feat(api): EE create project restriction

2022-01-14 11:36:35 +01:00 · 2022-01-14 11:36:35 +01:00 · 6c6a920bcf
commit 6c6a920bcf
parent cf3efa62e8
2 changed files with 3 additions and 0 deletions
--- a/ee/api/chalicelib/core/projects.py
+++ b/ee/api/chalicelib/core/projects.py
@ -169,6 +169,8 @@ def create(tenant_id, user_id, data: schemas.CreateProjectSchema, skip_authoriza
        admin = users.get(user_id=user_id, tenant_id=tenant_id)
        if not admin["admin"] and not admin["superAdmin"]:
            return {"errors": ["unauthorized"]}
+        if admin["roleId"] is not None and not admin["allProjects"]:
+            return {"errors": ["unauthorized: you need allProjects permission to create a new project"]}
    return {"data": __create(tenant_id=tenant_id, name=data.name)}


--- a/ee/api/chalicelib/core/users.py
+++ b/ee/api/chalicelib/core/users.py
@ -274,6 +274,7 @@ def get(user_id, tenant_id):
                        role_id,
                        roles.name AS role_name,
                        roles.permissions,
+                        roles.all_projects,
                        basic_authentication.password IS NOT NULL AS has_password
                    FROM public.users LEFT JOIN public.basic_authentication ON users.user_id=basic_authentication.user_id
                        LEFT JOIN public.roles USING (role_id)