From f54b6b2ebc7e9d68d0a3caeb7273c9db028e3c3b Mon Sep 17 00:00:00 2001 From: Jake Barnby Date: Mon, 29 Aug 2022 22:25:00 +1200 Subject: [PATCH] Allowed permissions console params opt in instead of out --- app/controllers/web/console.php | 29 ++++++++++--------- .../console/comps/permissions-matrix.phtml | 2 +- 2 files changed, 16 insertions(+), 15 deletions(-) diff --git a/app/controllers/web/console.php b/app/controllers/web/console.php index dce5f402a0..53a5b0a111 100644 --- a/app/controllers/web/console.php +++ b/app/controllers/web/console.php @@ -330,7 +330,6 @@ App::get('/console/databases/document') ->action(function (string $databaseId, string $collection, View $layout) { $logs = new View(__DIR__ . '/../../views/console/comps/logs.phtml'); - $logs ->setParam('interval', App::getEnv('_APP_MAINTENANCE_RETENTION_AUDIT', 0)) ->setParam('method', 'databases.listDocumentLogs') @@ -342,16 +341,16 @@ App::get('/console/databases/document') ; $permissions = new View(__DIR__ . '/../../views/console/comps/permissions-matrix.phtml'); - $permissions ->setParam('method', 'databases.getDocument') ->setParam('events', 'load,databases.updateDocument') ->setParam('form', 'documentPermissions') ->setParam('data', 'project-document') - ->setParam('permissions', \array_filter( - Database::PERMISSIONS, - fn ($perm) => $perm != Database::PERMISSION_CREATE - )) + ->setParam('permissions', [ + Database::PERMISSION_READ, + Database::PERMISSION_UPDATE, + Database::PERMISSION_DELETE, + ]) ->setParam('params', [ 'collection-id' => '{{router.params.collection}}', 'database-id' => '{{router.params.databaseId}}', @@ -453,20 +452,22 @@ App::get('/console/storage/bucket') $fileCreatePermissions = new View(__DIR__ . '/../../views/console/comps/permissions-matrix.phtml'); $fileCreatePermissions ->setParam('form', 'fileCreatePermissions') - ->setParam('permissions', \array_filter( - Database::PERMISSIONS, - fn ($perm) => $perm != Database::PERMISSION_CREATE - )); + ->setParam('permissions', [ + Database::PERMISSION_READ, + Database::PERMISSION_UPDATE, + Database::PERMISSION_DELETE, + ]); $fileUpdatePermissions = new View(__DIR__ . '/../../views/console/comps/permissions-matrix.phtml'); $fileUpdatePermissions ->setParam('method', 'storage.getFile') ->setParam('data', 'file') ->setParam('form', 'fileUpdatePermissions') - ->setParam('permissions', \array_filter( - Database::PERMISSIONS, - fn ($perm) => $perm != Database::PERMISSION_CREATE - )) + ->setParam('permissions', [ + Database::PERMISSION_READ, + Database::PERMISSION_UPDATE, + Database::PERMISSION_DELETE, + ]) ->setParam('params', [ 'bucket-id' => '{{router.params.id}}', ]); diff --git a/app/views/console/comps/permissions-matrix.phtml b/app/views/console/comps/permissions-matrix.phtml index 0ddc45331c..d3d937da7f 100644 --- a/app/views/console/comps/permissions-matrix.phtml +++ b/app/views/console/comps/permissions-matrix.phtml @@ -7,7 +7,7 @@ $params = $this->getParam('params', []); $events = $this->getParam('events', ''); $permissions = $this->getParam('permissions', Database::PERMISSIONS); $data = $this->getParam('data', ''); -$form = $this->getParam('form', 'form'); +$form = $this->getParam('form'); $escapedPermissions = \array_map(function ($perm) { // Alpine won't bind to a parameter named delete