diff --git a/app/config/roles.php b/app/config/roles.php index 8fba27e503..04175ac1d5 100644 --- a/app/config/roles.php +++ b/app/config/roles.php @@ -59,8 +59,8 @@ $admins = [ 'oauth2.write', 'mocks.read', 'mocks.write', - 'policies.read', - 'policies.write', + 'project.policies.read', + 'project.policies.write', 'templates.read', 'templates.write', 'projects.write', diff --git a/app/config/scopes/project.php b/app/config/scopes/project.php index a048920de9..7a61524b87 100644 --- a/app/config/scopes/project.php +++ b/app/config/scopes/project.php @@ -44,11 +44,23 @@ return [ "category" => "Project", ], "policies.read" => [ + "description" => + "Access to read project\'s policies. Replaced by \'project.policies.read\' for more granular control", + "category" => "Project", + 'deprecated' => true, + ], + "policies.write" => [ + "description" => + "Access to update project\'s policies. Replaces by \'project.policies.write\' for more granular control", + "category" => "Project", + 'deprecated' => true, + ], + "project.policies.read" => [ "description" => "Access to read project\'s policies", "category" => "Project", ], - "policies.write" => [ + "project.policies.write" => [ "description" => "Access to update project\'s policies", "category" => "Project", diff --git a/src/Appwrite/Platform/Modules/Project/Http/Project/Policies/Get.php b/src/Appwrite/Platform/Modules/Project/Http/Project/Policies/Get.php index 3ffe30f1fa..21342332d9 100644 --- a/src/Appwrite/Platform/Modules/Project/Http/Project/Policies/Get.php +++ b/src/Appwrite/Platform/Modules/Project/Http/Project/Policies/Get.php @@ -27,7 +27,7 @@ class Get extends Action ->setHttpPath('/v1/project/policies/:policyId') ->desc('Get project policy') ->groups(['api', 'project']) - ->label('scope', 'policies.read') + ->label('scope', ['policies.read', 'project.policies.read']) ->label('sdk', new Method( namespace: 'project', group: 'policies', diff --git a/src/Appwrite/Platform/Modules/Project/Http/Project/Policies/MembershipPrivacy/Update.php b/src/Appwrite/Platform/Modules/Project/Http/Project/Policies/MembershipPrivacy/Update.php index c947ff225a..41a6168b07 100644 --- a/src/Appwrite/Platform/Modules/Project/Http/Project/Policies/MembershipPrivacy/Update.php +++ b/src/Appwrite/Platform/Modules/Project/Http/Project/Policies/MembershipPrivacy/Update.php @@ -31,7 +31,7 @@ class Update extends Action ->httpAlias('/v1/projects/:projectId/auth/memberships-privacy') ->desc('Update membership privacy policy') ->groups(['api', 'project']) - ->label('scope', 'policies.write') + ->label('scope', ['policies.write', 'project.policies.write']) ->label('event', 'projects.[projectId].policies.[policy].update') ->label('audits.event', 'projects.[projectId].policies.[policy].update') ->label('audits.resource', 'project/{response.$id}') diff --git a/src/Appwrite/Platform/Modules/Project/Http/Project/Policies/PasswordDictionary/Update.php b/src/Appwrite/Platform/Modules/Project/Http/Project/Policies/PasswordDictionary/Update.php index e2c678abb6..d7ee99fbfe 100644 --- a/src/Appwrite/Platform/Modules/Project/Http/Project/Policies/PasswordDictionary/Update.php +++ b/src/Appwrite/Platform/Modules/Project/Http/Project/Policies/PasswordDictionary/Update.php @@ -31,7 +31,7 @@ class Update extends Action ->httpAlias('/v1/projects/:projectId/auth/password-dictionary') ->desc('Update password dictionary policy') ->groups(['api', 'project']) - ->label('scope', 'policies.write') + ->label('scope', ['policies.write', 'project.policies.write']) ->label('event', 'projects.[projectId].policies.[policy].update') ->label('audits.event', 'projects.[projectId].policies.[policy].update') ->label('audits.resource', 'project/{response.$id}') diff --git a/src/Appwrite/Platform/Modules/Project/Http/Project/Policies/PasswordHistory/Update.php b/src/Appwrite/Platform/Modules/Project/Http/Project/Policies/PasswordHistory/Update.php index a8ae81caff..84861a19e1 100644 --- a/src/Appwrite/Platform/Modules/Project/Http/Project/Policies/PasswordHistory/Update.php +++ b/src/Appwrite/Platform/Modules/Project/Http/Project/Policies/PasswordHistory/Update.php @@ -32,7 +32,7 @@ class Update extends Action ->httpAlias('/v1/projects/:projectId/auth/password-history') ->desc('Update password history policy') ->groups(['api', 'project']) - ->label('scope', 'policies.write') + ->label('scope', ['policies.write', 'project.policies.write']) ->label('event', 'projects.[projectId].policies.[policy].update') ->label('audits.event', 'projects.[projectId].policies.[policy].update') ->label('audits.resource', 'project/{response.$id}') diff --git a/src/Appwrite/Platform/Modules/Project/Http/Project/Policies/PasswordPersonalData/Update.php b/src/Appwrite/Platform/Modules/Project/Http/Project/Policies/PasswordPersonalData/Update.php index 9db7cf0549..435f00fc39 100644 --- a/src/Appwrite/Platform/Modules/Project/Http/Project/Policies/PasswordPersonalData/Update.php +++ b/src/Appwrite/Platform/Modules/Project/Http/Project/Policies/PasswordPersonalData/Update.php @@ -31,7 +31,7 @@ class Update extends Action ->httpAlias('/v1/projects/:projectId/auth/personal-data') ->desc('Update password personal data policy') ->groups(['api', 'project']) - ->label('scope', 'policies.write') + ->label('scope', ['policies.write', 'project.policies.write']) ->label('event', 'projects.[projectId].policies.[policy].update') ->label('audits.event', 'projects.[projectId].policies.[policy].update') ->label('audits.resource', 'project/{response.$id}') diff --git a/src/Appwrite/Platform/Modules/Project/Http/Project/Policies/SessionAlert/Update.php b/src/Appwrite/Platform/Modules/Project/Http/Project/Policies/SessionAlert/Update.php index 22b7a44b04..79653d46ad 100644 --- a/src/Appwrite/Platform/Modules/Project/Http/Project/Policies/SessionAlert/Update.php +++ b/src/Appwrite/Platform/Modules/Project/Http/Project/Policies/SessionAlert/Update.php @@ -31,7 +31,7 @@ class Update extends Action ->httpAlias('/v1/projects/:projectId/auth/session-alerts') ->desc('Update session alert policy') ->groups(['api', 'project']) - ->label('scope', 'policies.write') + ->label('scope', ['policies.write', 'project.policies.write']) ->label('event', 'projects.[projectId].policies.[policy].update') ->label('audits.event', 'projects.[projectId].policies.[policy].update') ->label('audits.resource', 'project/{response.$id}') diff --git a/src/Appwrite/Platform/Modules/Project/Http/Project/Policies/SessionDuration/Update.php b/src/Appwrite/Platform/Modules/Project/Http/Project/Policies/SessionDuration/Update.php index ba72c93a6f..0a7f33218a 100644 --- a/src/Appwrite/Platform/Modules/Project/Http/Project/Policies/SessionDuration/Update.php +++ b/src/Appwrite/Platform/Modules/Project/Http/Project/Policies/SessionDuration/Update.php @@ -31,7 +31,7 @@ class Update extends Action ->httpAlias('/v1/projects/:projectId/auth/duration') ->desc('Update session duration policy') ->groups(['api', 'project']) - ->label('scope', 'policies.write') + ->label('scope', ['policies.write', 'project.policies.write']) ->label('event', 'projects.[projectId].policies.[policy].update') ->label('audits.event', 'projects.[projectId].policies.[policy].update') ->label('audits.resource', 'project/{response.$id}') diff --git a/src/Appwrite/Platform/Modules/Project/Http/Project/Policies/SessionInvalidation/Update.php b/src/Appwrite/Platform/Modules/Project/Http/Project/Policies/SessionInvalidation/Update.php index 8f8a959959..a1feb67346 100644 --- a/src/Appwrite/Platform/Modules/Project/Http/Project/Policies/SessionInvalidation/Update.php +++ b/src/Appwrite/Platform/Modules/Project/Http/Project/Policies/SessionInvalidation/Update.php @@ -31,7 +31,7 @@ class Update extends Action ->httpAlias('/v1/projects/:projectId/auth/session-invalidation') ->desc('Update session invalidation policy') ->groups(['api', 'project']) - ->label('scope', 'policies.write') + ->label('scope', ['policies.write', 'project.policies.write']) ->label('event', 'projects.[projectId].policies.[policy].update') ->label('audits.event', 'projects.[projectId].policies.[policy].update') ->label('audits.resource', 'project/{response.$id}') diff --git a/src/Appwrite/Platform/Modules/Project/Http/Project/Policies/SessionLimit/Update.php b/src/Appwrite/Platform/Modules/Project/Http/Project/Policies/SessionLimit/Update.php index 382ed6f0d9..936a541249 100644 --- a/src/Appwrite/Platform/Modules/Project/Http/Project/Policies/SessionLimit/Update.php +++ b/src/Appwrite/Platform/Modules/Project/Http/Project/Policies/SessionLimit/Update.php @@ -32,7 +32,7 @@ class Update extends Action ->httpAlias('/v1/projects/:projectId/auth/max-sessions') ->desc('Update session limit policy') ->groups(['api', 'project']) - ->label('scope', 'policies.write') + ->label('scope', ['policies.write', 'project.policies.write']) ->label('event', 'projects.[projectId].policies.[policy].update') ->label('audits.event', 'projects.[projectId].policies.[policy].update') ->label('audits.resource', 'project/{response.$id}') diff --git a/src/Appwrite/Platform/Modules/Project/Http/Project/Policies/UserLimit/Update.php b/src/Appwrite/Platform/Modules/Project/Http/Project/Policies/UserLimit/Update.php index 9129b81250..2b7e704853 100644 --- a/src/Appwrite/Platform/Modules/Project/Http/Project/Policies/UserLimit/Update.php +++ b/src/Appwrite/Platform/Modules/Project/Http/Project/Policies/UserLimit/Update.php @@ -32,7 +32,7 @@ class Update extends Action ->httpAlias('/v1/projects/:projectId/auth/limit') ->desc('Update user limit policy') ->groups(['api', 'project']) - ->label('scope', 'policies.write') + ->label('scope', ['policies.write', 'project.policies.write']) ->label('event', 'projects.[projectId].policies.[policy].update') ->label('audits.event', 'projects.[projectId].policies.[policy].update') ->label('audits.resource', 'project/{response.$id}') diff --git a/src/Appwrite/Platform/Modules/Project/Http/Project/Policies/XList.php b/src/Appwrite/Platform/Modules/Project/Http/Project/Policies/XList.php index 893b28fef2..3020fa79dd 100644 --- a/src/Appwrite/Platform/Modules/Project/Http/Project/Policies/XList.php +++ b/src/Appwrite/Platform/Modules/Project/Http/Project/Policies/XList.php @@ -33,7 +33,7 @@ class XList extends Action ->setHttpPath('/v1/project/policies') ->desc('List project policies') ->groups(['api', 'project']) - ->label('scope', 'policies.read') + ->label('scope', ['policies.read', 'project.policies.read']) ->label('sdk', new Method( namespace: 'project', group: 'policies', diff --git a/src/Appwrite/Platform/Workers/Migrations.php b/src/Appwrite/Platform/Workers/Migrations.php index c25a83c231..3fd86baea9 100644 --- a/src/Appwrite/Platform/Workers/Migrations.php +++ b/src/Appwrite/Platform/Workers/Migrations.php @@ -380,8 +380,8 @@ class Migrations extends Action 'oauth2.write', 'mocks.read', 'mocks.write', - 'policies.read', - 'policies.write', + 'project.policies.read', + 'project.policies.write', 'templates.read', 'templates.write', ]; diff --git a/tests/e2e/Scopes/ProjectCustom.php b/tests/e2e/Scopes/ProjectCustom.php index 3071ddfa2a..99219ebf99 100644 --- a/tests/e2e/Scopes/ProjectCustom.php +++ b/tests/e2e/Scopes/ProjectCustom.php @@ -173,8 +173,8 @@ trait ProjectCustom 'oauth2.write', 'mocks.read', 'mocks.write', - 'policies.read', - 'policies.write', + 'project.policies.read', + 'project.policies.write', 'templates.read', 'templates.write', ],