From c0265fee8bee3cd2151826080d34a3f52f62d990 Mon Sep 17 00:00:00 2001
From: Damodar Lohani <dlohani48@gmail.com>
Date: Sun, 1 Aug 2021 14:39:26 +0545
Subject: [PATCH] hot fix api issue

---
 app/controllers/api/projects.php   | 8 ++++++++
 app/views/console/home/index.phtml | 1 +
 2 files changed, 9 insertions(+)

diff --git a/app/controllers/api/projects.php b/app/controllers/api/projects.php
index 2bac0efb8..bc4e5a6b1 100644
--- a/app/controllers/api/projects.php
+++ b/app/controllers/api/projects.php
@@ -21,6 +21,14 @@ use Appwrite\Network\Validator\Domain as DomainValidator;
 use Appwrite\Utopia\Response;
 use Cron\CronExpression;
 
+App::init(function ($project) {
+    /** @var Utopia\Database\Document $project */
+
+    if($project->getId() !== 'console') {
+        throw new Exception('Access to this API is forbidden.', 401);
+    }
+}, ['project'], 'projects');
+
 App::post('/v1/projects')
     ->desc('Create Project')
     ->groups(['api', 'projects'])
diff --git a/app/views/console/home/index.phtml b/app/views/console/home/index.phtml
index 021cf8992..2342a2af2 100644
--- a/app/views/console/home/index.phtml
+++ b/app/views/console/home/index.phtml
@@ -79,6 +79,7 @@ $usageStatsEnabled = $this->getParam('usageStatsEnabled',true);
     <div
         data-service="projects.getUsage"
         data-event="load"
+        data-scope="console"
         data-name="usage"
         data-param-project-id="{{router.params.project}}"
         data-param-range="30d">