mirror of
https://github.com/appwrite/appwrite.git
synced 2026-05-26 13:51:13 +00:00
Expose team membership secret to api/console user
This commit is contained in:
@@ -449,8 +449,19 @@ App::post('/v1/teams/:teamId/memberships')
|
||||
$events
|
||||
->setParam('teamId', $team->getId())
|
||||
->setParam('membershipId', $membership->getId())
|
||||
->setPayload($response->output(
|
||||
$membership
|
||||
->setAttribute('teamName', $team->getAttribute('name'))
|
||||
->setAttribute('userName', $invitee->getAttribute('name'))
|
||||
->setAttribute('userEmail', $invitee->getAttribute('email'))
|
||||
->setAttribute('secret', $secret),
|
||||
Response::MODEL_MEMBERSHIP
|
||||
))
|
||||
;
|
||||
|
||||
// Hide secret for clients
|
||||
$membership->setAttribute('secret', ($isPrivilegedUser || $isAppUser) ? $secret : '');
|
||||
|
||||
$response
|
||||
->setStatusCode(Response::STATUS_CODE_CREATED)
|
||||
->dynamic(
|
||||
@@ -486,6 +497,9 @@ App::get('/v1/teams/:teamId/memberships')
|
||||
throw new Exception(Exception::TEAM_NOT_FOUND);
|
||||
}
|
||||
|
||||
$isPrivilegedUser = Auth::isPrivilegedUser(Authorization::getRoles());
|
||||
$isAppUser = Auth::isAppUser(Authorization::getRoles());
|
||||
|
||||
$queries = Query::parseQueries($queries);
|
||||
|
||||
if (!empty($search)) {
|
||||
@@ -525,7 +539,11 @@ App::get('/v1/teams/:teamId/memberships')
|
||||
|
||||
$memberships = array_filter($memberships, fn(Document $membership) => !empty($membership->getAttribute('userId')));
|
||||
|
||||
$memberships = array_map(function ($membership) use ($dbForProject, $team) {
|
||||
$memberships = array_map(function ($membership) use ($dbForProject, $team, $isPrivilegedUser, $isAppUser) {
|
||||
|
||||
// Hide secret for clients
|
||||
$membership->setAttribute('secret', ($isPrivilegedUser || $isAppUser) ? $membership->getAttribute('secret') : '');
|
||||
|
||||
$user = $dbForProject->getDocument('users', $membership->getAttribute('userId'));
|
||||
|
||||
$membership
|
||||
@@ -572,8 +590,14 @@ App::get('/v1/teams/:teamId/memberships/:membershipId')
|
||||
throw new Exception(Exception::MEMBERSHIP_NOT_FOUND);
|
||||
}
|
||||
|
||||
$isPrivilegedUser = Auth::isPrivilegedUser(Authorization::getRoles());
|
||||
$isAppUser = Auth::isAppUser(Authorization::getRoles());
|
||||
|
||||
$user = $dbForProject->getDocument('users', $membership->getAttribute('userId'));
|
||||
|
||||
// Hide secret for clients
|
||||
$membership->setAttribute('secret', ($isPrivilegedUser || $isAppUser) ? $membership->getAttribute('secret') : '');
|
||||
|
||||
$membership
|
||||
->setAttribute('teamName', $team->getAttribute('name'))
|
||||
->setAttribute('userName', $user->getAttribute('name'))
|
||||
@@ -645,6 +669,9 @@ App::patch('/v1/teams/:teamId/memberships/:membershipId')
|
||||
->setParam('teamId', $team->getId())
|
||||
->setParam('membershipId', $membership->getId());
|
||||
|
||||
// Hide secret for clients
|
||||
$membership->setAttribute('secret', ($isPrivilegedUser || $isAppUser) ? $membership->getAttribute('secret') : '');
|
||||
|
||||
$response->dynamic(
|
||||
$membership
|
||||
->setAttribute('teamName', $team->getAttribute('name'))
|
||||
@@ -718,6 +745,9 @@ App::patch('/v1/teams/:teamId/memberships/:membershipId/status')
|
||||
throw new Exception(Exception::MEMBERSHIP_ALREADY_CONFIRMED);
|
||||
}
|
||||
|
||||
$isPrivilegedUser = Auth::isPrivilegedUser(Authorization::getRoles());
|
||||
$isAppUser = Auth::isAppUser(Authorization::getRoles());
|
||||
|
||||
$membership // Attach user to team
|
||||
->setAttribute('joined', DateTime::now())
|
||||
->setAttribute('confirm', true)
|
||||
@@ -779,6 +809,9 @@ App::patch('/v1/teams/:teamId/memberships/:membershipId/status')
|
||||
->addCookie(Auth::$cookieName, Auth::encodeSession($user->getId(), $secret), (new \DateTime($expire))->getTimestamp(), '/', Config::getParam('cookieDomain'), ('https' == $protocol), true, Config::getParam('cookieSamesite'))
|
||||
;
|
||||
|
||||
// Hide secret for clients
|
||||
$membership->setAttribute('secret', ($isPrivilegedUser || $isAppUser) ? $membership->getAttribute('secret') : '');
|
||||
|
||||
$response->dynamic(
|
||||
$membership
|
||||
->setAttribute('teamName', $team->getAttribute('name'))
|
||||
|
||||
@@ -83,6 +83,12 @@ class Membership extends Model
|
||||
'example' => 'admin',
|
||||
'array' => true,
|
||||
])
|
||||
->addRule('secret', [
|
||||
'type' => self::TYPE_STRING,
|
||||
'description' => 'Token secret key. This will return an empty string unless the response is returned using an API key or as part of a webhook payload.',
|
||||
'default' => '',
|
||||
'example' => '',
|
||||
])
|
||||
;
|
||||
}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user