Fix VCS + migrations scopes

2024-06-01 18:39:57 +12:00 · 2023-08-30 14:44:33 -04:00 · 2023-08-30 14:44:33 -04:00 · fc3ff188b1
parent e82c22ac1e
commit fc3ff188b1
11 changed files with 42 additions and 16 deletions
--- a/.gitmodules
+++ b/.gitmodules
@ -1,4 +1,4 @@
 [submodule "app/console"]
 	path = app/console
 	url = https://github.com/appwrite/console
-	branch = 3.0.1
+	branch = 3.0.2
--- a/app/config/roles.php
+++ b/app/config/roles.php
@ -57,6 +57,9 @@ $admins = [
    'rules.write',
    'migrations.read',
    'migrations.write',
+    'vcs.read',
+    'vcs.write',
+    'assistant.read',
 ];

 return [
--- a/app/config/scopes.php
+++ b/app/config/scopes.php
@ -87,5 +87,14 @@ return [ // List of publicly visible scopes
    ],
    'migrations.write' => [
        'description' => 'Access to create, update, and delete your project\'s migrations.',
-    ]
+    ],
+    'vcs.read' => [
+        'description' => 'Access to read your project\'s VCS repositories',
+    ],
+    'vcs.write' => [
+        'description' => 'Access to create, update, and delete your project\'s VCS repositories',
+    ],
+    'assistant.read' => [
+        'description' => 'Access to read the Assistant service',
+    ],
 ];
--- a/app/config/specs/open-api3-1.4.x-console.json
+++ b/app/config/specs/open-api3-1.4.x-console.json
--- a/app/config/specs/open-api3-latest-console.json
+++ b/app/config/specs/open-api3-latest-console.json
--- a/app/config/specs/swagger2-1.4.x-console.json
+++ b/app/config/specs/swagger2-1.4.x-console.json
--- a/app/config/specs/swagger2-latest-console.json
+++ b/app/config/specs/swagger2-latest-console.json
--- a/app/console
+++ b/app/console
@ -1 +1 @@
-Subproject commit bfd14ef923e57938639e95e5ab32e68d49e24407
+Subproject commit 88b6d59051992ed86183ee83d77bf678d1cb73bf
--- a/app/controllers/api/console.php
+++ b/app/controllers/api/console.php
@ -58,6 +58,7 @@ App::get('/v1/console/variables')
 App::post('/v1/console/assistant')
    ->desc('Ask Query')
    ->groups(['api', 'assistant'])
+    ->label('scope', 'assistant.read')
    ->label('sdk.auth', [APP_AUTH_TYPE_ADMIN])
    ->label('sdk.namespace', 'assistant')
    ->label('sdk.method', 'chat')
--- a/app/controllers/api/migrations.php
+++ b/app/controllers/api/migrations.php
@ -580,7 +580,7 @@ App::get('/v1/migrations/firebase/report/oauth')
 App::get('/v1/migrations/firebase/connect')
    ->desc('Authorize with firebase')
    ->groups(['api', 'migrations'])
-    ->label('origin', '*')
+    ->label('scope', 'migrations.read')
    ->label('sdk.auth', [APP_AUTH_TYPE_ADMIN])
    ->label('sdk.namespace', 'migrations')
    ->label('sdk.method', 'createFirebaseAuth')
@ -622,6 +622,7 @@ App::get('/v1/migrations/firebase/connect')
 App::get('/v1/migrations/firebase/redirect')
    ->desc('Capture and receive data on Firebase authorization')
    ->groups(['api', 'migrations'])
+    ->label('scope', 'public')
    ->label('error', __DIR__ . '/../../views/general/error.phtml')
    ->param('code', '', new Text(2048), 'OAuth2 code. This is a temporary code that the will be later exchanged for an access token.', true)
    ->inject('user')
@ -733,6 +734,7 @@ App::get('/v1/migrations/firebase/redirect')
 App::get('/v1/migrations/firebase/projects')
    ->desc('List Firebase Projects')
    ->groups(['api', 'migrations'])
+    ->label('scope', 'migrations.read')
    ->label('sdk.auth', [APP_AUTH_TYPE_ADMIN])
    ->label('sdk.namespace', 'migrations')
    ->label('sdk.method', 'listFirebaseProjects')
@ -821,6 +823,7 @@ App::get('/v1/migrations/firebase/projects')
 App::get('/v1/migrations/firebase/deauthorize')
    ->desc('Revoke Appwrite\'s authorization to access Firebase Projects')
    ->groups(['api', 'migrations'])
+    ->label('scope', 'migrations.write')
    ->label('sdk.auth', [APP_AUTH_TYPE_ADMIN])
    ->label('sdk.namespace', 'migrations')
    ->label('sdk.method', 'deleteFirebaseAuth')
--- a/app/controllers/api/vcs.php
+++ b/app/controllers/api/vcs.php
@ -226,8 +226,7 @@ $createGitDeployments = function (GitHub $github, string $providerInstallationId
 App::get('/v1/vcs/github/authorize')
    ->desc('Install GitHub App')
    ->groups(['api', 'vcs'])
-    ->label('origin', '*')
-    ->label('sdk.auth', [])
+    ->label('scope', 'vcs.read')
    ->label('sdk.namespace', 'vcs')
    ->label('sdk.auth', [APP_AUTH_TYPE_ADMIN])
    ->label('sdk.method', 'createGitHubInstallation')
@ -238,12 +237,12 @@ App::get('/v1/vcs/github/authorize')
    ->label('sdk.hide', true)
    ->param('success', '', fn ($clients) => new Host($clients), 'URL to redirect back to console after a successful installation attempt.', true, ['clients'])
    ->param('failure', '', fn ($clients) => new Host($clients), 'URL to redirect back to console after a failed installation attempt.', true, ['clients'])
-    ->param('projectId', '', new UID(), 'Project ID')
    ->inject('request')
    ->inject('response')
-    ->action(function (string $success, string $failure, string $projectId, Request $request, Response $response) {
+    ->inject('project')
+    ->action(function (string $success, string $failure, Request $request, Response $response, Document $project) {
        $state = \json_encode([
-            'projectId' => $projectId,
+            'projectId' => $project->getId(),
            'success' => $success,
            'failure' => $failure,
        ]);
@ -263,6 +262,7 @@ App::get('/v1/vcs/github/authorize')
 App::get('/v1/vcs/github/callback')
    ->desc('Capture installation and authorization from GitHub App')
    ->groups(['api', 'vcs'])
+    ->label('scope', 'public')
    ->label('error', __DIR__ . '/../../views/general/error.phtml')
    ->param('installation_id', '', new Text(256, 0), 'GitHub installation ID', true)
    ->param('setup_action', '', new Text(256, 0), 'GitHub setup actuon type', true)
@ -422,6 +422,7 @@ App::get('/v1/vcs/github/callback')
 App::post('/v1/vcs/github/installations/:installationId/providerRepositories/:providerRepositoryId/detection')
    ->desc('Detect runtime settings from source code')
    ->groups(['api', 'vcs'])
+    ->label('scope', 'vcs.write')
    ->label('sdk.namespace', 'vcs')
    ->label('sdk.auth', [APP_AUTH_TYPE_ADMIN])
    ->label('sdk.method', 'createRepositoryDetection')
@ -488,6 +489,7 @@ App::post('/v1/vcs/github/installations/:installationId/providerRepositories/:pr
 App::get('/v1/vcs/github/installations/:installationId/providerRepositories')
    ->desc('List Repositories')
    ->groups(['api', 'vcs'])
+    ->label('scope', 'vcs.read')
    ->label('sdk.namespace', 'vcs')
    ->label('sdk.auth', [APP_AUTH_TYPE_ADMIN])
    ->label('sdk.method', 'listRepositories')
@ -580,6 +582,7 @@ App::get('/v1/vcs/github/installations/:installationId/providerRepositories')
 App::post('/v1/vcs/github/installations/:installationId/providerRepositories')
    ->desc('Create repository')
    ->groups(['api', 'vcs'])
+    ->label('scope', 'vcs.write')
    ->label('sdk.namespace', 'vcs')
    ->label('sdk.auth', [APP_AUTH_TYPE_ADMIN])
    ->label('sdk.method', 'createRepository')
@ -680,6 +683,7 @@ App::post('/v1/vcs/github/installations/:installationId/providerRepositories')
 App::get('/v1/vcs/github/installations/:installationId/providerRepositories/:providerRepositoryId')
    ->desc('Get repository')
    ->groups(['api', 'vcs'])
+    ->label('scope', 'vcs.read')
    ->label('sdk.namespace', 'vcs')
    ->label('sdk.auth', [APP_AUTH_TYPE_ADMIN])
    ->label('sdk.method', 'getRepository')
@ -725,6 +729,7 @@ App::get('/v1/vcs/github/installations/:installationId/providerRepositories/:pro
 App::get('/v1/vcs/github/installations/:installationId/providerRepositories/:providerRepositoryId/branches')
    ->desc('List Repository Branches')
    ->groups(['api', 'vcs'])
+    ->label('scope', 'vcs.read')
    ->label('sdk.namespace', 'vcs')
    ->label('sdk.auth', [APP_AUTH_TYPE_ADMIN])
    ->label('sdk.method', 'listRepositoryBranches')
@ -770,6 +775,7 @@ App::get('/v1/vcs/github/installations/:installationId/providerRepositories/:pro
 App::post('/v1/vcs/github/events')
    ->desc('Create Event')
    ->groups(['api', 'vcs'])
+    ->label('scope', 'public')
    ->inject('gitHub')
    ->inject('request')
    ->inject('response')
@ -905,8 +911,9 @@ App::post('/v1/vcs/github/events')
    );

 App::get('/v1/vcs/installations')
-    ->groups(['api', 'vcs'])
    ->desc('List installations')
+    ->groups(['api', 'vcs'])
+    ->label('scope', 'vcs.read')
    ->label('sdk.namespace', 'vcs')
    ->label('sdk.auth', [APP_AUTH_TYPE_ADMIN])
    ->label('sdk.method', 'listInstallations')
@ -956,8 +963,9 @@ App::get('/v1/vcs/installations')
    });

 App::get('/v1/vcs/installations/:installationId')
-    ->groups(['api', 'vcs'])
    ->desc('Get installation')
+    ->groups(['api', 'vcs'])
+    ->label('scope', 'vcs.read')
    ->label('sdk.namespace', 'vcs')
    ->label('sdk.auth', [APP_AUTH_TYPE_ADMIN])
    ->label('sdk.method', 'getInstallation')
@ -984,8 +992,9 @@ App::get('/v1/vcs/installations/:installationId')
    });

 App::delete('/v1/vcs/installations/:installationId')
-    ->groups(['api', 'vcs'])
    ->desc('Delete Installation')
+    ->groups(['api', 'vcs'])
+    ->label('scope', 'vcs.write')
    ->label('sdk.namespace', 'vcs')
    ->label('sdk.auth', [APP_AUTH_TYPE_ADMIN])
    ->label('sdk.method', 'deleteInstallation')
@ -1018,6 +1027,7 @@ App::delete('/v1/vcs/installations/:installationId')
 App::patch('/v1/vcs/github/installations/:installationId/repositories/:repositoryId')
    ->desc('Authorize external deployment')
    ->groups(['api', 'vcs'])
+    ->label('scope', 'vcs.write')
    ->label('sdk.namespace', 'vcs')
    ->label('sdk.auth', [APP_AUTH_TYPE_ADMIN])
    ->label('sdk.method', 'updateExternalDeployments')