Merge pull request #2620 from appwrite/fix-consistent-users-limit

Fixed missing users limit validation
2024-06-01 18:39:57 +12:00 · 2022-01-16 09:28:37 +02:00 · 2022-01-16 09:28:37 +02:00 · 464db81880
parent 33c9c5c9b8 9650f37dc9
commit 464db81880
5 changed files with 9 additions and 7 deletions
--- a/2
+++ b/2
@ -32,7 +32,7 @@ ENV DEBUG=$DEBUG
 ENV PHP_REDIS_VERSION=5.3.5 \
    PHP_MONGODB_VERSION=1.9.1 \
    PHP_SWOOLE_VERSION=v4.8.5 \
-    PHP_IMAGICK_VERSION=3.5.1 \
+    PHP_IMAGICK_VERSION=3.7.0 \
    PHP_YAML_VERSION=2.2.2 \
    PHP_MAXMINDDB_VERSION=v1.11.0

--- a/app/config/collections.php
+++ b/app/config/collections.php
@ -2209,6 +2209,7 @@ $collections = [
            ],
        ],
    ],
+
    'stats' => [
        '$collection' => Database::METADATA,
        '$id' => 'stats',
@ -2294,6 +2295,7 @@ $collections = [
            ],
        ],
    ],
+    
    'realtime' => [
        '$collection' => Database::METADATA,
        '$id' => 'realtime',
--- a/app/controllers/api/account.php
+++ b/app/controllers/api/account.php
@ -479,7 +479,7 @@ App::get('/v1/account/sessions/oauth2/:provider/redirect')
                $limit = $project->getAttribute('auths', [])['limit'] ?? 0;

                if ($limit !== 0) {
-                    $sum = $dbForProject->count('users', [ new Query('deleted', Query::TYPE_EQUAL, [false]),], APP_LIMIT_COUNT);
+                    $sum = $dbForProject->count('users', [ new Query('deleted', Query::TYPE_EQUAL, [false]),], APP_LIMIT_USERS);

                    if ($sum >= $limit) {
                        throw new Exception('Project registration is restricted. Contact your administrator for more information.', 501);
@ -652,7 +652,7 @@ App::post('/v1/account/sessions/magic-url')
            if ($limit !== 0) {
                $sum = $dbForProject->count('users', [
                    new Query('deleted', Query::TYPE_EQUAL, [false]),
-                ], APP_LIMIT_COUNT);
+                ], APP_LIMIT_USERS);

                if ($sum >= $limit) {
                    throw new Exception('Project registration is restricted. Contact your administrator for more information.', 501);
@ -924,7 +924,7 @@ App::post('/v1/account/sessions/anonymous')
        if ($limit !== 0) {
            $sum = $dbForProject->count('users', [
                new Query('deleted', Query::TYPE_EQUAL, [false]),
-            ], APP_LIMIT_COUNT);
+            ], APP_LIMIT_USERS);

            if ($sum >= $limit) {
                throw new Exception('Project registration is restricted. Contact your administrator for more information.', 501);
--- a/app/controllers/api/projects.php
+++ b/app/controllers/api/projects.php
@ -461,7 +461,7 @@ App::patch('/v1/projects/:projectId/auth/limit')
    ->label('sdk.response.type', Response::CONTENT_TYPE_JSON)
    ->label('sdk.response.model', Response::MODEL_PROJECT)
    ->param('projectId', '', new UID(), 'Project unique ID.')
-    ->param('limit', false, new Integer(true), 'Set the max number of users allowed in this project. Use 0 for unlimited.')
+    ->param('limit', false, new Range(0, APP_LIMIT_USERS), 'Set the max number of users allowed in this project. Use 0 for unlimited.')
    ->inject('response')
    ->inject('dbForConsole')
    ->action(function ($projectId, $limit, $response, $dbForConsole) {
--- a/app/views/console/users/index.phtml
+++ b/app/views/console/users/index.phtml
@ -353,13 +353,13 @@ $smtpEnabled = $this->getParam('smtpEnabled', false);
                    data-failure-param-alert-text="Failed to update project users limit"
                    data-failure-param-alert-classname="error">

-                    <input name="limit" id="users-limit" type="number" data-ls-bind="{{console-project.authLimit}}" data-cast-to="numeric" min="0" />
+                    <input name="limit" id="users-limit" type="number" data-ls-bind="{{console-project.authLimit}}" data-cast-to="numeric" min="0" max="<?php echo APP_LIMIT_USERS; ?>" />

                    <div class="info row thin margin-bottom margin-top">
                        <div class="col span-1">
                            <i class="icon-info-circled text-sign"></i>
                        </div>
-                        <div class="col span-11">This limit will prevent new users from signing up for your project, no matter what auth method has been used. You will still be able to create users and team memberships from your Appwrite console. For an unlimited amount of users, set the limit to 0.</div>
+                        <div class="col span-11">This limit will prevent new users from signing up for your project, no matter what auth method has been used. You will still be able to create users and team memberships from your Appwrite console. For an unlimited amount of users, set the limit to 0. Max limit is <?php echo number_format(APP_LIMIT_USERS); ?>.</div>
                    </div>

                    <button>Update</button> &nbsp; <button data-ui-modal-close="" type="button" class="reverse">Cancel</button>