CodeMirror/appwrite
1
0
Fork 0
mirror of synced 2024-05-20 20:52:36 +12:00
Code Issues Projects Releases Wiki Activity

Fixed roles param input validation

Browse source
This commit is contained in:
Eldad Fux 2020-09-10 11:33:47 +03:00
parent e887edf2dc
commit 7309cefd60
1 changed files with 3 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
app/controllers/api/teams.php
View file

@ -18,6 +18,7 @@ use Appwrite\Database\Document;
use Appwrite\Database\Validator\UID;
use Appwrite\Database\Validator\Authorization;
use Appwrite\Database\Exception\Duplicate;
use Appwrite\Database\Validator\Key;
use Appwrite\Template\Template;
$utopia->post('/v1/teams')
@ -29,7 +30,7 @@ $utopia->post('/v1/teams')
->label('sdk.method', 'create')
->label('sdk.description', '/docs/references/teams/create-team.md')
->param('name', null, function () { return new Text(100); }, 'Team name.')
->param('roles', ['owner'], function () { return new ArrayList(new Text(128)); }, 'Array of strings. Use this param to set the roles in the team for the user who created it. The default role is **owner**. A role can be any string. Learn more about [roles and permissions](/docs/permissions).', true)
->param('roles', ['owner'], function () { return new ArrayList(new Key()); }, 'Array of strings. Use this param to set the user roles in the team. A role can be any string. Learn more about [roles and permissions](/docs/permissions). Max length for each role is 32 chars.')
->action(
function ($name, $roles) use ($response, $projectDB, $user, $mode) {
Authorization::disable();
@ -216,7 +217,7 @@ $utopia->post('/v1/teams/:teamId/memberships')
->param('teamId', '', function () { return new UID(); }, 'Team unique ID.')
->param('email', '', function () { return new Email(); }, 'New team member email.')
->param('name', '', function () { return new Text(100); }, 'New team member name.', true)
->param('roles', [], function () { return new ArrayList(new Text(128)); }, 'Array of strings. Use this param to set the user roles in the team. A role can be any string. Learn more about [roles and permissions](/docs/permissions).')
->param('roles', [], function () { return new ArrayList(new Key()); }, 'Array of strings. Use this param to set the user roles in the team. A role can be any string. Learn more about [roles and permissions](/docs/permissions). Max length for each role is 32 chars.')
->param('url', '', function () use ($clients) { return new Host($clients); }, 'URL to redirect the user back to your app from the invitation email. Only URLs from hostnames in your project platform list are allowed. This requirement helps to prevent an [open redirect](https://cheatsheetseries.owasp.org/cheatsheets/Unvalidated_Redirects_and_Forwards_Cheat_Sheet.html) attack against your project API.') // TODO add our own built-in confirm page
->action(
function ($teamId, $email, $name, $roles, $url) use ($response, $mail, $project, $user, $audit, $projectDB, &$mode) {