Allowed permissions console params opt in instead of out
This commit is contained in:
parent
47db8f5bf1
commit
f54b6b2ebc
|
@ -330,7 +330,6 @@ App::get('/console/databases/document')
|
||||||
->action(function (string $databaseId, string $collection, View $layout) {
|
->action(function (string $databaseId, string $collection, View $layout) {
|
||||||
|
|
||||||
$logs = new View(__DIR__ . '/../../views/console/comps/logs.phtml');
|
$logs = new View(__DIR__ . '/../../views/console/comps/logs.phtml');
|
||||||
|
|
||||||
$logs
|
$logs
|
||||||
->setParam('interval', App::getEnv('_APP_MAINTENANCE_RETENTION_AUDIT', 0))
|
->setParam('interval', App::getEnv('_APP_MAINTENANCE_RETENTION_AUDIT', 0))
|
||||||
->setParam('method', 'databases.listDocumentLogs')
|
->setParam('method', 'databases.listDocumentLogs')
|
||||||
|
@ -342,16 +341,16 @@ App::get('/console/databases/document')
|
||||||
;
|
;
|
||||||
|
|
||||||
$permissions = new View(__DIR__ . '/../../views/console/comps/permissions-matrix.phtml');
|
$permissions = new View(__DIR__ . '/../../views/console/comps/permissions-matrix.phtml');
|
||||||
|
|
||||||
$permissions
|
$permissions
|
||||||
->setParam('method', 'databases.getDocument')
|
->setParam('method', 'databases.getDocument')
|
||||||
->setParam('events', 'load,databases.updateDocument')
|
->setParam('events', 'load,databases.updateDocument')
|
||||||
->setParam('form', 'documentPermissions')
|
->setParam('form', 'documentPermissions')
|
||||||
->setParam('data', 'project-document')
|
->setParam('data', 'project-document')
|
||||||
->setParam('permissions', \array_filter(
|
->setParam('permissions', [
|
||||||
Database::PERMISSIONS,
|
Database::PERMISSION_READ,
|
||||||
fn ($perm) => $perm != Database::PERMISSION_CREATE
|
Database::PERMISSION_UPDATE,
|
||||||
))
|
Database::PERMISSION_DELETE,
|
||||||
|
])
|
||||||
->setParam('params', [
|
->setParam('params', [
|
||||||
'collection-id' => '{{router.params.collection}}',
|
'collection-id' => '{{router.params.collection}}',
|
||||||
'database-id' => '{{router.params.databaseId}}',
|
'database-id' => '{{router.params.databaseId}}',
|
||||||
|
@ -453,20 +452,22 @@ App::get('/console/storage/bucket')
|
||||||
$fileCreatePermissions = new View(__DIR__ . '/../../views/console/comps/permissions-matrix.phtml');
|
$fileCreatePermissions = new View(__DIR__ . '/../../views/console/comps/permissions-matrix.phtml');
|
||||||
$fileCreatePermissions
|
$fileCreatePermissions
|
||||||
->setParam('form', 'fileCreatePermissions')
|
->setParam('form', 'fileCreatePermissions')
|
||||||
->setParam('permissions', \array_filter(
|
->setParam('permissions', [
|
||||||
Database::PERMISSIONS,
|
Database::PERMISSION_READ,
|
||||||
fn ($perm) => $perm != Database::PERMISSION_CREATE
|
Database::PERMISSION_UPDATE,
|
||||||
));
|
Database::PERMISSION_DELETE,
|
||||||
|
]);
|
||||||
|
|
||||||
$fileUpdatePermissions = new View(__DIR__ . '/../../views/console/comps/permissions-matrix.phtml');
|
$fileUpdatePermissions = new View(__DIR__ . '/../../views/console/comps/permissions-matrix.phtml');
|
||||||
$fileUpdatePermissions
|
$fileUpdatePermissions
|
||||||
->setParam('method', 'storage.getFile')
|
->setParam('method', 'storage.getFile')
|
||||||
->setParam('data', 'file')
|
->setParam('data', 'file')
|
||||||
->setParam('form', 'fileUpdatePermissions')
|
->setParam('form', 'fileUpdatePermissions')
|
||||||
->setParam('permissions', \array_filter(
|
->setParam('permissions', [
|
||||||
Database::PERMISSIONS,
|
Database::PERMISSION_READ,
|
||||||
fn ($perm) => $perm != Database::PERMISSION_CREATE
|
Database::PERMISSION_UPDATE,
|
||||||
))
|
Database::PERMISSION_DELETE,
|
||||||
|
])
|
||||||
->setParam('params', [
|
->setParam('params', [
|
||||||
'bucket-id' => '{{router.params.id}}',
|
'bucket-id' => '{{router.params.id}}',
|
||||||
]);
|
]);
|
||||||
|
|
|
@ -7,7 +7,7 @@ $params = $this->getParam('params', []);
|
||||||
$events = $this->getParam('events', '');
|
$events = $this->getParam('events', '');
|
||||||
$permissions = $this->getParam('permissions', Database::PERMISSIONS);
|
$permissions = $this->getParam('permissions', Database::PERMISSIONS);
|
||||||
$data = $this->getParam('data', '');
|
$data = $this->getParam('data', '');
|
||||||
$form = $this->getParam('form', 'form');
|
$form = $this->getParam('form');
|
||||||
|
|
||||||
$escapedPermissions = \array_map(function ($perm) {
|
$escapedPermissions = \array_map(function ($perm) {
|
||||||
// Alpine won't bind to a parameter named delete
|
// Alpine won't bind to a parameter named delete
|
||||||
|
|
Loading…
Reference in a new issue