Elgato_dark/appwrite
1
0
Fork 0
mirror of https://github.com/appwrite/appwrite synced 2026-05-17 05:58:31 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

Merge pull request #6071 from appwrite/fix-scopes

Browse source 
Fix scopes
This commit is contained in:
Jake Barnby 2023-08-30 15:31:57 -04:00 committed by GitHub
commit 85e8e2045f
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
12 changed files with 43 additions and 17 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
.gitmodules vendored
View file

@ -1,4 +1,4 @@
[submodule "app/console"]
path = app/console
url = https://github.com/appwrite/console
branch = 3.0.1
branch = 3.0.2

3
app/config/roles.php
View file

@ -57,6 +57,9 @@ $admins = [
'rules.write',
'migrations.read',
'migrations.write',
'vcs.read',
'vcs.write',
'assistant.read',
];
return [

11
app/config/scopes.php
View file

@ -87,5 +87,14 @@ return [ // List of publicly visible scopes
],
'migrations.write' => [
'description' => 'Access to create, update, and delete your project\'s migrations.',
]
],
'vcs.read' => [
'description' => 'Access to read your project\'s VCS repositories',
],
'vcs.write' => [
'description' => 'Access to create, update, and delete your project\'s VCS repositories',
],
'assistant.read' => [
'description' => 'Access to read the Assistant service',
],
];

2
app/config/specs/open-api3-1.4.x-console.json
View file

File diff suppressed because one or more lines are too long

2
app/config/specs/open-api3-latest-console.json
View file

File diff suppressed because one or more lines are too long

2
app/config/specs/swagger2-1.4.x-console.json
View file

File diff suppressed because one or more lines are too long

2
app/config/specs/swagger2-latest-console.json
View file

File diff suppressed because one or more lines are too long

2
app/console

@ -1 +1 @@
Subproject commit bfd14ef923e57938639e95e5ab32e68d49e24407
Subproject commit 88b6d59051992ed86183ee83d77bf678d1cb73bf

1
app/controllers/api/console.php
View file

@ -58,6 +58,7 @@ App::get('/v1/console/variables')
App::post('/v1/console/assistant')
->desc('Ask Query')
->groups(['api', 'assistant'])
->label('scope', 'assistant.read')
->label('sdk.auth', [APP_AUTH_TYPE_ADMIN])
->label('sdk.namespace', 'assistant')
->label('sdk.method', 'chat')

5
app/controllers/api/migrations.php
View file

@ -580,7 +580,7 @@ App::get('/v1/migrations/firebase/report/oauth')
App::get('/v1/migrations/firebase/connect')
->desc('Authorize with firebase')
->groups(['api', 'migrations'])
->label('origin', '*')
->label('scope', 'migrations.read')
->label('sdk.auth', [APP_AUTH_TYPE_ADMIN])
->label('sdk.namespace', 'migrations')
->label('sdk.method', 'createFirebaseAuth')
@ -622,6 +622,7 @@ App::get('/v1/migrations/firebase/connect')
App::get('/v1/migrations/firebase/redirect')
->desc('Capture and receive data on Firebase authorization')
->groups(['api', 'migrations'])
->label('scope', 'public')
->label('error', __DIR__ . '/../../views/general/error.phtml')
->param('code', '', new Text(2048), 'OAuth2 code. This is a temporary code that the will be later exchanged for an access token.', true)
->inject('user')
@ -733,6 +734,7 @@ App::get('/v1/migrations/firebase/redirect')
App::get('/v1/migrations/firebase/projects')
->desc('List Firebase Projects')
->groups(['api', 'migrations'])
->label('scope', 'migrations.read')
->label('sdk.auth', [APP_AUTH_TYPE_ADMIN])
->label('sdk.namespace', 'migrations')
->label('sdk.method', 'listFirebaseProjects')
@ -821,6 +823,7 @@ App::get('/v1/migrations/firebase/projects')
App::get('/v1/migrations/firebase/deauthorize')
->desc('Revoke Appwrite\'s authorization to access Firebase Projects')
->groups(['api', 'migrations'])
->label('scope', 'migrations.write')
->label('sdk.auth', [APP_AUTH_TYPE_ADMIN])
->label('sdk.namespace', 'migrations')
->label('sdk.method', 'deleteFirebaseAuth')

26
app/controllers/api/vcs.php
View file

@ -226,8 +226,7 @@ $createGitDeployments = function (GitHub $github, string $providerInstallationId
App::get('/v1/vcs/github/authorize')
->desc('Install GitHub App')
->groups(['api', 'vcs'])
->label('origin', '*')
->label('sdk.auth', [])
->label('scope', 'vcs.read')
->label('sdk.namespace', 'vcs')
->label('sdk.auth', [APP_AUTH_TYPE_ADMIN])
->label('sdk.method', 'createGitHubInstallation')
@ -238,12 +237,12 @@ App::get('/v1/vcs/github/authorize')
->label('sdk.hide', true)
->param('success', '', fn ($clients) => new Host($clients), 'URL to redirect back to console after a successful installation attempt.', true, ['clients'])
->param('failure', '', fn ($clients) => new Host($clients), 'URL to redirect back to console after a failed installation attempt.', true, ['clients'])
->param('projectId', '', new UID(), 'Project ID')
->inject('request')
->inject('response')
->action(function (string $success, string $failure, string $projectId, Request $request, Response $response) {
->inject('project')
->action(function (string $success, string $failure, Request $request, Response $response, Document $project) {
$state = \json_encode([
'projectId' => $projectId,
'projectId' => $project->getId(),
'success' => $success,
'failure' => $failure,
]);
@ -263,6 +262,7 @@ App::get('/v1/vcs/github/authorize')
App::get('/v1/vcs/github/callback')
->desc('Capture installation and authorization from GitHub App')
->groups(['api', 'vcs'])
->label('scope', 'public')
->label('error', __DIR__ . '/../../views/general/error.phtml')
->param('installation_id', '', new Text(256, 0), 'GitHub installation ID', true)
->param('setup_action', '', new Text(256, 0), 'GitHub setup actuon type', true)
@ -422,6 +422,7 @@ App::get('/v1/vcs/github/callback')
App::post('/v1/vcs/github/installations/:installationId/providerRepositories/:providerRepositoryId/detection')
->desc('Detect runtime settings from source code')
->groups(['api', 'vcs'])
->label('scope', 'vcs.write')
->label('sdk.namespace', 'vcs')
->label('sdk.auth', [APP_AUTH_TYPE_ADMIN])
->label('sdk.method', 'createRepositoryDetection')
@ -488,6 +489,7 @@ App::post('/v1/vcs/github/installations/:installationId/providerRepositories/:pr
App::get('/v1/vcs/github/installations/:installationId/providerRepositories')
->desc('List Repositories')
->groups(['api', 'vcs'])
->label('scope', 'vcs.read')
->label('sdk.namespace', 'vcs')
->label('sdk.auth', [APP_AUTH_TYPE_ADMIN])
->label('sdk.method', 'listRepositories')
@ -580,6 +582,7 @@ App::get('/v1/vcs/github/installations/:installationId/providerRepositories')
App::post('/v1/vcs/github/installations/:installationId/providerRepositories')
->desc('Create repository')
->groups(['api', 'vcs'])
->label('scope', 'vcs.write')
->label('sdk.namespace', 'vcs')
->label('sdk.auth', [APP_AUTH_TYPE_ADMIN])
->label('sdk.method', 'createRepository')
@ -680,6 +683,7 @@ App::post('/v1/vcs/github/installations/:installationId/providerRepositories')
App::get('/v1/vcs/github/installations/:installationId/providerRepositories/:providerRepositoryId')
->desc('Get repository')
->groups(['api', 'vcs'])
->label('scope', 'vcs.read')
->label('sdk.namespace', 'vcs')
->label('sdk.auth', [APP_AUTH_TYPE_ADMIN])
->label('sdk.method', 'getRepository')
@ -725,6 +729,7 @@ App::get('/v1/vcs/github/installations/:installationId/providerRepositories/:pro
App::get('/v1/vcs/github/installations/:installationId/providerRepositories/:providerRepositoryId/branches')
->desc('List Repository Branches')
->groups(['api', 'vcs'])
->label('scope', 'vcs.read')
->label('sdk.namespace', 'vcs')
->label('sdk.auth', [APP_AUTH_TYPE_ADMIN])
->label('sdk.method', 'listRepositoryBranches')
@ -770,6 +775,7 @@ App::get('/v1/vcs/github/installations/:installationId/providerRepositories/:pro
App::post('/v1/vcs/github/events')
->desc('Create Event')
->groups(['api', 'vcs'])
->label('scope', 'public')
->inject('gitHub')
->inject('request')
->inject('response')
@ -905,8 +911,9 @@ App::post('/v1/vcs/github/events')
);
App::get('/v1/vcs/installations')
->groups(['api', 'vcs'])
->desc('List installations')
->groups(['api', 'vcs'])
->label('scope', 'vcs.read')
->label('sdk.namespace', 'vcs')
->label('sdk.auth', [APP_AUTH_TYPE_ADMIN])
->label('sdk.method', 'listInstallations')
@ -956,8 +963,9 @@ App::get('/v1/vcs/installations')
});
App::get('/v1/vcs/installations/:installationId')
->groups(['api', 'vcs'])
->desc('Get installation')
->groups(['api', 'vcs'])
->label('scope', 'vcs.read')
->label('sdk.namespace', 'vcs')
->label('sdk.auth', [APP_AUTH_TYPE_ADMIN])
->label('sdk.method', 'getInstallation')
@ -984,8 +992,9 @@ App::get('/v1/vcs/installations/:installationId')
});
App::delete('/v1/vcs/installations/:installationId')
->groups(['api', 'vcs'])
->desc('Delete Installation')
->groups(['api', 'vcs'])
->label('scope', 'vcs.write')
->label('sdk.namespace', 'vcs')
->label('sdk.auth', [APP_AUTH_TYPE_ADMIN])
->label('sdk.method', 'deleteInstallation')
@ -1018,6 +1027,7 @@ App::delete('/v1/vcs/installations/:installationId')
App::patch('/v1/vcs/github/installations/:installationId/repositories/:repositoryId')
->desc('Authorize external deployment')
->groups(['api', 'vcs'])
->label('scope', 'vcs.write')
->label('sdk.namespace', 'vcs')
->label('sdk.auth', [APP_AUTH_TYPE_ADMIN])
->label('sdk.method', 'updateExternalDeployments')

2
app/views/install/compose.phtml
View file

@ -650,7 +650,7 @@ services:
- MYSQL_DATABASE=${_APP_DB_SCHEMA}
- MYSQL_USER=${_APP_DB_USER}
- MYSQL_PASSWORD=${_APP_DB_PASS}
command: 'mysqld --innodb-flush-method=fsync --max_connections=${_APP_CONNECTIONS_MAX}'
command: 'mysqld --innodb-flush-method=fsync'
redis:
image: redis:7.0.4-alpine