Allowed admin to auto-add new member to a team

2024-06-29 11:40:45 +12:00 · 2020-06-08 19:15:35 +03:00 · 2020-06-08 19:15:35 +03:00 · 26a133a3f8
parent 7d5ee934ee
commit 26a133a3f8
1 changed files with 14 additions and 5 deletions
--- a/app/controllers/api/teams.php
+++ b/app/controllers/api/teams.php
@ -215,7 +215,7 @@ $utopia->post('/v1/teams/:teamId/memberships')
    ->param('roles', [], function () { return new ArrayList(new Text(128)); }, 'Array of strings. Use this param to set the user roles in the team. A role can be any string. Learn more about [roles and permissions](/docs/permissions).')
    ->param('url', '', function () use ($clients) { return new Host($clients); }, 'URL to redirect the user back to your app from the invitation email.  Only URLs from hostnames in your project platform list are allowed. This requirement helps to prevent an [open redirect](https://cheatsheetseries.owasp.org/cheatsheets/Unvalidated_Redirects_and_Forwards_Cheat_Sheet.html) attack against your project API.') // TODO add our own built-in confirm page
    ->action(
-        function ($teamId, $email, $name, $roles, $url) use ($response, $register, $project, $user, $audit, $projectDB) {
+        function ($teamId, $email, $name, $roles, $url) use ($response, $register, $project, $user, $audit, $projectDB, $mode) {
            $name = (empty($name)) ? $email : $name;
            $team = $projectDB->getDocument($teamId);

@ -285,7 +285,7 @@ $utopia->post('/v1/teams/:teamId/memberships')
                }
            }

-            if (!$isOwner) {
+            if (!$isOwner && (APP_MODE_ADMIN !== $mode)) {
                throw new Exception('User is not allowed to send invitations for this team', 401);
            }

@ -302,11 +302,18 @@ $utopia->post('/v1/teams/:teamId/memberships')
                'roles' => $roles,
                'invited' => time(),
                'joined' => 0,
-                'confirm' => false,
+                'confirm' => (APP_MODE_ADMIN === $mode),
                'secret' => Auth::hash($secret),
            ]);

-            $membership = $projectDB->createDocument($membership->getArrayCopy());
+            if(APP_MODE_ADMIN === $mode) { // Allow admin to create membership
+                Authorization::disable();
+                $membership = $projectDB->createDocument($membership->getArrayCopy());
+                Authorization::reset();
+            }
+            else {
+                $membership = $projectDB->createDocument($membership->getArrayCopy());
+            }

            if (false === $membership) {
                throw new Exception('Failed saving membership to DB', 500);
@ -334,7 +341,9 @@ $utopia->post('/v1/teams/:teamId/memberships')
            $mail->AltBody = strip_tags($body->render());

            try {
-                $mail->send();
+                if(APP_MODE_ADMIN === $mode) { // No need in comfirmation when in admin mode
+                    $mail->send();
+                }
            } catch (\Exception $error) {
                throw new Exception('Error sending mail: ' . $error->getMessage(), 500);
            }