From af0d689aff93410383715b07741550707fb10853 Mon Sep 17 00:00:00 2001 From: loks0n <22452787+loks0n@users.noreply.github.com> Date: Tue, 31 Oct 2023 15:05:02 +0000 Subject: [PATCH] feat: `sessions` scope --- app/config/roles.php | 4 +++- app/controllers/api/account.php | 22 +++++++++++----------- 2 files changed, 14 insertions(+), 12 deletions(-) diff --git a/app/config/roles.php b/app/config/roles.php index 846d529f9a..fd30c82877 100644 --- a/app/config/roles.php +++ b/app/config/roles.php @@ -8,6 +8,7 @@ $member = [ 'home', 'console', 'graphql', + 'sessions', 'account', 'teams.read', 'teams.write', @@ -71,6 +72,7 @@ return [ 'home', 'console', 'graphql', + 'sessions', 'documents.read', 'documents.write', 'files.read', @@ -98,6 +100,6 @@ return [ ], Auth::USER_ROLE_APPS => [ 'label' => 'Applications', - 'scopes' => ['global', 'public', 'health.read', 'graphql'], + 'scopes' => ['global', 'sessions', 'health.read', 'graphql'], ], ]; diff --git a/app/controllers/api/account.php b/app/controllers/api/account.php index 0affc8fa9f..d8f1bd6250 100644 --- a/app/controllers/api/account.php +++ b/app/controllers/api/account.php @@ -53,7 +53,7 @@ App::post('/v1/account') ->desc('Create account') ->groups(['api', 'account', 'auth']) ->label('event', 'users.[userId].create') - ->label('scope', 'public') + ->label('scope', 'sessions') ->label('auth.type', 'emailPassword') ->label('audits.event', 'user.create') ->label('audits.resource', 'user/{response.$id}') @@ -169,7 +169,7 @@ App::post('/v1/account/sessions/email') ->desc('Create email session') ->groups(['api', 'account', 'auth', 'session']) ->label('event', 'users.[userId].sessions.[sessionId].create') - ->label('scope', 'public') + ->label('scope', 'sessions') ->label('auth.type', 'emailPassword') ->label('audits.event', 'session.create') ->label('audits.resource', 'user/{response.userId}') @@ -293,7 +293,7 @@ App::get('/v1/account/sessions/oauth2/:provider') ->desc('Create OAuth2 session') ->groups(['api', 'account']) ->label('error', __DIR__ . '/../../views/general/error.phtml') - ->label('scope', 'public') + ->label('scope', 'sessions') ->label('sdk.auth', []) ->label('sdk.namespace', 'account') ->label('sdk.method', 'createOAuth2Session') @@ -900,7 +900,7 @@ App::delete('/v1/account/identities/:identityId') App::post('/v1/account/sessions/magic-url') ->desc('Create magic URL session') ->groups(['api', 'account']) - ->label('scope', 'public') + ->label('scope', 'sessions') ->label('auth.type', 'magic-url') ->label('audits.event', 'session.create') ->label('audits.resource', 'user/{response.userId}') @@ -1116,7 +1116,7 @@ App::put('/v1/account/sessions/token') ->alias('/v1/account/sessions/phone') ->desc('Update token session') ->groups(['api', 'account']) - ->label('scope', 'public') + ->label('scope', 'sessions') ->label('auth.type', 'token') ->label('audits.event', 'session.create') ->label('audits.resource', 'user/{response.userId}') @@ -1240,7 +1240,7 @@ App::put('/v1/account/sessions/token') App::post('/v1/account/sessions/phone') ->desc('Create phone session') ->groups(['api', 'account']) - ->label('scope', 'public') + ->label('scope', 'sessions') ->label('auth.type', 'phone') ->label('audits.event', 'session.create') ->label('audits.resource', 'user/{response.userId}') @@ -1377,7 +1377,7 @@ App::post('/v1/account/sessions/anonymous') ->desc('Create anonymous session') ->groups(['api', 'account', 'auth', 'session']) ->label('event', 'users.[userId].sessions.[sessionId].create') - ->label('scope', 'public') + ->label('scope', 'sessions') ->label('auth.type', 'anonymous') ->label('audits.event', 'session.create') ->label('audits.resource', 'user/{response.userId}') @@ -2284,7 +2284,7 @@ App::delete('/v1/account/sessions') App::post('/v1/account/recovery') ->desc('Create password recovery') ->groups(['api', 'account']) - ->label('scope', 'public') + ->label('scope', 'sessions') ->label('event', 'users.[userId].recovery.[tokenId].create') ->label('audits.event', 'recovery.create') ->label('audits.resource', 'user/{response.userId}') @@ -2462,7 +2462,7 @@ App::post('/v1/account/recovery') App::put('/v1/account/recovery') ->desc('Create password recovery (confirmation)') ->groups(['api', 'account']) - ->label('scope', 'public') + ->label('scope', 'sessions') ->label('event', 'users.[userId].recovery.[tokenId].update') ->label('audits.event', 'recovery.update') ->label('audits.resource', 'user/{response.userId}') @@ -2707,7 +2707,7 @@ App::post('/v1/account/verification') App::put('/v1/account/verification') ->desc('Create email verification (confirmation)') ->groups(['api', 'account']) - ->label('scope', 'public') + ->label('scope', 'sessions') ->label('event', 'users.[userId].verification.[tokenId].update') ->label('audits.event', 'verification.update') ->label('audits.resource', 'user/{response.userId}') @@ -2864,7 +2864,7 @@ App::post('/v1/account/verification/phone') App::put('/v1/account/verification/phone') ->desc('Create phone verification (confirmation)') ->groups(['api', 'account']) - ->label('scope', 'public') + ->label('scope', 'sessions') ->label('event', 'users.[userId].verification.[tokenId].update') ->label('audits.event', 'verification.update') ->label('audits.resource', 'user/{response.userId}')