yuuza/outline
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Add security preference for workspace creation in cloud (#6801)

Browse Source
This commit is contained in:
Tom Moor
2024-04-13 07:01:15 -06:00
committed by GitHub
parent 1ee82e780e
commit 8490f5d558
8 changed files with 46 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
app/models/Team.ts
View File

@@ -44,6 +44,10 @@ class Team extends Model {
@observable @observable
memberCollectionCreate: boolean; memberCollectionCreate: boolean;
@Field
@observable
memberTeamCreate: boolean;
@Field @Field
@observable @observable
guestSignin: boolean; guestSignin: boolean;

14
app/scenes/Settings/Security.tsx
View File

@@ -34,6 +34,7 @@ function Security() {
guestSignin: team.guestSignin, guestSignin: team.guestSignin,
defaultUserRole: team.defaultUserRole, defaultUserRole: team.defaultUserRole,
memberCollectionCreate: team.memberCollectionCreate, memberCollectionCreate: team.memberCollectionCreate,
memberTeamCreate: team.memberTeamCreate,
inviteRequired: team.inviteRequired, inviteRequired: team.inviteRequired,
}); });
@@ -300,6 +301,19 @@ function Security() {
onChange={handleChange} onChange={handleChange}
/> />
</SettingRow> </SettingRow>
{isCloudHosted && (
<SettingRow
label={t("Workspace creation")}
name="memberTeamCreate"
description={t("Allow editors to create new workspaces")}
>
<Switch
id="memberTeamCreate"
checked={data.memberTeamCreate}
onChange={handleChange}
/>
</SettingRow>
)}
</Scene> </Scene>
); );
} }

15
server/migrations/20240413042634-member-team-create.js Normal file
View File

@@ -0,0 +1,15 @@
"use strict";
module.exports = {
up: async (queryInterface, Sequelize) => {
await queryInterface.addColumn("teams", "memberTeamCreate", {
type: Sequelize.BOOLEAN,
defaultValue: true,
allowNull: false,
});
},
down: async (queryInterface) => {
await queryInterface.removeColumn("teams", "memberTeamCreate");
},
};

4
server/models/Team.ts
View File

@@ -152,6 +152,10 @@ class Team extends ParanoidModel<
@Column @Column
memberCollectionCreate: boolean; memberCollectionCreate: boolean;
@Default(true)
@Column
memberTeamCreate: boolean;
@Default(UserRole.Member) @Default(UserRole.Member)
@IsIn([[UserRole.Viewer, UserRole.Member]]) @IsIn([[UserRole.Viewer, UserRole.Member]])
@Column(DataType.STRING) @Column(DataType.STRING)

7
server/policies/team.ts
View File

@@ -1,6 +1,6 @@
import { Team, User } from "@server/models"; import { Team, User } from "@server/models";
import { allow } from "./cancan"; import { allow } from "./cancan";
import { and, isCloudHosted, isTeamAdmin, isTeamModel } from "./utils"; import { and, isCloudHosted, isTeamAdmin, isTeamModel, or } from "./utils";
allow(User, "read", Team, isTeamModel); allow(User, "read", Team, isTeamModel);
@@ -13,12 +13,13 @@ allow(User, "share", Team, (actor, team) =>
) )
); );
allow(User, "createTeam", Team, (actor) => allow(User, "createTeam", Team, (actor, team) =>
and( and(
// //
isCloudHosted(), isCloudHosted(),
!actor.isGuest, !actor.isGuest,
!actor.isViewer !actor.isViewer,
or(actor.isAdmin, !!team?.memberTeamCreate)
) )
); );

1
server/presenters/team.ts
View File

@@ -7,6 +7,7 @@ export default function presentTeam(team: Team) {
avatarUrl: team.avatarUrl, avatarUrl: team.avatarUrl,
sharing: team.sharing, sharing: team.sharing,
memberCollectionCreate: team.memberCollectionCreate, memberCollectionCreate: team.memberCollectionCreate,
memberTeamCreate: team.memberTeamCreate,
defaultCollectionId: team.defaultCollectionId, defaultCollectionId: team.defaultCollectionId,
documentEmbeds: team.documentEmbeds, documentEmbeds: team.documentEmbeds,
guestSignin: team.emailSigninEnabled, guestSignin: team.emailSigninEnabled,

2
server/routes/api/teams/schema.ts
View File

@@ -18,6 +18,8 @@ export const TeamsUpdateSchema = BaseSchema.extend({
documentEmbeds: z.boolean().optional(), documentEmbeds: z.boolean().optional(),
/** Whether team members are able to create new collections */ /** Whether team members are able to create new collections */
memberCollectionCreate: z.boolean().optional(), memberCollectionCreate: z.boolean().optional(),
/** Whether team members are able to create new workspaces */
memberTeamCreate: z.boolean().optional(),
/** The default landing collection for the team */ /** The default landing collection for the team */
defaultCollectionId: z.string().uuid().nullish(), defaultCollectionId: z.string().uuid().nullish(),
/** The default user role */ /** The default user role */

2
shared/i18n/locales/en_US/translation.json
View File

@@ -930,6 +930,8 @@
"Links to supported services are shown as rich embeds within your documents": "Links to supported services are shown as rich embeds within your documents", "Links to supported services are shown as rich embeds within your documents": "Links to supported services are shown as rich embeds within your documents",
"Collection creation": "Collection creation", "Collection creation": "Collection creation",
"Allow editors to create new collections within the workspace": "Allow editors to create new collections within the workspace", "Allow editors to create new collections within the workspace": "Allow editors to create new collections within the workspace",
"Workspace creation": "Workspace creation",
"Allow editors to create new workspaces": "Allow editors to create new workspaces",
"Draw.io deployment": "Draw.io deployment", "Draw.io deployment": "Draw.io deployment",
"Add your self-hosted draw.io installation url here to enable automatic embedding of diagrams within documents.": "Add your self-hosted draw.io installation url here to enable automatic embedding of diagrams within documents.", "Add your self-hosted draw.io installation url here to enable automatic embedding of diagrams within documents.": "Add your self-hosted draw.io installation url here to enable automatic embedding of diagrams within documents.",
"Grist deployment": "Grist deployment", "Grist deployment": "Grist deployment",