Changed god account to root account
This commit is contained in:
parent
f7f54c0d2f
commit
69abbba02b
2
.env
2
.env
|
@ -1,7 +1,7 @@
|
|||
_APP_ENV=production
|
||||
_APP_ENV=development
|
||||
_APP_LOCALE=en
|
||||
_APP_CONSOLE_WHITELIST_GOD=disabled
|
||||
_APP_CONSOLE_WHITELIST_ROOT=disabled
|
||||
_APP_CONSOLE_WHITELIST_EMAILS=
|
||||
_APP_CONSOLE_WHITELIST_IPS=
|
||||
_APP_SYSTEM_EMAIL_NAME=Appwrite
|
||||
|
|
|
@ -12,7 +12,7 @@
|
|||
- Added option to disable anonymous login (need to merge and apply changed) (#947)
|
||||
- Added option to disable JWT auth (#947)
|
||||
- Added option to disable team invites (#947)
|
||||
- Option to limit number of users (good for app launches + god account PR) (#947)
|
||||
- Option to limit number of users (good for app launches + root account PR) (#947)
|
||||
- Added 2 new endpoints to the projects API to allow new settings
|
||||
- Enabled 501 errors (Not Implemented) from the error handler
|
||||
- Added Python 3.9 as a new Cloud Functions runtime (#1044)
|
||||
|
|
|
@ -88,7 +88,7 @@ ENV _APP_SERVER=swoole \
|
|||
_APP_DOMAIN_TARGET=localhost \
|
||||
_APP_HOME=https://appwrite.io \
|
||||
_APP_EDITION=community \
|
||||
_APP_CONSOLE_WHITELIST_GOD=enabled \
|
||||
_APP_CONSOLE_WHITELIST_ROOT=enabled \
|
||||
_APP_CONSOLE_WHITELIST_EMAILS= \
|
||||
_APP_CONSOLE_WHITELIST_IPS= \
|
||||
_APP_SYSTEM_EMAIL_NAME= \
|
||||
|
|
|
@ -46,7 +46,7 @@ $collections = [
|
|||
'legalTaxId' => '',
|
||||
'authWhitelistEmails' => (!empty(App::getEnv('_APP_CONSOLE_WHITELIST_EMAILS', null))) ? \explode(',', App::getEnv('_APP_CONSOLE_WHITELIST_EMAILS', null)) : [],
|
||||
'authWhitelistIPs' => (!empty(App::getEnv('_APP_CONSOLE_WHITELIST_IPS', null))) ? \explode(',', App::getEnv('_APP_CONSOLE_WHITELIST_IPS', null)) : [],
|
||||
'usersAuthLimit' => (App::getEnv('_APP_CONSOLE_WHITELIST_GOD', 'enabled') === 'enabled') ? 1 : 0, // limit signup to 1 user
|
||||
'usersAuthLimit' => (App::getEnv('_APP_CONSOLE_WHITELIST_ROOT', 'enabled') === 'enabled') ? 1 : 0, // limit signup to 1 user
|
||||
],
|
||||
Database::SYSTEM_COLLECTION_COLLECTIONS => [
|
||||
'$collection' => Database::SYSTEM_COLLECTION_COLLECTIONS,
|
||||
|
|
|
@ -64,7 +64,7 @@ return [
|
|||
'question' => 'Enter a DNS A record hostname to serve as a CNAME for your custom domains.\nYou can use the same value as used for the Appwrite hostname.',
|
||||
],
|
||||
[
|
||||
'name' => '_APP_CONSOLE_WHITELIST_GOD',
|
||||
'name' => '_APP_CONSOLE_WHITELIST_ROOT',
|
||||
'description' => 'This option allows you to disable the creation of new users on the Appwrite console. When enabled only 1 user will be able to use the registration form. New users can be added by invting them to your project. By default this option is enabled.',
|
||||
'introduction' => '0.8.0',
|
||||
'default' => 'enabled',
|
||||
|
|
|
@ -272,7 +272,7 @@ App::get('/v1/health/anti-virus')
|
|||
App::get('/v1/health/stats') // Currently only used internally
|
||||
->desc('Get System Stats')
|
||||
->groups(['api', 'health'])
|
||||
->label('scope', 'god')
|
||||
->label('scope', 'root')
|
||||
// ->label('sdk.auth', [APP_AUTH_TYPE_KEY])
|
||||
// ->label('sdk.namespace', 'health')
|
||||
// ->label('sdk.method', 'getStats')
|
||||
|
|
|
@ -612,7 +612,7 @@ App::delete('/v1/storage/files/:fileId')
|
|||
// App::get('/v1/storage/files/:fileId/scan')
|
||||
// ->desc('Scan Storage')
|
||||
// ->groups(['api', 'storage'])
|
||||
// ->label('scope', 'god')
|
||||
// ->label('scope', 'root')
|
||||
// ->label('sdk.auth', [APP_AUTH_TYPE_SESSION, APP_AUTH_TYPE_KEY, APP_AUTH_TYPE_JWT])
|
||||
// ->label('sdk.namespace', 'storage')
|
||||
// ->label('sdk.method', 'getFileScan')
|
||||
|
|
|
@ -208,7 +208,7 @@ App::init(function ($utopia, $request, $response, $console, $project, $user, $lo
|
|||
}
|
||||
}, $user->getAttribute('memberships', []));
|
||||
|
||||
// TDOO Check if user is god
|
||||
// TDOO Check if user is root
|
||||
|
||||
if (!\in_array($scope, $scopes)) {
|
||||
if (empty($project->getId()) || Database::SYSTEM_COLLECTION_PROJECTS !== $project->getCollection()) { // Check if permission is denied because project is missing
|
||||
|
|
|
@ -57,9 +57,9 @@ App::get('/')
|
|||
;
|
||||
|
||||
if ('console' === $project->getId()) {
|
||||
$whitlistGod = $project->getAttribute('authWhitelistGod');
|
||||
$whitlistRoot = App::getEnv('_APP_CONSOLE_WHITELIST_ROOT', 'enabled');
|
||||
|
||||
if($whitlistGod !== 'disabled') {
|
||||
if($whitlistRoot !== 'disabled') {
|
||||
$projectDB->getCollection([ // Count users
|
||||
'filters' => [
|
||||
'$collection='.Database::SYSTEM_COLLECTION_USERS,
|
||||
|
@ -88,7 +88,7 @@ App::get('/auth/signin')
|
|||
$page = new View(__DIR__.'/../../views/home/auth/signin.phtml');
|
||||
|
||||
$page
|
||||
->setParam('god', App::getEnv('_APP_CONSOLE_WHITELIST_GOD', 'enabled'))
|
||||
->setParam('root', App::getEnv('_APP_CONSOLE_WHITELIST_ROOT', 'enabled'))
|
||||
;
|
||||
|
||||
$layout
|
||||
|
@ -106,7 +106,7 @@ App::get('/auth/signup')
|
|||
$page = new View(__DIR__.'/../../views/home/auth/signup.phtml');
|
||||
|
||||
$page
|
||||
->setParam('god', App::getEnv('_APP_CONSOLE_WHITELIST_GOD', 'enabled'))
|
||||
->setParam('root', App::getEnv('_APP_CONSOLE_WHITELIST_ROOT', 'enabled'))
|
||||
;
|
||||
|
||||
$layout
|
||||
|
|
|
@ -61,11 +61,11 @@ $cli
|
|||
Console::log('🟢 Abuse protection is enabled');
|
||||
}
|
||||
|
||||
$authWhitelistGod = App::getEnv('_APP_CONSOLE_WHITELIST_GOD', null);
|
||||
$authWhitelistRoot = App::getEnv('_APP_CONSOLE_WHITELIST_ROOT', null);
|
||||
$authWhitelistEmails = App::getEnv('_APP_CONSOLE_WHITELIST_EMAILS', null);
|
||||
$authWhitelistIPs = App::getEnv('_APP_CONSOLE_WHITELIST_IPS', null);
|
||||
|
||||
if(empty($authWhitelistGod)
|
||||
if(empty($authWhitelistRoot)
|
||||
&& empty($authWhitelistEmails)
|
||||
&& empty($authWhitelistIPs)
|
||||
) {
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
<?php
|
||||
$god = ($this->getParam('god') !== 'disabled');
|
||||
$root = ($this->getParam('root') !== 'disabled');
|
||||
?>
|
||||
<div class="zone medium"
|
||||
data-service="account.get"
|
||||
|
@ -46,7 +46,7 @@ $god = ($this->getParam('god') !== 'disabled');
|
|||
<br />
|
||||
|
||||
<div class="text-line-high-large text-align-center">
|
||||
<a href="/auth/recovery">Forgot password?</a><?php if(!$god): ?> or don't have an account? <b><a href="/auth/signup">Sign up now</a></b><?php endif; ?>
|
||||
<a href="/auth/recovery">Forgot password?</a><?php if(!$root): ?> or don't have an account? <b><a href="/auth/signup">Sign up now</a></b><?php endif; ?>
|
||||
</div>
|
||||
</div>
|
||||
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
<?php
|
||||
$god = ($this->getParam('god') !== 'disabled');
|
||||
$root = ($this->getParam('root') !== 'disabled');
|
||||
?>
|
||||
<div class="zone medium signup">
|
||||
<h1 class="zone xl margin-bottom-large margin-top">
|
||||
|
@ -26,8 +26,8 @@ $god = ($this->getParam('god') !== 'disabled');
|
|||
data-failure-param-alert-text="Registration Failed. Please try again later"
|
||||
data-failure-param-alert-classname="error">
|
||||
|
||||
<?php if($god): ?>
|
||||
<p>Please create your first god account</p>
|
||||
<?php if($root): ?>
|
||||
<p>Please create your root account</p>
|
||||
<?php endif; ?>
|
||||
|
||||
<label>Name</label>
|
||||
|
@ -51,7 +51,7 @@ $god = ($this->getParam('god') !== 'disabled');
|
|||
|
||||
</div>
|
||||
|
||||
<?php if(!$god): ?>
|
||||
<?php if(!$root): ?>
|
||||
<div class="zone medium text-align-center">
|
||||
<a href="/auth/signin">Already have an account?</a>
|
||||
</div>
|
||||
|
|
|
@ -57,7 +57,7 @@ services:
|
|||
environment:
|
||||
- _APP_ENV
|
||||
- _APP_LOCALE
|
||||
- _APP_CONSOLE_WHITELIST_GOD
|
||||
- _APP_CONSOLE_WHITELIST_ROOT
|
||||
- _APP_CONSOLE_WHITELIST_EMAILS
|
||||
- _APP_CONSOLE_WHITELIST_IPS
|
||||
- _APP_SYSTEM_EMAIL_NAME
|
||||
|
|
|
@ -76,7 +76,7 @@ services:
|
|||
environment:
|
||||
- _APP_ENV
|
||||
- _APP_LOCALE
|
||||
- _APP_CONSOLE_WHITELIST_GOD
|
||||
- _APP_CONSOLE_WHITELIST_ROOT
|
||||
- _APP_CONSOLE_WHITELIST_EMAILS
|
||||
- _APP_CONSOLE_WHITELIST_IPS
|
||||
- _APP_SYSTEM_EMAIL_NAME
|
||||
|
|
Loading…
Reference in New Issue