CodeMirror/appwrite
1
0
Fork 0
mirror of synced 2024-10-05 20:53:27 +13:00
Code Issues Projects Releases Wiki Activity

feat: only owners are allowed to update attributes

Browse source
This commit is contained in:
Torsten Dittmann 2023-03-10 21:57:13 +05:30
parent fcd9b060fd
commit 10150aad3e
2 changed files with 29 additions and 20 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

9
app/controllers/api/teams.php
View file

@ -300,6 +300,15 @@ App::patch('/v1/teams/:teamId/prefs')
throw new Exception(Exception::TEAM_NOT_FOUND); throw new Exception(Exception::TEAM_NOT_FOUND);
} }
$roles = Authorization::getRoles();
$isPrivilegedUser = Auth::isPrivilegedUser($roles);
$isAppUser = Auth::isAppUser($roles);
$isOwner = Authorization::isRole("team:{$team->getId()}/owner");
if (!$isOwner && !$isPrivilegedUser && !$isAppUser) {
throw new Exception(Exception::USER_UNAUTHORIZED, 'User is not allowed to update preferences for this team');
}
$team = $dbForProject->updateDocument('teams', $team->getId(), $team->setAttribute('prefs', $prefs)); $team = $dbForProject->updateDocument('teams', $team->getId(), $team->setAttribute('prefs', $prefs));
$events->setParam('teamId', $team->getId()); $events->setParam('teamId', $team->getId());

40
composer.lock generated
View file

@ -693,16 +693,16 @@
}, },
{ {
"name": "guzzlehttp/psr7", "name": "guzzlehttp/psr7",
"version": "2.4.3", "version": "2.4.4",
"source": { "source": {
"type": "git", "type": "git",
"url": "https://github.com/guzzle/psr7.git", "url": "https://github.com/guzzle/psr7.git",
"reference": "67c26b443f348a51926030c83481b85718457d3d" "reference": "3cf1b6d4f0c820a2cf8bcaec39fc698f3443b5cf"
}, },
"dist": { "dist": {
"type": "zip", "type": "zip",
"url": "https://api.github.com/repos/guzzle/psr7/zipball/67c26b443f348a51926030c83481b85718457d3d", "url": "https://api.github.com/repos/guzzle/psr7/zipball/3cf1b6d4f0c820a2cf8bcaec39fc698f3443b5cf",
"reference": "67c26b443f348a51926030c83481b85718457d3d", "reference": "3cf1b6d4f0c820a2cf8bcaec39fc698f3443b5cf",
"shasum": "" "shasum": ""
}, },
"require": { "require": {
@ -792,7 +792,7 @@
], ],
"support": { "support": {
"issues": "https://github.com/guzzle/psr7/issues", "issues": "https://github.com/guzzle/psr7/issues",
"source": "https://github.com/guzzle/psr7/tree/2.4.3" "source": "https://github.com/guzzle/psr7/tree/2.4.4"
}, },
"funding": [ "funding": [
{ {
@ -808,7 +808,7 @@
"type": "tidelift" "type": "tidelift"
} }
], ],
"time": "2022-10-26T14:07:24+00:00" "time": "2023-03-09T13:19:02+00:00"
}, },
{ {
"name": "influxdb/influxdb-php", "name": "influxdb/influxdb-php",
@ -3282,16 +3282,16 @@
}, },
{ {
"name": "myclabs/deep-copy", "name": "myclabs/deep-copy",
"version": "1.11.0", "version": "1.11.1",
"source": { "source": {
"type": "git", "type": "git",
"url": "https://github.com/myclabs/DeepCopy.git", "url": "https://github.com/myclabs/DeepCopy.git",
"reference": "14daed4296fae74d9e3201d2c4925d1acb7aa614" "reference": "7284c22080590fb39f2ffa3e9057f10a4ddd0e0c"
}, },
"dist": { "dist": {
"type": "zip", "type": "zip",
"url": "https://api.github.com/repos/myclabs/DeepCopy/zipball/14daed4296fae74d9e3201d2c4925d1acb7aa614", "url": "https://api.github.com/repos/myclabs/DeepCopy/zipball/7284c22080590fb39f2ffa3e9057f10a4ddd0e0c",
"reference": "14daed4296fae74d9e3201d2c4925d1acb7aa614", "reference": "7284c22080590fb39f2ffa3e9057f10a4ddd0e0c",
"shasum": "" "shasum": ""
}, },
"require": { "require": {
@ -3329,7 +3329,7 @@
], ],
"support": { "support": {
"issues": "https://github.com/myclabs/DeepCopy/issues", "issues": "https://github.com/myclabs/DeepCopy/issues",
"source": "https://github.com/myclabs/DeepCopy/tree/1.11.0" "source": "https://github.com/myclabs/DeepCopy/tree/1.11.1"
}, },
"funding": [ "funding": [
{ {
@ -3337,7 +3337,7 @@
"type": "tidelift" "type": "tidelift"
} }
], ],
"time": "2022-03-03T13:19:32+00:00" "time": "2023-03-08T13:26:56+00:00"
}, },
{ {
"name": "nikic/php-parser", "name": "nikic/php-parser",
@ -3741,16 +3741,16 @@
}, },
{ {
"name": "phpunit/php-code-coverage", "name": "phpunit/php-code-coverage",
"version": "9.2.25", "version": "9.2.26",
"source": { "source": {
"type": "git", "type": "git",
"url": "https://github.com/sebastianbergmann/php-code-coverage.git", "url": "https://github.com/sebastianbergmann/php-code-coverage.git",
"reference": "0e2b40518197a8c0d4b08bc34dfff1c99c508954" "reference": "443bc6912c9bd5b409254a40f4b0f4ced7c80ea1"
}, },
"dist": { "dist": {
"type": "zip", "type": "zip",
"url": "https://api.github.com/repos/sebastianbergmann/php-code-coverage/zipball/0e2b40518197a8c0d4b08bc34dfff1c99c508954", "url": "https://api.github.com/repos/sebastianbergmann/php-code-coverage/zipball/443bc6912c9bd5b409254a40f4b0f4ced7c80ea1",
"reference": "0e2b40518197a8c0d4b08bc34dfff1c99c508954", "reference": "443bc6912c9bd5b409254a40f4b0f4ced7c80ea1",
"shasum": "" "shasum": ""
}, },
"require": { "require": {
@ -3772,8 +3772,8 @@
"phpunit/phpunit": "^9.3" "phpunit/phpunit": "^9.3"
}, },
"suggest": { "suggest": {
"ext-pcov": "*", "ext-pcov": "PHP extension that provides line coverage",
"ext-xdebug": "*" "ext-xdebug": "PHP extension that provides line coverage as well as branch and path coverage"
}, },
"type": "library", "type": "library",
"extra": { "extra": {
@ -3806,7 +3806,7 @@
], ],
"support": { "support": {
"issues": "https://github.com/sebastianbergmann/php-code-coverage/issues", "issues": "https://github.com/sebastianbergmann/php-code-coverage/issues",
"source": "https://github.com/sebastianbergmann/php-code-coverage/tree/9.2.25" "source": "https://github.com/sebastianbergmann/php-code-coverage/tree/9.2.26"
}, },
"funding": [ "funding": [
{ {
@ -3814,7 +3814,7 @@
"type": "github" "type": "github"
} }
], ],
"time": "2023-02-25T05:32:00+00:00" "time": "2023-03-06T12:58:08+00:00"
}, },
{ {
"name": "phpunit/php-file-iterator", "name": "phpunit/php-file-iterator",