Merge pull request #3738 from appwrite/fix-unaccepted-invitation-access
Fix unaccepted invitations giving access to projects
This commit is contained in:
commit
26b6584a39
4 changed files with 74 additions and 0 deletions
|
@ -427,6 +427,10 @@ class Auth
|
|||
}
|
||||
|
||||
foreach ($user->getAttribute('memberships', []) as $node) {
|
||||
if (!isset($node['confirm']) || !$node['confirm']) {
|
||||
continue;
|
||||
}
|
||||
|
||||
if (isset($node['teamId']) && isset($node['roles'])) {
|
||||
$roles[] = Role::team($node['teamId'])->toString();
|
||||
|
||||
|
|
|
@ -63,4 +63,67 @@ class TeamsConsoleClientTest extends Scope
|
|||
|
||||
$this->assertEquals(204, $response['headers']['status-code']);
|
||||
}
|
||||
|
||||
/**
|
||||
* @depends testCreateTeam
|
||||
*/
|
||||
public function testTeamMembershipPerms($data): array
|
||||
{
|
||||
$teamUid = $data['teamUid'] ?? '';
|
||||
$teamName = $data['teamName'] ?? '';
|
||||
$email = uniqid() . 'friend@localhost.test';
|
||||
$name = 'Friend User';
|
||||
$password = 'password';
|
||||
|
||||
// Create a user account before we create a invite so we can check if the user has permissions when it shouldn't
|
||||
$user = $this->client->call(Client::METHOD_POST, '/account', [
|
||||
'content-type' => 'application/json',
|
||||
'x-appwrite-project' => 'console'], [
|
||||
'userId' => 'unique()',
|
||||
'email' => $email,
|
||||
'password' => $password,
|
||||
'name' => $name,
|
||||
], false);
|
||||
|
||||
$this->assertEquals(201, $user['headers']['status-code']);
|
||||
|
||||
/**
|
||||
* Test for SUCCESS
|
||||
*/
|
||||
$response = $this->client->call(Client::METHOD_POST, '/teams/' . $teamUid . '/memberships', array_merge([
|
||||
'content-type' => 'application/json',
|
||||
'x-appwrite-project' => $this->getProject()['$id'],
|
||||
], $this->getHeaders()), [
|
||||
'email' => $email,
|
||||
'name' => $name,
|
||||
'roles' => ['admin', 'editor'],
|
||||
'url' => 'http://localhost:5000/join-us#title'
|
||||
]);
|
||||
|
||||
$this->assertEquals(201, $response['headers']['status-code']);
|
||||
|
||||
$response = $this->client->call(Client::METHOD_GET, '/users', array_merge([
|
||||
'content-type' => 'application/json',
|
||||
'x-appwrite-project' => $this->getProject()['$id'],
|
||||
], $this->getHeaders()));
|
||||
$this->assertEquals(401, $response['headers']['status-code']);
|
||||
|
||||
$response = $this->client->call(Client::METHOD_GET, '/teams/' . $teamUid . '/memberships', array_merge([
|
||||
'content-type' => 'application/json',
|
||||
'x-appwrite-project' => $this->getProject()['$id'],
|
||||
], $this->getHeaders()));
|
||||
|
||||
$this->assertEquals(200, $response['headers']['status-code']);
|
||||
|
||||
$ownerMembershipUid = $response['body']['memberships'][1]['$id'];
|
||||
|
||||
$response = $this->client->call(Client::METHOD_DELETE, '/teams/' . $teamUid . '/memberships/' . $ownerMembershipUid, array_merge([
|
||||
'origin' => 'http://localhost',
|
||||
'content-type' => 'application/json',
|
||||
'x-appwrite-project' => $this->getProject()['$id'],
|
||||
], $this->getHeaders()));
|
||||
$this->assertEquals(204, $response['headers']['status-code']);
|
||||
|
||||
return $data;
|
||||
}
|
||||
}
|
||||
|
|
|
@ -353,6 +353,7 @@ class AuthTest extends TestCase
|
|||
'$id' => ID::custom('123'),
|
||||
'memberships' => [
|
||||
[
|
||||
'confirm' => true,
|
||||
'teamId' => ID::custom('abc'),
|
||||
'roles' => [
|
||||
'administrator',
|
||||
|
@ -360,6 +361,7 @@ class AuthTest extends TestCase
|
|||
]
|
||||
],
|
||||
[
|
||||
'confirm' => true,
|
||||
'teamId' => ID::custom('def'),
|
||||
'roles' => [
|
||||
'guest'
|
||||
|
@ -387,6 +389,7 @@ class AuthTest extends TestCase
|
|||
'$id' => ID::custom('123'),
|
||||
'memberships' => [
|
||||
[
|
||||
'confirm' => true,
|
||||
'teamId' => ID::custom('abc'),
|
||||
'roles' => [
|
||||
'administrator',
|
||||
|
@ -394,6 +397,7 @@ class AuthTest extends TestCase
|
|||
]
|
||||
],
|
||||
[
|
||||
'confirm' => true,
|
||||
'teamId' => ID::custom('def'),
|
||||
'roles' => [
|
||||
'guest'
|
||||
|
@ -421,6 +425,7 @@ class AuthTest extends TestCase
|
|||
'$id' => ID::custom('123'),
|
||||
'memberships' => [
|
||||
[
|
||||
'confirm' => true,
|
||||
'teamId' => ID::custom('abc'),
|
||||
'roles' => [
|
||||
'administrator',
|
||||
|
@ -428,6 +433,7 @@ class AuthTest extends TestCase
|
|||
]
|
||||
],
|
||||
[
|
||||
'confirm' => true,
|
||||
'teamId' => ID::custom('def'),
|
||||
'roles' => [
|
||||
'guest'
|
||||
|
|
|
@ -54,6 +54,7 @@ class MessagingChannelsTest extends TestCase
|
|||
'$id' => ID::custom('user' . $this->connectionsCount),
|
||||
'memberships' => [
|
||||
[
|
||||
'confirm' => true,
|
||||
'teamId' => ID::custom('team' . $i),
|
||||
'roles' => [
|
||||
empty($index % 2)
|
||||
|
|
Loading…
Reference in a new issue