreateCommand.php
+++ b/catalyst/api-bundle/Command/UserCreateCommand.php
@ -0,0 +1,49 @@
+<?php
+
+namespace Catalyst\APIBundle\Command;
+
+use Symfony\Component\Console\Command\Command;
+use Symfony\Component\Console\Input\InputArgument;
+use Symfony\Component\Console\Input\InputOption;
+use Symfony\Component\Console\Input\InputInterface;
+use Symfony\Component\Console\Output\OutputInterface;
+use Symfony\Component\Security\Core\Encoder\EncoderFactoryInterface;
+use Doctrine\ORM\EntityManagerInterface;
+
+use Catalyst\APIBundle\Entity\User;
+
+class UserCreateCommand extends Command
+{
+    protected $em;
+
+    public function __construct(EntityManagerInterface $em)
+    {
+        $this->em = $em;
+
+        parent::__construct();
+    }
+
+    protected function configure()
+    {
+        $this->setName('api:user-create')
+            ->setDescription('Create new API user.')
+            ->setHelp('Creates new API user and saves to database.')
+            ->addArgument('name', InputArgument::REQUIRED, 'name');
+    }
+
+    protected function execute(InputInterface $input, OutputInterface $output)
+    {
+        $name = $input->getArgument('name');
+
+        $user = new User();
+        $user->setName($name);
+
+        $this->em->persist($user);
+        $this->em->flush();
+
+        $output->write('API Key - ' . $user->getAPIKey() . "\n");
+        $output->write('Secret Key - ' . $user->getSecretKey() . "\n");
+    }
+
+
+}
--- a/catalyst/api-bundle/Connector/Client.php
+++ b/catalyst/api-bundle/Connector/Client.php
@ -0,0 +1,151 @@
+<?php
+
+namespace Catalyst\APIBundle\Connector;
+
+use DateTime;
+
+class Client
+{
+    const HEADER_API_KEY        = 'X-Cata-API-Key';
+    const HEADER_SIGNATURE      = 'X-Cata-Signature';
+    const HEADER_DATE           = 'X-Cata-Date';
+
+    const DATE_FORMAT           = 'D, d M Y H:i:s T';
+
+    const USER_AGENT            = 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36';
+
+    protected $protocol;
+    protected $server;
+    protected $port;
+    protected $api_key;
+    protected $secret_key;
+
+    protected $curl;
+
+    public function __construct($server, $api_key, $secret_key)
+    {
+        $this->protocol = 'https';
+        $this->port = null;
+
+        $this->server = $server;
+        $this->api_key = $api_key;
+        $this->secret_key = $secret_key;
+        $this->curl = curl_init();
+    }
+
+    public function __destruct()
+    {
+        curl_close($this->curl);
+    }
+
+    public function setProtocol($protocol)
+    {
+        if ($protocol != 'http' && $protocol != 'https')
+            return $this;
+
+        $this->protocol = $protocol;
+        return $this;
+    }
+
+    protected function getDateString()
+    {
+        $date = new DateTime();
+        return $date->format(self::DATE_FORMAT);
+    }
+
+    public function get($url, $params = [])
+    {
+        curl_reset($this->curl);
+
+        $date_string = $this->getDateString();
+        $headers = $this->generateHeaders('GET', $url, $date_string);
+
+        // build query string
+        if (count($params) > 0)
+            $query_string = '?' . http_build_query($params);
+        else
+            $query_string = '';
+
+        // build url
+        if ($this->port == null)
+            $full_url = $this->protocol . '://' . $this->server . $url . $query_string;
+        else
+            $full_url = $this->protocol . '://' . $this->server . ':' . $this->port . $url . $query_string;
+
+        error_log($full_url);
+
+        // curl
+        // curl_setopt($this->curl, CURLOPT_VERBOSE, true);
+        curl_setopt($this->curl, CURLOPT_URL, $full_url);
+        curl_setopt($this->curl, CURLOPT_HTTPHEADER, $headers);
+        curl_setopt($this->curl, CURLOPT_USERAGENT, self::USER_AGENT);
+        curl_setopt($this->curl, CURLOPT_RETURNTRANSFER, true);
+        curl_setopt($this->curl, CURLOPT_TIMEOUT, 0);
+
+        $res = curl_exec($this->curl);
+        error_log($res);
+    }
+
+    public function post($url, $params = [])
+    {
+        curl_reset($this->curl);
+
+        $date_string = $this->getDateString();
+        $headers = $this->generateHeaders('POST', $url, $date_string);
+
+        // build query string
+        $query_string = http_build_query($params);
+
+        // build url
+        if ($this->port == null)
+            $full_url = $this->protocol . '://' . $this->server . $url;
+        else
+            $full_url = $this->protocol . '://' . $this->server . ':' . $this->port . $url;
+
+        error_log($full_url);
+
+        // curl
+        // curl_setopt($this->curl, CURLOPT_VERBOSE, true);
+        curl_setopt($this->curl, CURLOPT_URL, $full_url);
+		curl_setopt($this->curl, CURLOPT_POST, true);
+		curl_setopt($this->curl, CURLOPT_POSTFIELDS, $query_string);
+        curl_setopt($this->curl, CURLOPT_HTTPHEADER, $headers);
+        curl_setopt($this->curl, CURLOPT_USERAGENT, self::USER_AGENT);
+        curl_setopt($this->curl, CURLOPT_RETURNTRANSFER, true);
+        curl_setopt($this->curl, CURLOPT_TIMEOUT, 0);
+
+        $res = curl_exec($this->curl);
+        error_log($res);
+    }
+
+    protected function generateSignature($method, $url, $date_string)
+    {
+        $creds = [
+            $method,
+            $url,
+            $date_string,
+            $this->secret_key,
+        ];
+        $sig_source = implode('|', $creds);
+
+        error_log('SIG SOURCE - ' . $sig_source);
+
+        $raw_sig = hash_hmac('sha1', $sig_source, $this->secret_key, true);
+        $enc_sig = base64_encode($raw_sig);
+
+        return $enc_sig;
+    }
+
+    protected function generateHeaders($method, $url, $date_string)
+    {
+        $sig = $this->generateSignature($method, $url, $date_string);
+
+        $headers = [
+			self::HEADER_API_KEY . ': ' . $this->api_key,
+            self::HEADER_SIGNATURE . ': ' . $sig,
+            self::HEADER_DATE . ': ' . $date_string,
+        ];
+
+        return $headers;
+    }
+}
--- a/catalyst/api-bundle/Controller/APIController.php
+++ b/catalyst/api-bundle/Controller/APIController.php
@ -0,0 +1,42 @@
+<?php
+
+namespace Catalyst\APIBundle\Controller;
+
+use Symfony\Bundle\FrameworkBundle\Controller\Controller;
+use Symfony\Component\HttpFoundation\Request;
+
+abstract class APIController extends Controller
+{
+    protected function checkRequiredParameters(Request $req, $params = [])
+    {
+        $missing = [];
+
+        // check if parameters are there
+        foreach ($params as $param)
+        {
+            if ($req->getMethod() == 'GET')
+            {
+                $check = $req->query->get($param);
+                if (empty($check))
+                    $missing[] = $param;
+            }
+            // else if ($req->getMethod() == 'POST')
+            else
+            {
+                $check = $req->request->get($param);
+                //if (empty($check))
+                if (!isset($check))
+                    $missing[] = $param;
+            }
+        }
+
+        // check missing parameters
+        if (count($missing) > 0)
+        {
+            $miss_string = implode(', ', $missing);
+            return 'Missing required parameter(s): ' . $miss_string;
+        }
+
+        return false;
+    }
+}
--- a/catalyst/api-bundle/DataFixtures/APIRoleFixtures.php
+++ b/catalyst/api-bundle/DataFixtures/APIRoleFixtures.php
@ -0,0 +1,20 @@
+<?php
+
+namespace Catalyst\APIBundle\DataFixtures;
+
+use Catalyst\APIBundle\Entity\Role;
+use Doctrine\Bundle\FixturesBundle\Fixture;
+use Doctrine\Common\Persistence\ObjectManager;
+
+class APIRoleFixtures extends Fixture
+{
+    public function load(ObjectManager $em)
+    {
+        // setup super user account
+        $role = new Role();
+        $role->setID(Role::SUPER_ADMIN)
+            ->setName('Super Administrator');
+        $em->persist($role);
+        $em->flush();
+    }
+}
--- a/catalyst/api-bundle/Entity/Role.php
+++ b/catalyst/api-bundle/Entity/Role.php
@ -0,0 +1,28 @@
+<?php
+
+namespace Catalyst\APIBundle\Entity;
+
+use Catalyst\AuthBundle\Entity\Role as BaseRole;
+
+use Doctrine\ORM\Mapping as ORM;
+use Doctrine\Common\Collections\ArrayCollection;
+use Symfony\Bridge\Doctrine\Validator\Constraints\UniqueEntity;
+
+/**
+ * @ORM\Entity
+ * @ORM\Table(name="api_role")
+ * @UniqueEntity("id")
+ * @UniqueEntity("name")
+ */
+class Role extends BaseRole
+{
+    /**
+     * @ORM\ManyToMany(targetEntity="User", mappedBy="roles", fetch="EXTRA_LAZY")
+     */
+    protected $users;
+
+    public function __construct()
+    {
+        parent::__construct();
+    }
+}
--- a/catalyst/api-bundle/Entity/User.php
+++ b/catalyst/api-bundle/Entity/User.php
@ -0,0 +1,148 @@
+<?php
+
+namespace Catalyst\APIBundle\Entity;
+
+use Catalyst\AuthBundle\Entity\User as BaseUser;
+
+use Symfony\Component\Security\Core\User\UserInterface;
+use Doctrine\ORM\Mapping as ORM;
+use Doctrine\ORM\Mapping\JoinColumn;
+use Doctrine\Common\Collections\ArrayCollection;
+use DateTime;
+
+/**
+ * @ORM\Entity
+ * @ORM\Table(name="api_user")
+ */
+class User extends BaseUser
+{
+     /**
+     * @ORM\Id
+     * @ORM\Column(type="integer")
+     * @ORM\GeneratedValue(strategy="AUTO")
+     */
+    protected $id;
+
+    // api key 
+    /**
+     * @ORM\Column(type="string", length=32)
+     */
+    protected $api_key;
+
+    // secret key
+    /**
+     * @ORM\Column(type="string", length=32)
+     */
+    protected $secret_key;
+
+    /**
+     * @ORM\Column(type="string", length=80)
+     */
+    protected $name;
+
+    // date created
+    /**
+     * @ORM\Column(type="datetime")
+     */
+    protected $date_create;
+
+    // roles
+    /**
+     * @ORM\ManyToMany(targetEntity="Role", inversedBy="users")
+     * @ORM\JoinTable(name="api_user_role")
+     */
+    protected $roles;
+
+    public function __construct()
+    {
+        parent::__construct();
+
+        // generate keys
+        $this->setAPIKey($this->generateAPIKey())
+            ->setSecretKey($this->generateSecretKey());
+
+        // set date created
+        $this->date_create = new DateTime();
+    }
+
+    public function getID()
+    {
+        return $this->id;
+    }
+
+    public function setAPIKey($api_key)
+    {
+        $this->api_key = $api_key;
+        return $this;
+    }
+
+    public function getAPIKey()
+    {
+        return $this->api_key;
+    }
+
+    public function setSecretKey($key)
+    {
+        $this->secret_key = $key;
+        return $this;
+    }
+
+    public function getSecretKey()
+    {
+        return $this->secret_key;
+    }
+
+    public function setName($name)
+    {
+        $this->name = $name;
+        return $this;
+    }
+
+    public function getName()
+    {
+        return $this->name;
+    }
+
+    public function getDateCreate()
+    {
+        return $this->date_create;
+    }
+
+    public function getPassword()
+    {
+        // we don't need this for API
+        return 'notneeded';
+    }
+
+    public function getSalt()
+    {
+        return null;
+    }
+
+    public function getUsername()
+    {
+        // since it's an api, the api key IS the username
+        return $this->api_key;
+    }
+
+    public function eraseCredentials()
+    {
+        return;
+    }
+
+    public function generateAPIKey()
+    {
+        return $this->generateKey('api');
+    }
+
+    public function generateSecretKey()
+    {
+        return $this->generateKey('secret');
+    }
+
+    protected function generateKey($prefix = '')
+    {
+        return md5(uniqid($prefix, true));
+    }
+}
+
--- a/catalyst/api-bundle/Response/APIResponse.php
+++ b/catalyst/api-bundle/Response/APIResponse.php
@ -0,0 +1,20 @@
+<?php
+
+namespace Catalyst\APIBundle\Response;
+
+use Symfony\Component\HttpFoundation\JsonResponse;
+
+class APIResponse extends JsonResponse
+{
+    public function __construct($success = true, $message = '', $data = null, $status = 200, $headers = [])
+    {
+        $data = [
+            'success' => (bool) $success,
+            'message' =>  (string) $message,
+            'data' => $data,
+        ];
+        parent::__construct($data, $status, $headers);
+    }
+}
+
+
--- a/catalyst/api-bundle/Security/APIKeyAuthenticator.php
+++ b/catalyst/api-bundle/Security/APIKeyAuthenticator.php
@ -0,0 +1,160 @@
+<?php
+
+namespace Catalyst\APIBundle\Security;
+
+use Symfony\Component\HttpFoundation\Request;
+use Symfony\Component\HttpFoundation\JsonResponse;
+use Symfony\Component\Security\Core\Authentication\Token\PreAuthenticatedToken;
+use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
+use Symfony\Component\Security\Core\Exception\AuthenticationException;
+use Symfony\Component\Security\Core\Exception\CustomUserMessageAuthenticationException;
+use Symfony\Component\Security\Core\Exception\BadCredentialsException;
+use Symfony\Component\Security\Core\User\UserProviderInterface;
+use Symfony\Component\Security\Http\Authentication\SimplePreAuthenticatorInterface;
+use Symfony\Component\Security\Http\Authentication\AuthenticationFailureHandlerInterface;
+
+use Doctrine\ORM\EntityManagerInterface;
+
+use DateTime;
+
+class APIKeyAuthenticator implements SimplePreAuthenticatorInterface, AuthenticationFailureHandlerInterface
+{
+    const HEADER_API_KEY        = 'X-Cata-API-Key';
+    const HEADER_SIGNATURE      = 'X-Cata-Signature';
+    const HEADER_DATE           = 'X-Cata-Date';
+
+    const DATE_FORMAT           = 'D, d M Y H:i:s T';
+
+    // 30 minute time limit
+    const TIME_LIMIT            = 1800;
+
+    protected $em;
+
+    public function __construct(EntityManagerInterface $em)
+    {
+        $this->em = $em;
+    }
+
+    protected function validateSignature($creds, $secret_key)
+    {
+        $elements = [
+            $creds['method'],
+            $creds['uri'],
+            $creds['date'],
+            $secret_key,
+        ];
+        $sig_source = implode('|', $elements);
+
+        error_log($sig_source);
+
+        // generate signature
+        $raw_sig = hash_hmac('sha1', $sig_source, $secret_key, true);
+        $enc_sig = base64_encode($raw_sig);
+
+        error_log($enc_sig);
+
+        if ($enc_sig != trim($creds['signature']))
+            throw new CustomUserMessageAuthenticationException('Invalid signature.');
+
+    }
+
+    public function createToken(Request $req, $provider_key)
+    {
+        // api key header
+        $api_key = $req->headers->get(self::HEADER_API_KEY);
+        if ($api_key == null)
+            throw new BadCredentialsException('No API key sent.');
+
+        // check date from headers
+        $hdate_string = $req->headers->get(self::HEADER_DATE);
+        if ($hdate_string == null)
+            throw new BadCredentialsException('No date specified.');
+
+        $hdate = DateTime::createFromFormat(self::DATE_FORMAT, $hdate_string);
+        if ($hdate == null)
+            throw new BadCredentialsException('Invalid date specified.');
+
+        // get number of seconds difference
+        $date_now = new DateTime();
+        $date_diff = abs($date_now->getTimestamp() - $hdate->getTimestamp());
+
+        // time difference is too much
+        if ($date_diff > self::TIME_LIMIT)
+            throw new BadCredentialsException('Clock synchronization error.');
+
+        // signature header
+        $sig = $req->headers->get(self::HEADER_SIGNATURE);
+        if ($sig == null)
+            throw new BadCredentialsException('No signature sent.');
+
+        // credentials
+        $creds = [
+            'api_key' => $api_key,
+            'date' => $hdate_string,
+            'signature' => $sig,
+            'method' => $req->getRealMethod(),
+            'uri' => $req->getPathInfo(),
+        ];
+
+        return new PreAuthenticatedToken(
+            'anonymous',
+            $creds,
+            $provider_key
+        );
+    }
+
+    public function supportsToken(TokenInterface $token, $provider_key)
+    {
+        return $token instanceof PreAuthenticatedToken && $token->getProviderKey() === $provider_key;
+    }
+
+    public function authenticateToken(TokenInterface $token, UserProviderInterface $user_provider, $provider_key)
+    {
+        if (!$user_provider instanceof APIKeyUserProvider)
+        {
+            throw new \InvalidArgumentException(
+                sprintf(
+                    'The user provider must be an instance of APIKeyUserProvider (%s was given).',
+                    get_class($user_provider)
+                )
+            );
+        }
+
+        $creds = $token->getCredentials();
+        $api_key = $creds['api_key'];
+        $user = $user_provider->getUserByAPIKey($api_key);
+
+        // check if api key is valid
+        if (!$user)
+            throw new CustomUserMessageAuthenticationException('Invalid API Key');
+
+        // check if signature is valid
+        $this->validateSignature($creds, $user->getSecretKey());
+
+        // check if user is enabled
+        if (!$user->isEnabled())
+        {
+            throw new CustomUserMessageAuthenticationException('User account is disabled');
+        }
+
+        // $user = $user_provider->loadUserByUsername($username);
+
+        return new PreAuthenticatedToken(
+            $user,
+            $api_key,
+            $provider_key,
+            $user->getRoles()
+        );
+    }
+
+    public function onAuthenticationFailure(Request $req, AuthenticationException $exception)
+    {
+        $data = [
+            'success' => false,
+            'error' => [
+                'message' => $exception->getMessage(),
+            ],
+        ];
+        return new JsonResponse($data, 401);
+    }
+}
--- a/catalyst/api-bundle/Security/APIKeyUserProvider.php
+++ b/catalyst/api-bundle/Security/APIKeyUserProvider.php
@ -0,0 +1,62 @@
+<?php
+
+namespace Catalyst\APIBundle\Security;
+
+use Symfony\Component\Security\Core\User\UserProviderInterface;
+use Symfony\Component\Security\Core\User\UserInterface;
+use Symfony\Component\Security\Core\Exception\UnsupportedUserException;
+
+use Doctrine\ORM\EntityManagerInterface;
+
+use Catalyst\APIBundle\Entity\User;
+
+class APIKeyUserProvider implements UserProviderInterface
+{
+    protected $em;
+
+	public function __construct(EntityManagerInterface $em)
+	{
+        $this->em = $em;
+	}
+
+    public function getUserByAPIKey($api_key)
+    {
+        $user = $this->em->getRepository(User::class)->findOneBy(array('api_key' => $api_key));
+
+        return $user;
+    }
+
+    public function getUsernameForAPIKey($apiKey)
+    {
+        // Look up the username based on the token in the database, via
+        // an API call, or do something entirely different
+		$username = 'test';
+
+        return $username;
+    }
+
+    public function loadUserByUsername($username)
+    {
+        return new User(
+            $username,
+            null,
+            // the roles for the user - you may choose to determine
+            // these dynamically somehow based on the user
+            array('ROLE_API')
+        );
+    }
+
+    public function refreshUser(UserInterface $user)
+    {
+        // this is used for storing authentication in the session
+        // but in this example, the token is sent in each request,
+        // so authentication can be stateless. Throwing this exception
+        // is proper to make things stateless
+        throw new UnsupportedUserException();
+    }
+
+    public function supportsClass($class)
+    {
+        return User::class === $class;
+    }
+}
--- a/catalyst/api-bundle/Service/AccessDeniedHandler.php
+++ b/catalyst/api-bundle/Service/AccessDeniedHandler.php
@ -0,0 +1,18 @@
+<?php
+
+namespace Catalyst\APIBundle\Service;
+
+use Symfony\Component\HttpFoundation\Request;
+use Symfony\Component\HttpFoundation\Response;
+use Symfony\Component\Security\Core\Exception\AccessDeniedException;
+use Symfony\Component\Security\Http\Authorization\AccessDeniedHandlerInterface;
+
+class AccessDeniedHandler implements AccessDeniedHandlerInterface
+{
+    public function handle(Request $req, AccessDeniedException $exception)
+    {
+        $content = $exception->getMessage();
+
+        return new Response($content, 403);
+    }
+}
--- a/composer.json
+++ b/composer.json
@ -2,44 +2,18 @@
    "type": "project",
    "license": "proprietary",
    "repositories": [
-        {
-            "type": "vcs",
-            "url": "https://github.com/jankstudio/doctrine2-spatial.git"
-        },
-        {
-            "type": "vcs",
-            "url": "git@gitlab.com:jankstudio1/catalyst-2/api-bundle.git"
-        },
-        {
-            "type": "vcs",
-            "url": "git@gitlab.com:jankstudio1/catalyst-2/auth-bundle.git"
-        },
-        {
-            "type": "vcs",
-            "url": "git@gitlab.com:jankstudio1/catalyst-2/menu-bundle.git"
-        },
-        {
-            "type": "vcs",
-            "url": "https://github.com/arcticzero/php-fcm.git"
-        }
+        { "type": "vcs", "url": "git@gitlab.com:jankstudio-catalyst/auth-bundle.git" },
+        { "type": "vcs", "url": "git@gitlab.com:jankstudio-catalyst/menu-bundle.git" }
    ],
    "require": {
        "php": "^7.1.3",
        "ext-iconv": "*",
-        "composer/package-versions-deprecated": "1.11.99.4",
+        "catalyst/auth-bundle": "dev-master",
+        "catalyst/menu-bundle": "dev-master",
+        "creof/doctrine2-spatial": "^1.2",
        "data-dog/audit-bundle": "^0.1.10",
-        "doctrine/common": "^2",
-        "doctrine/doctrine-bundle": "^2",
-        "doctrine/doctrine-migrations-bundle": "^2",
-        "doctrine/orm": "^2",
-        "edwinhoksberg/php-fcm": "dev-notif-priority-hotfix",
+        "edwinhoksberg/php-fcm": "^1.0",
        "guzzlehttp/guzzle": "^6.3",
-        "hashids/hashids": "^4.1",
-        "jankstudio/catalyst-api-bundle": "dev-master",
-        "jankstudio/catalyst-auth-bundle": "dev-master",
-        "jankstudio/catalyst-menu-bundle": "dev-master",
-        "jankstudio/doctrine-spatial": "dev-master",
-        "microsoft/azure-storage-blob": "^1.5",
        "predis/predis": "^1.1",
        "sensio/framework-extra-bundle": "^5.1",
        "setasign/fpdf": "^1.8",
@ -50,8 +24,9 @@
        "symfony/flex": "^1.0",
        "symfony/framework-bundle": "^4.0",
        "symfony/maker-bundle": "^1.0",
-        "symfony/monolog-bundle": "^3.7",
+        "symfony/orm-pack": "^1.0",
        "symfony/process": "^4.0",
+        "symfony/profiler-pack": "^1.0",
        "symfony/security-bundle": "^4.0",
        "symfony/translation": "^4.0",
        "symfony/twig-bundle": "^4.0",
@ -61,24 +36,18 @@
    "require-dev": {
        "doctrine/doctrine-fixtures-bundle": "^3.0",
        "symfony/dotenv": "^4.0",
-        "symfony/stopwatch": "^4.0",
-        "symfony/thanks": "^1.0",
-        "symfony/web-profiler-bundle": "^4.0"
+        "symfony/thanks": "^1.0"
    },
    "config": {
        "preferred-install": {
            "*": "dist"
        },
-        "sort-packages": true,
-        "allow-plugins": {
-            "composer/package-versions-deprecated": true,
-            "symfony/flex": true,
-            "symfony/thanks": true
-        }
+        "sort-packages": true
    },
    "autoload": {
        "psr-4": {
-            "App\\": "src/"
+            "App\\": "src/",
+            "Catalyst\\APIBundle\\": "catalyst/api-bundle/"
        }
    },
    "autoload-dev": {
--- a/composer.lock
+++ b/composer.lock
--- a/config/acl.yaml
+++ b/config/acl.yaml
@ -272,8 +272,6 @@ access_keys:
          label: Hub View
        - id: jo_cancel.fulfill
          label: Fulfill Cancelled JO
-        - id: jo_resq_proc.list
-          label: RESQ Dispatch

    - id: support
      label: Customer Support Access
@ -344,14 +342,6 @@ access_keys:
          label: Auto Assigned Job Order Report
        - id: report.jo.advance_order
          label: Advance Order Job Order Report
-        - id: report.customer.source
-          label: Customer Source Report
-        - id: report.hub.filter
-          label: Hub Filter Report
-        - id: report.warranty.raffle
-          label: Warranty Raffle Report
-        - id: report.jo.raffle
-          label: JO Raffle Report

    - id: service
      label: Other Services
@ -496,107 +486,3 @@ access_keys:
          label: Update
        - id: sap_csize.delete
          label: Delete
-
-    - id: customer_tag
-      label: Customer Tags Access
-      acls:
-        - id: customer_tag.menu
-          label: Menu
-        - id: customer_tag.list
-          label: List
-        - id: customer_tag.add
-          label: Add
-        - id: customer_tag.update
-          label: Update
-        - id: customer_tag.delete
-          label: Delete
-
-    - id: dealer
-      label: Dealer Access
-      acls:
-        - id: dealer.menu
-          label: Menu
-        - id: dealer.list
-          label: List
-        - id: dealer.add
-          label: Add
-        - id: dealer.update
-          label: Update
-        - id: dealer.delete
-          label: Delete
-
-    - id: database
-      label: Database Access
-      acls:
-        - id: database.menu
-          label: Menu
-
-    - id: ticket_type
-      label: Ticket Type Access
-      acls:
-        - id: ticket_type.menu
-          label: Menu
-        - id: ticket_type.list
-          label: List
-        - id: ticket_type.add
-          label: Add
-        - id: ticket_type.update
-          label: Update
-        - id: ticket_type.delete
-          label: Delete
-
-    - id: subticket_type
-      label: Sub Ticket Type Access
-      acls:
-        - id: subticket_type.menu
-          label: Menu
-        - id: subticket_type.list
-          label: List
-        - id: subticket_type.add
-          label: Add
-        - id: subticket_type.update
-          label: Update
-        - id: subticket_type.delete
-          label: Delete
-
-    - id: emergency_type
-      label: Emergency Type Access
-      acls: 
-        - id: emergency_type.menu
-          label: Menu
-        - id: emergency_type.list
-          label: List
-        - id: emergency_type.add
-          label: Add
-        - id: emergency_type.update
-          label: Update
-        - id: emergency_type.delete
-          label: Delete
-
-    - id: ownership_type
-      label: Ownership Type Access
-      acls:
-        - id: ownership_type.menu
-          label: Menu
-        - id: ownership_type.list
-          label: List
-        - id: ownership_type.add
-          label: Add
-        - id: ownership_type.update
-          label: Update
-        - id: ownership_type.delete
-          label: Delete
-
-    - id: customer_location
-      label: Customer Location Access
-      acls:
-        - id: cust_location.menu
-          label: Menu
-        - id: cust_location.list
-          label: List
-        - id: cust_location.add
-          label: Add
-        - id: cust_location.update
-          label: Update
-        - id: cust_location.delete
-          label: Delete
--- a/config/api_acl.yaml
+++ b/config/api_acl.yaml
@ -57,68 +57,3 @@ access_keys:
      acls:
        - id: customer.register
          label: Register Customer
-        - id: customer.verify
-          label: Verify Customer
-    - id: municipality
-      label: Municipality
-      acls:
-        - id: municipality.list
-          label: List
-    - id: dealer
-      label: Dealer
-      acls:
-        - id: dealer.list
-          label: List
-    - id: warrantyserial
-      label: Warranty Serial
-      acls:
-        - id: warrantyserial.upload
-          label: Upload
-
-    - id: tapi_vmanufacturer
-      label: Third Party Vehicle Manufacturer Access
-      acls:
-        - id: tapi_vmanufacturer.list
-          label: List Third Party Vehicle Manufacturers
-    - id: tapi_vehicle
-      label: Third Party Vehicle Make Access
-      acls:
-         - id: tapi_vehicle.list
-           label: List Third Party Vehicles
-    - id: tapi_promo
-      label: Third Party Promo Access
-      acls:
-        - id: tapi_promo.list
-          label: List Third Party Promos
-    - id: tapi_battery
-      label: Third Party Battery Access
-      acls:
-        - id: tapi_battery_compatible.list
-          label: List Third Party Compatible Batteries
-    - id: tapi_jo
-      label: Third Party Job Order Access
-      acls:
-        - id: tapi_jo.request
-          label: Third Party Request Job Order
-        - id: tapi_jo.get.estimate
-          label: Third Party Get Estimate
-        - id: tapi_jo.get.ongoing
-          label: Third Party Get Ongoing Job Order
-        - id: tapi_jo.cancel
-          label: Third Party Cancel Job Order
-        - id: tapi_jo.get.invoice
-          label: Third Party Get Job Order Invoice
-        - id: tapi_jo.location.support
-          label: Third Party Check Location Support
-        - id: tapi_jo.nearest_hub.get
-          label: Third Party Get Nearest Hub and Slots
-        - id: tapi_jo.schedule_option.status
-          label: Third Party Schedule Option Status
-        - id: tapi_jo.get.info
-          label: Third Party Get Job Order Info
-    - id: tapi_service
-      label: Third Party Service Access
-      acls:
-        - id: tapi_service.list
-          label: List Third Party Services
-
--- a/config/bundles.php
+++ b/config/bundles.php
@ -2,6 +2,7 @@

 return [
    Symfony\Bundle\FrameworkBundle\FrameworkBundle::class => ['all' => true],
+    Doctrine\Bundle\DoctrineCacheBundle\DoctrineCacheBundle::class => ['all' => true],
    Doctrine\Bundle\DoctrineBundle\DoctrineBundle::class => ['all' => true],
    Doctrine\Bundle\MigrationsBundle\DoctrineMigrationsBundle::class => ['all' => true],
    Symfony\Bundle\SecurityBundle\SecurityBundle::class => ['all' => true],
@ -10,8 +11,7 @@ return [
    Symfony\Bundle\TwigBundle\TwigBundle::class => ['all' => true],
    Doctrine\Bundle\FixturesBundle\DoctrineFixturesBundle::class => ['dev' => true, 'test' => true],
    Symfony\Bundle\WebProfilerBundle\WebProfilerBundle::class => ['dev' => true, 'test' => true],
-    Symfony\Bundle\MonologBundle\MonologBundle::class => ['all' => true],
-    Catalyst\ApiBundle\CatalystApiBundle::class => ['all' => true],
+    Catalyst\APIBundle\CatalystAPIBundle::class => ['all' => true],
    Catalyst\AuthBundle\CatalystAuthBundle::class => ['all' => true],
    Catalyst\MenuBundle\CatalystMenuBundle::class => ['all' => true],
 ];
--- a/config/cmb.services.yaml
+++ b/config/cmb.services.yaml
@ -42,6 +42,20 @@ services:
            $cache_dir: "%kernel.cache_dir%"
            $config_dir: "%kernel.root_dir%/../config"

+    Catalyst\AuthBundle\Service\ACLGenerator:
+        arguments:
+            $router: "@router.default"
+            $cache_dir: "%kernel.cache_dir%"
+            $config_dir: "%kernel.root_dir%/../config"
+            $acl_file: "%app_acl_file%"
+
+    Catalyst\AuthBundle\Service\ACLVoter:
+        arguments:
+            $user_class: "App\\Entity\\User"
+        tags: ['security.voter']
+
+    Catalyst\AuthBundle\Service\UserChecker:
+
    App\Service\FileUploader:
        arguments:
            $target_dir: '%image_upload_directory%'
@ -100,6 +114,50 @@ services:
        arguments:
            $redis_client: "@App\\Service\\RedisClientProvider"

+    Catalyst\APIBundle\Security\APIKeyUserProvider:
+        arguments:
+            $em: "@doctrine.orm.entity_manager"
+
+    Catalyst\APIBundle\Security\APIKeyAuthenticator:
+        arguments:
+            $em: "@doctrine.orm.entity_manager"
+
+    Catalyst\APIBundle\Command\UserCreateCommand:
+        arguments:
+            $em: "@doctrine.orm.entity_manager"
+        tags: ['console.command'] 
+
+    Catalyst\APIBundle\Command\TestCommand:
+        tags: ['console.command']
+
+    Catalyst\APIBundle\Command\TestAPICommand:
+        tags: ['console.command']
+
+    Catalyst\APIBundle\Access\Voter:
+        arguments:
+            $acl_gen: "@Catalyst\\APIBundle\\Access\\Generator"
+            $user_class: "Catalyst\\APIBundle\\Entity\\User"
+        tags: ['security.voter'] 
+
+    Catalyst\APIBundle\Access\Generator:
+        arguments:
+            $router: "@router.default"
+            $cache_dir: "%kernel.cache_dir%"
+            $config_dir: "%kernel.root_dir%/../config"
+            $acl_file: "%api_acl_file%"
+
+    Catalyst\MenuBundle\Menu\Generator:
+        arguments:
+            $router: "@router.default"
+            $cache_dir: "%kernel.cache_dir%"
+            $config_dir: "%kernel.root_dir%/../config"
+
+    Catalyst\MenuBundle\Listener\MenuAnnotationListener:
+        arguments:
+            $menu_name: "main_menu"
+        tags:
+            - { name: kernel.event_listener, event: kernel.controller, method: onKernelController }
+
    # invoice generator
    App\Service\InvoiceGenerator\CMBInvoiceGenerator: ~

--- a/config/menu.yaml
+++ b/config/menu.yaml
@ -110,10 +110,6 @@ main_menu:
      acl: hub.menu
      label: Hub
      parent: location
-    - id: dealer_list
-      acl: dealer.list
-      label: Dealer
-      parent: location
    - id: geofence_list
      acl: geofence.menu
      label: Geofence
@ -132,10 +128,6 @@ main_menu:
      acl: jo_proc.list
      label: Dispatch
      parent: joborder
-    - id: jo_resq_proc
-      acl: jo_resq_proc.list
-      label: RESQ Dispatch
-      parent: joborder
    - id: jo_assign
      acl: jo_assign.list
      label: Rider Assignment
@ -193,10 +185,6 @@ main_menu:
      acl: static_content.list
      label: Static Content
      parent: support
-    - id: customertag_list
-      acl: customer_tag.list
-      label: Customer Tags
-      parent: support

    - id: service
      acl: service.menu
@ -228,28 +216,3 @@ main_menu:
      acl: analytics.forecast
      label: Forecasting
      parent: analytics
-
-    - id: database
-      acl: database.menu
-      label: Database
-      icon: fa fa-database
-    - id: ticket_type_list
-      acl: ticket_type.menu
-      label: Ticket Types
-      parent: database
-    - id: subticket_type_list
-      acl: subticket_type.menu
-      label: Sub Ticket Types
-      parent: database
-    - id: emergency_type_list
-      acl: emergency_type.menu
-      label: Emergency Types
-      parent: database 
-    - id: ownership_type_list
-      acl: ownership_type.menu
-      label: Ownership Types
-      parent: database
-    - id: customer_location_list
-      acl: cust_location.menu
-      label: Customer Locations
-      parent: database
--- a/config/packages/catalyst_auth.yaml
+++ b/config/packages/catalyst_auth.yaml
@ -1,944 +0,0 @@
-catalyst_auth:
-    main:
-        user_entity: "App\\Entity\\User"
-        acl_data: 
-            - id: dashboard
-              label: Dashboard Access
-              acls:
-                - id: dashboard.menu
-                  label: Menu
-            - id: user
-              label: User Access
-              acls:
-                - id: user.menu
-                  label: Menu
-                - id: user.list
-                  label: List
-                - id: user.add
-                  label: Add
-                - id: user.update
-                  label: Update
-                - id: user.delete
-                  label: Delete
-                - id: user.role.sadmin
-                  label: Super Admin Role
-                - id: user.profile
-                  label: User Profile
-            - id: role
-              label: Role Access
-              acls:
-                - id: role.menu
-                  label: Menu
-                - id: role.list
-                  label: List
-                - id: role.add
-                  label: Add
-                - id: role.update
-                  label: Update
-                - id: role.delete
-                  label: Delete
-            - id: apiuser
-              label: API User Access
-              acls:
-                - id: apiuser.menu
-                  label: Menu
-                - id: apiuser.list
-                  label: List
-                - id: apiuser.add
-                  label: Add
-                - id: apiuser.update
-                  label: Update
-                - id: apiuser.delete
-                  label: Delete
-            - id: apirole
-              label: API Role Access
-              acls:
-                - id: apirole.menu
-                  label: Menu
-                - id: apirole.list
-                  label: List
-                - id: apirole.add
-                  label: Add
-                - id: apirole.update
-                  label: Update
-                - id: apirole.delete
-                  label: Delete
-            - id: logistics
-              label: Logistics Access
-              acls:
-                - id: logistics.menu
-                  label: Menu
-            - id: battery
-              label: Battery Access
-              acls:
-                - id: battery.menu
-                  label: Menu
-                - id: battery.list
-                  label: List
-                - id: battery.add
-                  label: Add
-                - id: battery.update
-                  label: Update
-                - id: battery.delete
-                  label: Delete
-            - id: bmfg
-              label: Battery Manufacturer Access
-              acls:
-                - id: bmfg.menu
-                  label: Menu
-                - id: bmfg.list
-                  label: List
-                - id: bmfg.add
-                  label: Add
-                - id: bmfg.update
-                  label: Update
-                - id: bmfg.delete
-                  label: Delete
-            - id: bmodel
-              label: Battery Model Access
-              acls:
-                - id: bmodel.menu
-                  label: Menu
-                - id: bmodel.list
-                  label: List
-                - id: bmodel.add
-                  label: Add
-                - id: bmodel.update
-                  label: Update
-                - id: bmodel.delete
-                  label: Delete
-            - id: bsize
-              label: Battery Size Access
-              acls:
-                - id: bsize.menu
-                  label: Menu
-                - id: bsize.list
-                  label: List
-                - id: bsize.add
-                  label: Add
-                - id: bsize.update
-                  label: Update
-                - id: bsize.delete
-                  label: Delete
-            - id: vehicle
-              label: Vehicle Access
-              acls:
-                - id: vehicle.menu
-                  label: Menu
-                - id: vehicle.list
-                  label: List
-                - id: vehicle.add
-                  label: Add
-                - id: vehicle.update
-                  label: Update
-                - id: vehicle.delete
-                  label: Delete
-            - id: vmfg
-              label: Vehicle Manufacturer Access
-              acls: