Fixed teams permission on admin mode
This commit is contained in:
parent
183b60e98d
commit
8cd40b1209
3 changed files with 35 additions and 9 deletions
|
@ -140,7 +140,7 @@ $utopia->init(function () use ($utopia, $request, $response, &$user, $project, $
|
|||
$role = Auth::USER_ROLE_APP;
|
||||
$scopes = array_merge($roles[$role]['scopes'], $key->getAttribute('scopes', []));
|
||||
|
||||
Authorization::disable(); // Cancel security segmentation for API keys.
|
||||
Authorization::setDefaultStatus(false); // Cancel security segmentation for API keys.
|
||||
}
|
||||
|
||||
Authorization::setRole('user:'.$user->getUid());
|
||||
|
|
|
@ -40,17 +40,17 @@ $utopia->post('/v1/teams')
|
|||
'write' => ['team:{self}/owner'],
|
||||
],
|
||||
'name' => $name,
|
||||
'sum' => ($mode !== APP_MODE_ADMIN) ? 1 : 0,
|
||||
'sum' => ($mode !== APP_MODE_ADMIN && $user->getUid()) ? 1 : 0,
|
||||
'dateCreated' => time(),
|
||||
]);
|
||||
|
||||
Authorization::enable();
|
||||
Authorization::reset();
|
||||
|
||||
if (false === $team) {
|
||||
throw new Exception('Failed saving team to DB', 500);
|
||||
}
|
||||
|
||||
if ($mode !== APP_MODE_ADMIN) { // Don't add user on server mode
|
||||
if ($mode !== APP_MODE_ADMIN && $user->getUid()) { // Don't add user on server mode
|
||||
$membership = new Document([
|
||||
'$collection' => Database::SYSTEM_COLLECTION_MEMBERSHIPS,
|
||||
'$permissions' => [
|
||||
|
@ -260,7 +260,7 @@ $utopia->post('/v1/teams/:teamId/memberships')
|
|||
'tokens' => [],
|
||||
]);
|
||||
|
||||
Authorization::enable();
|
||||
Authorization::reset();
|
||||
|
||||
if (false === $invitee) {
|
||||
throw new Exception('Failed saving user to DB', 500);
|
||||
|
@ -440,7 +440,7 @@ $utopia->patch('/v1/teams/:teamId/memberships/:inviteId/status')
|
|||
|
||||
$team = $projectDB->getDocument($teamId);
|
||||
|
||||
Authorization::enable();
|
||||
Authorization::reset();
|
||||
|
||||
if (empty($team->getUid()) || Database::SYSTEM_COLLECTION_TEAMS != $team->getCollection()) {
|
||||
throw new Exception('Team not found', 404);
|
||||
|
@ -507,7 +507,7 @@ $utopia->patch('/v1/teams/:teamId/memberships/:inviteId/status')
|
|||
'sum' => $team->getAttribute('sum', 0) + 1,
|
||||
]));
|
||||
|
||||
Authorization::enable();
|
||||
Authorization::reset();
|
||||
|
||||
if (false === $team) {
|
||||
throw new Exception('Failed saving team to DB', 500);
|
||||
|
|
|
@ -113,7 +113,25 @@ class Authorization extends Validator
|
|||
public static $status = true;
|
||||
|
||||
/**
|
||||
* Default value in case we need
|
||||
* to reset Authorization status
|
||||
*
|
||||
* @var bool
|
||||
*/
|
||||
public static $statusDefault = true;
|
||||
|
||||
/**
|
||||
* Change default status.
|
||||
* This will be used for the
|
||||
* value set on the self::reset() method
|
||||
*/
|
||||
public static function setDefaultStatus($status) {
|
||||
self::$statusDefault = $status;
|
||||
self::$status = $status;
|
||||
}
|
||||
|
||||
/**
|
||||
* Enable Authorization checks
|
||||
*/
|
||||
public static function enable()
|
||||
{
|
||||
|
@ -121,10 +139,18 @@ class Authorization extends Validator
|
|||
}
|
||||
|
||||
/**
|
||||
*
|
||||
* Disable Authorization checks
|
||||
*/
|
||||
public static function disable()
|
||||
{
|
||||
self::$status = false;
|
||||
}
|
||||
|
||||
/**
|
||||
* Disable Authorization checks
|
||||
*/
|
||||
public static function reset()
|
||||
{
|
||||
self::$status = self::$statusDefault;
|
||||
}
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue