CodeMirror/appwrite
1
0
Fork 0
mirror of synced 2024-07-03 21:50:34 +12:00
Code Issues Projects Releases Wiki Activity

Allowed permissions console params opt in instead of out

Browse source
This commit is contained in:
Jake Barnby 2022-08-29 22:25:00 +12:00
parent 47db8f5bf1
commit f54b6b2ebc
No known key found for this signature in database
GPG key ID: C437A8CC85B96E9C
2 changed files with 16 additions and 15 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

29
app/controllers/web/console.php
View file

@ -330,7 +330,6 @@ App::get('/console/databases/document')
->action(function (string $databaseId, string $collection, View $layout) { ->action(function (string $databaseId, string $collection, View $layout) {
$logs = new View(__DIR__ . '/../../views/console/comps/logs.phtml'); $logs = new View(__DIR__ . '/../../views/console/comps/logs.phtml');
$logs $logs
->setParam('interval', App::getEnv('_APP_MAINTENANCE_RETENTION_AUDIT', 0)) ->setParam('interval', App::getEnv('_APP_MAINTENANCE_RETENTION_AUDIT', 0))
->setParam('method', 'databases.listDocumentLogs') ->setParam('method', 'databases.listDocumentLogs')
@ -342,16 +341,16 @@ App::get('/console/databases/document')
; ;
$permissions = new View(__DIR__ . '/../../views/console/comps/permissions-matrix.phtml'); $permissions = new View(__DIR__ . '/../../views/console/comps/permissions-matrix.phtml');
$permissions $permissions
->setParam('method', 'databases.getDocument') ->setParam('method', 'databases.getDocument')
->setParam('events', 'load,databases.updateDocument') ->setParam('events', 'load,databases.updateDocument')
->setParam('form', 'documentPermissions') ->setParam('form', 'documentPermissions')
->setParam('data', 'project-document') ->setParam('data', 'project-document')
->setParam('permissions', \array_filter( ->setParam('permissions', [
Database::PERMISSIONS, Database::PERMISSION_READ,
fn ($perm) => $perm != Database::PERMISSION_CREATE Database::PERMISSION_UPDATE,
)) Database::PERMISSION_DELETE,
])
->setParam('params', [ ->setParam('params', [
'collection-id' => '{{router.params.collection}}', 'collection-id' => '{{router.params.collection}}',
'database-id' => '{{router.params.databaseId}}', 'database-id' => '{{router.params.databaseId}}',
@ -453,20 +452,22 @@ App::get('/console/storage/bucket')
$fileCreatePermissions = new View(__DIR__ . '/../../views/console/comps/permissions-matrix.phtml'); $fileCreatePermissions = new View(__DIR__ . '/../../views/console/comps/permissions-matrix.phtml');
$fileCreatePermissions $fileCreatePermissions
->setParam('form', 'fileCreatePermissions') ->setParam('form', 'fileCreatePermissions')
->setParam('permissions', \array_filter( ->setParam('permissions', [
Database::PERMISSIONS, Database::PERMISSION_READ,
fn ($perm) => $perm != Database::PERMISSION_CREATE Database::PERMISSION_UPDATE,
)); Database::PERMISSION_DELETE,
]);
$fileUpdatePermissions = new View(__DIR__ . '/../../views/console/comps/permissions-matrix.phtml'); $fileUpdatePermissions = new View(__DIR__ . '/../../views/console/comps/permissions-matrix.phtml');
$fileUpdatePermissions $fileUpdatePermissions
->setParam('method', 'storage.getFile') ->setParam('method', 'storage.getFile')
->setParam('data', 'file') ->setParam('data', 'file')
->setParam('form', 'fileUpdatePermissions') ->setParam('form', 'fileUpdatePermissions')
->setParam('permissions', \array_filter( ->setParam('permissions', [
Database::PERMISSIONS, Database::PERMISSION_READ,
fn ($perm) => $perm != Database::PERMISSION_CREATE Database::PERMISSION_UPDATE,
)) Database::PERMISSION_DELETE,
])
->setParam('params', [ ->setParam('params', [
'bucket-id' => '{{router.params.id}}', 'bucket-id' => '{{router.params.id}}',
]); ]);

2
app/views/console/comps/permissions-matrix.phtml
View file

@ -7,7 +7,7 @@ $params = $this->getParam('params', []);
$events = $this->getParam('events', ''); $events = $this->getParam('events', '');
$permissions = $this->getParam('permissions', Database::PERMISSIONS); $permissions = $this->getParam('permissions', Database::PERMISSIONS);
$data = $this->getParam('data', ''); $data = $this->getParam('data', '');
$form = $this->getParam('form', 'form'); $form = $this->getParam('form');
$escapedPermissions = \array_map(function ($perm) { $escapedPermissions = \array_map(function ($perm) {
// Alpine won't bind to a parameter named delete // Alpine won't bind to a parameter named delete