Fix target permissions
This commit is contained in:
parent
c192f14d01
commit
3c727861bb
2 changed files with 36 additions and 1 deletions
|
@ -163,6 +163,11 @@ App::post('/v1/account')
|
||||||
$user = Authorization::skip(fn() => $dbForProject->createDocument('users', $user));
|
$user = Authorization::skip(fn() => $dbForProject->createDocument('users', $user));
|
||||||
try {
|
try {
|
||||||
$target = Authorization::skip(fn() => $dbForProject->createDocument('targets', new Document([
|
$target = Authorization::skip(fn() => $dbForProject->createDocument('targets', new Document([
|
||||||
|
'$permissions' => [
|
||||||
|
Permission::read(Role::user($user->getId())),
|
||||||
|
Permission::update(Role::user($user->getId())),
|
||||||
|
Permission::delete(Role::user($user->getId())),
|
||||||
|
],
|
||||||
'userId' => $user->getId(),
|
'userId' => $user->getId(),
|
||||||
'userInternalId' => $user->getInternalId(),
|
'userInternalId' => $user->getInternalId(),
|
||||||
'providerType' => MESSAGE_TYPE_EMAIL,
|
'providerType' => MESSAGE_TYPE_EMAIL,
|
||||||
|
@ -707,7 +712,7 @@ App::get('/v1/account/sessions/oauth2/:provider/redirect')
|
||||||
$userDoc = Authorization::skip(fn() => $dbForProject->createDocument('users', $user));
|
$userDoc = Authorization::skip(fn() => $dbForProject->createDocument('users', $user));
|
||||||
$dbForProject->createDocument('targets', new Document([
|
$dbForProject->createDocument('targets', new Document([
|
||||||
'$permissions' => [
|
'$permissions' => [
|
||||||
Permission::read(Role::any()),
|
Permission::read(Role::user($user->getId())),
|
||||||
Permission::update(Role::user($user->getId())),
|
Permission::update(Role::user($user->getId())),
|
||||||
Permission::delete(Role::user($user->getId())),
|
Permission::delete(Role::user($user->getId())),
|
||||||
],
|
],
|
||||||
|
@ -1699,6 +1704,11 @@ App::post('/v1/account/tokens/phone')
|
||||||
Authorization::skip(fn () => $dbForProject->createDocument('users', $user));
|
Authorization::skip(fn () => $dbForProject->createDocument('users', $user));
|
||||||
try {
|
try {
|
||||||
$target = Authorization::skip(fn() => $dbForProject->createDocument('targets', new Document([
|
$target = Authorization::skip(fn() => $dbForProject->createDocument('targets', new Document([
|
||||||
|
'$permissions' => [
|
||||||
|
Permission::read(Role::user($user->getId())),
|
||||||
|
Permission::update(Role::user($user->getId())),
|
||||||
|
Permission::delete(Role::user($user->getId())),
|
||||||
|
],
|
||||||
'userId' => $user->getId(),
|
'userId' => $user->getId(),
|
||||||
'userInternalId' => $user->getInternalId(),
|
'userInternalId' => $user->getInternalId(),
|
||||||
'providerType' => MESSAGE_TYPE_SMS,
|
'providerType' => MESSAGE_TYPE_SMS,
|
||||||
|
|
|
@ -115,6 +115,11 @@ function createUser(string $hash, mixed $hashOptions, string $userId, ?string $e
|
||||||
if ($email) {
|
if ($email) {
|
||||||
try {
|
try {
|
||||||
$target = $dbForProject->createDocument('targets', new Document([
|
$target = $dbForProject->createDocument('targets', new Document([
|
||||||
|
'$permissions' => [
|
||||||
|
Permission::read(Role::user($user->getId())),
|
||||||
|
Permission::update(Role::user($user->getId())),
|
||||||
|
Permission::delete(Role::user($user->getId())),
|
||||||
|
],
|
||||||
'userId' => $user->getId(),
|
'userId' => $user->getId(),
|
||||||
'userInternalId' => $user->getInternalId(),
|
'userInternalId' => $user->getInternalId(),
|
||||||
'providerType' => 'email',
|
'providerType' => 'email',
|
||||||
|
@ -132,6 +137,11 @@ function createUser(string $hash, mixed $hashOptions, string $userId, ?string $e
|
||||||
if ($phone) {
|
if ($phone) {
|
||||||
try {
|
try {
|
||||||
$target = $dbForProject->createDocument('targets', new Document([
|
$target = $dbForProject->createDocument('targets', new Document([
|
||||||
|
'$permissions' => [
|
||||||
|
Permission::read(Role::user($user->getId())),
|
||||||
|
Permission::update(Role::user($user->getId())),
|
||||||
|
Permission::delete(Role::user($user->getId())),
|
||||||
|
],
|
||||||
'userId' => $user->getId(),
|
'userId' => $user->getId(),
|
||||||
'userInternalId' => $user->getInternalId(),
|
'userInternalId' => $user->getInternalId(),
|
||||||
'providerType' => 'sms',
|
'providerType' => 'sms',
|
||||||
|
@ -498,6 +508,11 @@ App::post('/v1/users/:userId/targets')
|
||||||
try {
|
try {
|
||||||
$target = $dbForProject->createDocument('targets', new Document([
|
$target = $dbForProject->createDocument('targets', new Document([
|
||||||
'$id' => $targetId,
|
'$id' => $targetId,
|
||||||
|
'$permissions' => [
|
||||||
|
Permission::read(Role::user($user->getId())),
|
||||||
|
Permission::update(Role::user($user->getId())),
|
||||||
|
Permission::delete(Role::user($user->getId())),
|
||||||
|
],
|
||||||
'providerId' => $providerId ?? null,
|
'providerId' => $providerId ?? null,
|
||||||
'providerInternalId' => $provider->getInternalId() ?? null,
|
'providerInternalId' => $provider->getInternalId() ?? null,
|
||||||
'providerType' => $providerType,
|
'providerType' => $providerType,
|
||||||
|
@ -1227,6 +1242,11 @@ App::patch('/v1/users/:userId/email')
|
||||||
} else {
|
} else {
|
||||||
if (\strlen($email) !== 0) {
|
if (\strlen($email) !== 0) {
|
||||||
$target = $dbForProject->createDocument('targets', new Document([
|
$target = $dbForProject->createDocument('targets', new Document([
|
||||||
|
'$permissions' => [
|
||||||
|
Permission::read(Role::user($user->getId())),
|
||||||
|
Permission::update(Role::user($user->getId())),
|
||||||
|
Permission::delete(Role::user($user->getId())),
|
||||||
|
],
|
||||||
'userId' => $user->getId(),
|
'userId' => $user->getId(),
|
||||||
'userInternalId' => $user->getInternalId(),
|
'userInternalId' => $user->getInternalId(),
|
||||||
'providerType' => 'email',
|
'providerType' => 'email',
|
||||||
|
@ -1305,6 +1325,11 @@ App::patch('/v1/users/:userId/phone')
|
||||||
} else {
|
} else {
|
||||||
if (\strlen($number) !== 0) {
|
if (\strlen($number) !== 0) {
|
||||||
$target = $dbForProject->createDocument('targets', new Document([
|
$target = $dbForProject->createDocument('targets', new Document([
|
||||||
|
'$permissions' => [
|
||||||
|
Permission::read(Role::user($user->getId())),
|
||||||
|
Permission::update(Role::user($user->getId())),
|
||||||
|
Permission::delete(Role::user($user->getId())),
|
||||||
|
],
|
||||||
'userId' => $user->getId(),
|
'userId' => $user->getId(),
|
||||||
'userInternalId' => $user->getInternalId(),
|
'userInternalId' => $user->getInternalId(),
|
||||||
'providerType' => 'sms',
|
'providerType' => 'sms',
|
||||||
|
|
Loading…
Reference in a new issue