Appwrite/appwrite
1
0
Fork 0
mirror of https://github.com/appwrite/appwrite.git synced 2026-05-26 13:51:13 +00:00
Code Issues Packages Projects Releases Wiki Activity

feat: memberships privacy

Browse Source
This commit is contained in:
loks0n
2024-11-06 21:15:31 +01:00
parent a6ae565093
commit e4c6e97ded
9 changed files with 520 additions and 367 deletions
Download Patch File Download Diff File Expand all files Collapse all files
app/config/specs/open-api3-1.6.x-console.json
+108 -84
View File
@@ -20670,6 +20670,99 @@
}
}
},
"\/projects\/{projectId}\/auth\/memberships-privacy": {
"patch": {
"summary": "Update project team sensitive attributes",
"operationId": "projectsUpdateMembershipsPrivacy",
"tags": [
"projects"
],
"description": "",
"responses": {
"200": {
"description": "Project",
"content": {
"application\/json": {
"schema": {
"$ref": "#\/components\/schemas\/project"
}
}
}
}
},
"x-appwrite": {
"method": "updateMembershipsPrivacy",
"weight": 161,
"cookies": false,
"type": "",
"deprecated": false,
"demo": "projects\/update-memberships-privacy.md",
"edit": "https:\/\/github.com\/appwrite\/appwrite\/edit\/master",
"rate-limit": 0,
"rate-time": 3600,
"rate-key": "url:{url},ip:{ip}",
"scope": "projects.write",
"platforms": [
"console"
],
"packaging": false,
"offline-model": "",
"offline-key": "",
"offline-response-key": "$id",
"auth": {
"Project": []
}
},
"security": [
{
"Project": []
}
],
"parameters": [
{
"name": "projectId",
"description": "Project unique ID.",
"required": true,
"schema": {
"type": "string",
"x-example": "<PROJECT_ID>"
},
"in": "path"
}
],
"requestBody": {
"content": {
"application\/json": {
"schema": {
"type": "object",
"properties": {
"userName": {
"type": "boolean",
"description": "Set to true to show userName to members of a team.",
"x-example": false
},
"userEmail": {
"type": "boolean",
"description": "Set to true to show email to members of a team.",
"x-example": false
},
"mfa": {
"type": "boolean",
"description": "Set to true to show mfa to members of a team.",
"x-example": false
}
},
"required": [
"userName",
"userEmail",
"mfa"
]
}
}
}
}
}
},
"\/projects\/{projectId}\/auth\/mock-numbers": {
"patch": {
"summary": "Update the mock numbers for the project",
@@ -21078,87 +21171,6 @@
}
}
},
"\/projects\/{projectId}\/auth\/teams-sensitive-attributes": {
"patch": {
"summary": "Update project team sensitive attributes",
"operationId": "projectsUpdateTeamsSensitiveAttributes",
"tags": [
"projects"
],
"description": "",
"responses": {
"200": {
"description": "Project",
"content": {
"application\/json": {
"schema": {
"$ref": "#\/components\/schemas\/project"
}
}
}
}
},
"x-appwrite": {
"method": "updateTeamsSensitiveAttributes",
"weight": 161,
"cookies": false,
"type": "",
"deprecated": false,
"demo": "projects\/update-teams-sensitive-attributes.md",
"edit": "https:\/\/github.com\/appwrite\/appwrite\/edit\/master",
"rate-limit": 0,
"rate-time": 3600,
"rate-key": "url:{url},ip:{ip}",
"scope": "projects.write",
"platforms": [
"console"
],
"packaging": false,
"offline-model": "",
"offline-key": "",
"offline-response-key": "$id",
"auth": {
"Project": []
}
},
"security": [
{
"Project": []
}
],
"parameters": [
{
"name": "projectId",
"description": "Project unique ID.",
"required": true,
"schema": {
"type": "string",
"x-example": "<PROJECT_ID>"
},
"in": "path"
}
],
"requestBody": {
"content": {
"application\/json": {
"schema": {
"type": "object",
"properties": {
"enabled": {
"type": "boolean",
"description": "Set to true to show sensitive attributes to team members.",
"x-example": false
}
},
"required": [
"enabled"
]
}
}
}
}
}
},
"\/projects\/{projectId}\/auth\/{method}": {
"patch": {
"summary": "Update project auth method status. Use this endpoint to enable or disable a given auth method for this project.",
@@ -36065,9 +36077,19 @@
"description": "Whether or not to send session alert emails to users.",
"x-example": true
},
"teamsSensitiveAttributes": {
"membershipsUserName": {
"type": "boolean",
"description": "Whether or not to show sensitive attributes in the teams API.",
"description": "Whether or not to show user names in the teams membership response.",
"x-example": true
},
"membershipsUserEmail": {
"type": "boolean",
"description": "Whether or not to show user emails in the teams membership response.",
"x-example": true
},
"membershipsMfa": {
"type": "boolean",
"description": "Whether or not to show user MFA status in the teams membership response.",
"x-example": true
},
"oAuthProviders": {
@@ -36275,7 +36297,9 @@
"authPersonalDataCheck",
"authMockNumbers",
"authSessionAlerts",
"teamsSensitiveAttributes",
"membershipsUserName",
"membershipsUserEmail",
"membershipsMfa",
"oAuthProviders",
"platforms",
"webhooks",
app/config/specs/open-api3-latest-console.json
+108 -84
View File
@@ -20670,6 +20670,99 @@
}
}
},
"\/projects\/{projectId}\/auth\/memberships-privacy": {
"patch": {
"summary": "Update project team sensitive attributes",
"operationId": "projectsUpdateMembershipsPrivacy",
"tags": [
"projects"
],
"description": "",
"responses": {
"200": {
"description": "Project",
"content": {
"application\/json": {
"schema": {
"$ref": "#\/components\/schemas\/project"
}
}
}
}
},
"x-appwrite": {
"method": "updateMembershipsPrivacy",
"weight": 161,
"cookies": false,
"type": "",
"deprecated": false,
"demo": "projects\/update-memberships-privacy.md",
"edit": "https:\/\/github.com\/appwrite\/appwrite\/edit\/master",
"rate-limit": 0,
"rate-time": 3600,
"rate-key": "url:{url},ip:{ip}",
"scope": "projects.write",
"platforms": [
"console"
],
"packaging": false,
"offline-model": "",
"offline-key": "",
"offline-response-key": "$id",
"auth": {
"Project": []
}
},
"security": [
{
"Project": []
}
],
"parameters": [
{
"name": "projectId",
"description": "Project unique ID.",
"required": true,
"schema": {
"type": "string",
"x-example": "<PROJECT_ID>"
},
"in": "path"
}
],
"requestBody": {
"content": {
"application\/json": {
"schema": {
"type": "object",
"properties": {
"userName": {
"type": "boolean",
"description": "Set to true to show userName to members of a team.",
"x-example": false
},
"userEmail": {
"type": "boolean",
"description": "Set to true to show email to members of a team.",
"x-example": false
},
"mfa": {
"type": "boolean",
"description": "Set to true to show mfa to members of a team.",
"x-example": false
}
},
"required": [
"userName",
"userEmail",
"mfa"
]
}
}
}
}
}
},
"\/projects\/{projectId}\/auth\/mock-numbers": {
"patch": {
"summary": "Update the mock numbers for the project",
@@ -21078,87 +21171,6 @@
}
}
},
"\/projects\/{projectId}\/auth\/teams-sensitive-attributes": {
"patch": {
"summary": "Update project team sensitive attributes",
"operationId": "projectsUpdateTeamsSensitiveAttributes",
"tags": [
"projects"
],
"description": "",
"responses": {
"200": {
"description": "Project",
"content": {
"application\/json": {
"schema": {
"$ref": "#\/components\/schemas\/project"
}
}
}
}
},
"x-appwrite": {
"method": "updateTeamsSensitiveAttributes",
"weight": 161,
"cookies": false,
"type": "",
"deprecated": false,
"demo": "projects\/update-teams-sensitive-attributes.md",
"edit": "https:\/\/github.com\/appwrite\/appwrite\/edit\/master",
"rate-limit": 0,
"rate-time": 3600,
"rate-key": "url:{url},ip:{ip}",
"scope": "projects.write",
"platforms": [
"console"
],
"packaging": false,
"offline-model": "",
"offline-key": "",
"offline-response-key": "$id",
"auth": {
"Project": []
}
},
"security": [
{
"Project": []
}
],
"parameters": [
{
"name": "projectId",
"description": "Project unique ID.",
"required": true,
"schema": {
"type": "string",
"x-example": "<PROJECT_ID>"
},
"in": "path"
}
],
"requestBody": {
"content": {
"application\/json": {
"schema": {
"type": "object",
"properties": {
"enabled": {
"type": "boolean",
"description": "Set to true to show sensitive attributes to team members.",
"x-example": false
}
},
"required": [
"enabled"
]
}
}
}
}
}
},
"\/projects\/{projectId}\/auth\/{method}": {
"patch": {
"summary": "Update project auth method status. Use this endpoint to enable or disable a given auth method for this project.",
@@ -36065,9 +36077,19 @@
"description": "Whether or not to send session alert emails to users.",
"x-example": true
},
"teamsSensitiveAttributes": {
"membershipsUserName": {
"type": "boolean",
"description": "Whether or not to show sensitive attributes in the teams API.",
"description": "Whether or not to show user names in the teams membership response.",
"x-example": true
},
"membershipsUserEmail": {
"type": "boolean",
"description": "Whether or not to show user emails in the teams membership response.",
"x-example": true
},
"membershipsMfa": {
"type": "boolean",
"description": "Whether or not to show user MFA status in the teams membership response.",
"x-example": true
},
"oAuthProviders": {
@@ -36275,7 +36297,9 @@
"authPersonalDataCheck",
"authMockNumbers",
"authSessionAlerts",
"teamsSensitiveAttributes",
"membershipsUserName",
"membershipsUserEmail",
"membershipsMfa",
"oAuthProviders",
"platforms",
"webhooks",
app/config/specs/swagger2-1.6.x-console.json
+109 -83
View File
@@ -21136,6 +21136,100 @@
]
}
},
"\/projects\/{projectId}\/auth\/memberships-privacy": {
"patch": {
"summary": "Update project team sensitive attributes",
"operationId": "projectsUpdateMembershipsPrivacy",
"consumes": [
"application\/json"
],
"produces": [
"application\/json"
],
"tags": [
"projects"
],
"description": "",
"responses": {
"200": {
"description": "Project",
"schema": {
"$ref": "#\/definitions\/project"
}
}
},
"x-appwrite": {
"method": "updateMembershipsPrivacy",
"weight": 161,
"cookies": false,
"type": "",
"deprecated": false,
"demo": "projects\/update-memberships-privacy.md",
"edit": "https:\/\/github.com\/appwrite\/appwrite\/edit\/master",
"rate-limit": 0,
"rate-time": 3600,
"rate-key": "url:{url},ip:{ip}",
"scope": "projects.write",
"platforms": [
"console"
],
"packaging": false,
"offline-model": "",
"offline-key": "",
"offline-response-key": "$id",
"auth": {
"Project": []
}
},
"security": [
{
"Project": []
}
],
"parameters": [
{
"name": "projectId",
"description": "Project unique ID.",
"required": true,
"type": "string",
"x-example": "<PROJECT_ID>",
"in": "path"
},
{
"name": "payload",
"in": "body",
"schema": {
"type": "object",
"properties": {
"userName": {
"type": "boolean",
"description": "Set to true to show userName to members of a team.",
"default": null,
"x-example": false
},
"userEmail": {
"type": "boolean",
"description": "Set to true to show email to members of a team.",
"default": null,
"x-example": false
},
"mfa": {
"type": "boolean",
"description": "Set to true to show mfa to members of a team.",
"default": null,
"x-example": false
}
},
"required": [
"userName",
"userEmail",
"mfa"
]
}
}
]
}
},
"\/projects\/{projectId}\/auth\/mock-numbers": {
"patch": {
"summary": "Update the mock numbers for the project",
@@ -21539,86 +21633,6 @@
]
}
},
"\/projects\/{projectId}\/auth\/teams-sensitive-attributes": {
"patch": {
"summary": "Update project team sensitive attributes",
"operationId": "projectsUpdateTeamsSensitiveAttributes",
"consumes": [
"application\/json"
],
"produces": [
"application\/json"
],
"tags": [
"projects"
],
"description": "",
"responses": {
"200": {
"description": "Project",
"schema": {
"$ref": "#\/definitions\/project"
}
}
},
"x-appwrite": {
"method": "updateTeamsSensitiveAttributes",
"weight": 161,
"cookies": false,
"type": "",
"deprecated": false,
"demo": "projects\/update-teams-sensitive-attributes.md",
"edit": "https:\/\/github.com\/appwrite\/appwrite\/edit\/master",
"rate-limit": 0,
"rate-time": 3600,
"rate-key": "url:{url},ip:{ip}",
"scope": "projects.write",
"platforms": [
"console"
],
"packaging": false,
"offline-model": "",
"offline-key": "",
"offline-response-key": "$id",
"auth": {
"Project": []
}
},
"security": [
{
"Project": []
}
],
"parameters": [
{
"name": "projectId",
"description": "Project unique ID.",
"required": true,
"type": "string",
"x-example": "<PROJECT_ID>",
"in": "path"
},
{
"name": "payload",
"in": "body",
"schema": {
"type": "object",
"properties": {
"enabled": {
"type": "boolean",
"description": "Set to true to show sensitive attributes to team members.",
"default": null,
"x-example": false
}
},
"required": [
"enabled"
]
}
}
]
}
},
"\/projects\/{projectId}\/auth\/{method}": {
"patch": {
"summary": "Update project auth method status. Use this endpoint to enable or disable a given auth method for this project.",
@@ -36577,9 +36591,19 @@
"description": "Whether or not to send session alert emails to users.",
"x-example": true
},
"teamsSensitiveAttributes": {
"membershipsUserName": {
"type": "boolean",
"description": "Whether or not to show sensitive attributes in the teams API.",
"description": "Whether or not to show user names in the teams membership response.",
"x-example": true
},
"membershipsUserEmail": {
"type": "boolean",
"description": "Whether or not to show user emails in the teams membership response.",
"x-example": true
},
"membershipsMfa": {
"type": "boolean",
"description": "Whether or not to show user MFA status in the teams membership response.",
"x-example": true
},
"oAuthProviders": {
@@ -36791,7 +36815,9 @@
"authPersonalDataCheck",
"authMockNumbers",
"authSessionAlerts",
"teamsSensitiveAttributes",
"membershipsUserName",
"membershipsUserEmail",
"membershipsMfa",
"oAuthProviders",
"platforms",
"webhooks",
app/config/specs/swagger2-latest-console.json
+109 -83
View File
@@ -21136,6 +21136,100 @@
]
}
},
"\/projects\/{projectId}\/auth\/memberships-privacy": {
"patch": {
"summary": "Update project team sensitive attributes",
"operationId": "projectsUpdateMembershipsPrivacy",
"consumes": [
"application\/json"
],
"produces": [
"application\/json"
],
"tags": [
"projects"
],
"description": "",
"responses": {
"200": {
"description": "Project",
"schema": {
"$ref": "#\/definitions\/project"
}
}
},
"x-appwrite": {
"method": "updateMembershipsPrivacy",
"weight": 161,
"cookies": false,
"type": "",
"deprecated": false,
"demo": "projects\/update-memberships-privacy.md",
"edit": "https:\/\/github.com\/appwrite\/appwrite\/edit\/master",
"rate-limit": 0,
"rate-time": 3600,
"rate-key": "url:{url},ip:{ip}",
"scope": "projects.write",
"platforms": [
"console"
],
"packaging": false,
"offline-model": "",
"offline-key": "",
"offline-response-key": "$id",
"auth": {
"Project": []
}
},
"security": [
{
"Project": []
}
],
"parameters": [
{
"name": "projectId",
"description": "Project unique ID.",
"required": true,
"type": "string",
"x-example": "<PROJECT_ID>",
"in": "path"
},
{
"name": "payload",
"in": "body",
"schema": {
"type": "object",
"properties": {
"userName": {
"type": "boolean",
"description": "Set to true to show userName to members of a team.",
"default": null,
"x-example": false
},
"userEmail": {
"type": "boolean",
"description": "Set to true to show email to members of a team.",
"default": null,
"x-example": false
},
"mfa": {
"type": "boolean",
"description": "Set to true to show mfa to members of a team.",
"default": null,
"x-example": false
}
},
"required": [
"userName",
"userEmail",
"mfa"
]
}
}
]
}
},
"\/projects\/{projectId}\/auth\/mock-numbers": {
"patch": {
"summary": "Update the mock numbers for the project",
@@ -21539,86 +21633,6 @@
]
}
},
"\/projects\/{projectId}\/auth\/teams-sensitive-attributes": {
"patch": {
"summary": "Update project team sensitive attributes",
"operationId": "projectsUpdateTeamsSensitiveAttributes",
"consumes": [
"application\/json"
],
"produces": [
"application\/json"
],
"tags": [
"projects"
],
"description": "",
"responses": {
"200": {
"description": "Project",
"schema": {
"$ref": "#\/definitions\/project"
}
}
},
"x-appwrite": {
"method": "updateTeamsSensitiveAttributes",
"weight": 161,
"cookies": false,
"type": "",
"deprecated": false,
"demo": "projects\/update-teams-sensitive-attributes.md",
"edit": "https:\/\/github.com\/appwrite\/appwrite\/edit\/master",
"rate-limit": 0,
"rate-time": 3600,
"rate-key": "url:{url},ip:{ip}",
"scope": "projects.write",
"platforms": [
"console"
],
"packaging": false,
"offline-model": "",
"offline-key": "",
"offline-response-key": "$id",
"auth": {
"Project": []
}
},
"security": [
{
"Project": []
}
],
"parameters": [
{
"name": "projectId",
"description": "Project unique ID.",
"required": true,
"type": "string",
"x-example": "<PROJECT_ID>",
"in": "path"
},
{
"name": "payload",
"in": "body",
"schema": {
"type": "object",
"properties": {
"enabled": {
"type": "boolean",
"description": "Set to true to show sensitive attributes to team members.",
"default": null,
"x-example": false
}
},
"required": [
"enabled"
]
}
}
]
}
},
"\/projects\/{projectId}\/auth\/{method}": {
"patch": {
"summary": "Update project auth method status. Use this endpoint to enable or disable a given auth method for this project.",
@@ -36577,9 +36591,19 @@
"description": "Whether or not to send session alert emails to users.",
"x-example": true
},
"teamsSensitiveAttributes": {
"membershipsUserName": {
"type": "boolean",
"description": "Whether or not to show sensitive attributes in the teams API.",
"description": "Whether or not to show user names in the teams membership response.",
"x-example": true
},
"membershipsUserEmail": {
"type": "boolean",
"description": "Whether or not to show user emails in the teams membership response.",
"x-example": true
},
"membershipsMfa": {
"type": "boolean",
"description": "Whether or not to show user MFA status in the teams membership response.",
"x-example": true
},
"oAuthProviders": {
@@ -36791,7 +36815,9 @@
"authPersonalDataCheck",
"authMockNumbers",
"authSessionAlerts",
"teamsSensitiveAttributes",
"membershipsUserName",
"membershipsUserEmail",
"membershipsMfa",
"oAuthProviders",
"platforms",
"webhooks",
app/controllers/api/projects.php
+12 -8
View File
@@ -111,7 +111,9 @@ App::post('/v1/projects')
'personalDataCheck' => false,
'mockNumbers' => [],
'sessionAlerts' => false,
'teamsSensitiveAttributes' => true,
'membershipsUserName' => true,
'membershipsUserEmail' => true,
'membershipsMfa' => true,
];
foreach ($auth as $method) {
@@ -649,23 +651,23 @@ App::patch('/v1/projects/:projectId/auth/session-alerts')
$response->dynamic($project, Response::MODEL_PROJECT);
});
App::patch('/v1/projects/:projectId/auth/teams-sensitive-attributes')
App::patch('/v1/projects/:projectId/auth/memberships-privacy')
->desc('Update project team sensitive attributes')
->groups(['api', 'projects'])
->label('scope', 'projects.write')
->label('sdk.auth', [APP_AUTH_TYPE_ADMIN])
->label('sdk.namespace', 'projects')
->label('sdk.method', 'updateTeamsSensitiveAttributes')
->label('sdk.method', 'updateMembershipsPrivacy')
->label('sdk.response.code', Response::STATUS_CODE_OK)
->label('sdk.response.type', Response::CONTENT_TYPE_JSON)
->label('sdk.response.model', Response::MODEL_PROJECT)
->param('projectId', '', new UID(), 'Project unique ID.')
->param('enabled', true, new Boolean(true), 'Set to true to show sensitive attributes to team members.')
->param('userName', true, new Boolean(true), 'Set to true to show userName to members of a team.')
->param('userEmail', true, new Boolean(true), 'Set to true to show email to members of a team.')
->param('mfa', true, new Boolean(true), 'Set to true to show mfa to members of a team.')
->inject('response')
->inject('dbForConsole')
->action(function (string $projectId, bool $enabled, Response $response, Database $dbForConsole) {
$enabled = \strval($enabled) === 'true' || \strval($enabled) === '1';
->action(function (string $projectId, bool $userName, bool $userEmail, bool $mfa, Response $response, Database $dbForConsole) {
$project = $dbForConsole->getDocument('projects', $projectId);
if ($project->isEmpty()) {
@@ -674,7 +676,9 @@ App::patch('/v1/projects/:projectId/auth/teams-sensitive-attributes')
$auths = $project->getAttribute('auths', []);
$auths['teamsSensitiveAttributes'] = $enabled;
$auths['membershipsUserName'] = $userName;
$auths['membershipsUserEmail'] = $userEmail;
$auths['membershipsMfa'] = $mfa;
$dbForConsole->updateDocument('projects', $project->getId(), $project
->setAttribute('auths', $auths));
app/controllers/api/teams.php
+41 -14
View File
@@ -790,17 +790,25 @@ App::get('/v1/teams/:teamId/memberships')
$memberships = array_filter($memberships, fn (Document $membership) => !empty($membership->getAttribute('userId')));
$membershipsPrivacy = $project->getAttribute('auths', [])['membershipPrivacy'] ?? [
'userName' => true,
'userEmail' => true,
'mfa' => true,
];
$roles = Authorization::getRoles();
$isPrivilegedUser = Auth::isPrivilegedUser($roles);
$isAppUser = Auth::isAppUser($roles);
$sensitiveAttributes = $isPrivilegedUser || $isAppUser || ($project->getAttribute('auths', [])['teamsSensitiveAttributes'] ?? true);
$membershipsPrivacy = array_map(function ($privacy) use ($isPrivilegedUser, $isAppUser) {
return $privacy || $isPrivilegedUser || $isAppUser;
}, $membershipsPrivacy);
$memberships = array_map(function ($membership) use ($dbForProject, $team, $sensitiveAttributes) {
if ($sensitiveAttributes) {
$memberships = array_map(function ($membership) use ($dbForProject, $team, $membershipsPrivacy) {
if ($membershipsPrivacy['mfa']) {
$user = $dbForProject->getDocument('users', $membership->getAttribute('userId'));
$mfa = $user->getAttribute('mfa', false);
if ($mfa) {
$totp = TOTP::getAuthenticatorFromUser($user);
$totpEnabled = $totp && $totp->getAttribute('verified', false);
@@ -812,13 +820,19 @@ App::get('/v1/teams/:teamId/memberships')
}
}
$membership
->setAttribute('mfa', $mfa)
->setAttribute('userName', $user->getAttribute('name'))
->setAttribute('userEmail', $user->getAttribute('email'));
$membership->setAttribute('mfa', $mfa);
}
if ($membershipsPrivacy['userName']) {
$membership->setAttribute('userName', $user->getAttribute('name'));
}
if ($membershipsPrivacy['userEmail']) {
$membership->setAttribute('userEmail', $user->getAttribute('email'));
}
$membership->setAttribute('teamName', $team->getAttribute('name'));
return $membership;
}, $memberships);
@@ -860,13 +874,21 @@ App::get('/v1/teams/:teamId/memberships/:membershipId')
throw new Exception(Exception::MEMBERSHIP_NOT_FOUND);
}
$membershipsPrivacy = $project->getAttribute('auths', [])['membershipPrivacy'] ?? [
'userName' => true,
'userEmail' => true,
'mfa' => true,
];
$roles = Authorization::getRoles();
$isPrivilegedUser = Auth::isPrivilegedUser($roles);
$isAppUser = Auth::isAppUser($roles);
$sensitiveAttributes = $isPrivilegedUser || $isAppUser || ($project->getAttribute('auths', [])['teamsSensitiveAttributes'] ?? true);
$membershipsPrivacy = array_map(function ($privacy) use ($isPrivilegedUser, $isAppUser) {
return $privacy || $isPrivilegedUser || $isAppUser;
}, $membershipsPrivacy);
if ($sensitiveAttributes) {
if ($membershipsPrivacy['mfa']) {
$user = $dbForProject->getDocument('users', $membership->getAttribute('userId'));
$mfa = $user->getAttribute('mfa', false);
@@ -882,10 +904,15 @@ App::get('/v1/teams/:teamId/memberships/:membershipId')
}
}
$membership
->setAttribute('mfa', $mfa)
->setAttribute('userName', $user->getAttribute('name'))
->setAttribute('userEmail', $user->getAttribute('email'));
$membership->setAttribute('mfa', $mfa);
}
if ($membershipsPrivacy['userName']) {
$membership->setAttribute('userName', $user->getAttribute('name'));
}
if ($membershipsPrivacy['userEmail']) {
$membership->setAttribute('userEmail', $user->getAttribute('email'));
}
$membership->setAttribute('teamName', $team->getAttribute('name'));
src/Appwrite/Utopia/Response/Model/Project.php
+17 -3
View File
@@ -151,9 +151,21 @@ class Project extends Model
'default' => false,
'example' => true,
])
->addRule('teamsSensitiveAttributes', [
->addRule('membershipsUserName', [
'type' => self::TYPE_BOOLEAN,
'description' => 'Whether or not to show sensitive attributes in the teams API.',
'description' => 'Whether or not to show user names in the teams membership response.',
'default' => false,
'example' => true,
])
->addRule('membershipsUserEmail', [
'type' => self::TYPE_BOOLEAN,
'description' => 'Whether or not to show user emails in the teams membership response.',
'default' => false,
'example' => true,
])
->addRule('membershipsMfa', [
'type' => self::TYPE_BOOLEAN,
'description' => 'Whether or not to show user MFA status in the teams membership response.',
'default' => false,
'example' => true,
])
@@ -354,7 +366,9 @@ class Project extends Model
$document->setAttribute('authPersonalDataCheck', $authValues['personalDataCheck'] ?? false);
$document->setAttribute('authMockNumbers', $authValues['mockNumbers'] ?? []);
$document->setAttribute('authSessionAlerts', $authValues['sessionAlerts'] ?? false);
$document->setAttribute('authTeamsSensitiveAttributes', $authValues['teamsSensitiveAttributes'] ?? true);
$document->setAttribute('authMembershipUserName', $authValues['membershipUserName'] ?? true);
$document->setAttribute('authMembershipUserEmail', $authValues['membershipUserEmail'] ?? true);
$document->setAttribute('authMembershipMfa', $authValues['membershipMfa'] ?? true);
foreach ($auth as $index => $method) {
$key = $method['key'];
tests/e2e/Services/Teams/TeamsBaseServer.php
+8 -4
View File
@@ -60,12 +60,14 @@ trait TeamsBaseServer
$this->assertEquals(true, (new DatetimeValidator())->isValid($response['body']['joined'])); // is null in DB
$this->assertEquals(true, $response['body']['confirm']);
$response = $this->client->call(Client::METHOD_PATCH, '/projects/' . $this->getProject()['$id'] . '/auth/teams-sensitive-attributes', array_merge([
$response = $this->client->call(Client::METHOD_PATCH, '/projects/' . $this->getProject()['$id'] . '/auth/memberships-privacy', array_merge([
'content-type' => 'application/json',
'x-appwrite-project' => 'console',
'cookie' => 'a_session_console=' . $this->getRoot()['session'],
]), [
'enabled' => false,
'userName' => false,
'userEmail' => false,
'mfa' => false,
]);
$this->assertEquals(200, $response['headers']['status-code']);
@@ -90,12 +92,14 @@ trait TeamsBaseServer
/**
* Update project settings to show sensitive fields
*/
$response = $this->client->call(Client::METHOD_PATCH, '/projects/' . $this->getProject()['$id'] . '/auth/teams-sensitive-attributes', array_merge([
$response = $this->client->call(Client::METHOD_PATCH, '/projects/' . $this->getProject()['$id'] . '/auth/memberships-privacy', array_merge([
'content-type' => 'application/json',
'x-appwrite-project' => 'console',
'cookie' => 'a_session_console=' . $this->getRoot()['session'],
]), [
'enabled' => true,
'userName' => true,
'userEmail' => true,
'mfa' => true,
]);
$this->assertEquals(200, $response['headers']['status-code']);
tests/e2e/Services/Teams/TeamsCustomClientTest.php
+8 -4
View File
@@ -23,12 +23,14 @@ class TeamsCustomClientTest extends Scope
$projectId = $this->getProject()['$id'];
$response = $this->client->call(Client::METHOD_PATCH, '/projects/' . $projectId . '/auth/teams-sensitive-attributes', array_merge([
$response = $this->client->call(Client::METHOD_PATCH, '/projects/' . $projectId . '/auth/memberships-privacy', array_merge([
'content-type' => 'application/json',
'x-appwrite-project' => 'console',
'cookie' => 'a_session_console=' . $this->getRoot()['session'],
]), [
'enabled' => false,
'userName' => false,
'userEmail' => false,
'mfa' => false,
]);
$this->assertEquals(200, $response['headers']['status-code']);
@@ -53,12 +55,14 @@ class TeamsCustomClientTest extends Scope
/**
* Update project settings to show sensitive fields
*/
$response = $this->client->call(Client::METHOD_PATCH, '/projects/' . $projectId . '/auth/teams-sensitive-attributes', array_merge([
$response = $this->client->call(Client::METHOD_PATCH, '/projects/' . $projectId . '/auth/memberships-privacy', array_merge([
'content-type' => 'application/json',
'x-appwrite-project' => 'console',
'cookie' => 'a_session_console=' . $this->getRoot()['session'],
]), [
'enabled' => true,
'userName' => true,
'userEmail' => true,
'mfa' => true,
]);
$this->assertEquals(200, $response['headers']['status-code']);