Fix #2017[Renaming Public role gives unauthorized error on API ca…

…lls] (#1253)
directus · Sep 4, 2019 · 7fe9056 · 7fe9056
1 parent 78d3bb4
commit 7fe9056
Show file tree

Hide file tree

Showing 4 changed files with 8 additions and 22 deletions.
diff --git a/src/core/Directus/Application/CoreServicesProvider.php b/src/core/Directus/Application/CoreServicesProvider.php
@@ -69,6 +69,7 @@
 use Monolog\Logger;
 use Slim\Views\Twig;
 use Zend\Db\TableGateway\TableGateway;
+use Directus\Api\Routes\Roles;
 
 class CoreServicesProvider
 {
@@ -694,7 +695,7 @@ protected function getEmitter()
                 $acl = $container->get('acl');
                 $tableGateway = new BaseTableGateway(SchemaManager::COLLECTION_ROLES, $zendDb, $acl);
                 $row = $tableGateway->select(['id' => $roleId])->current();
-                if (strtolower($row->name) === 'public') {
+                if (strtolower($row->name) === Roles::PUBLIC) {
                     throw new ForbiddenException('Users cannot be added into the public group');
                 }
 

diff --git a/src/core/Directus/Application/Http/Middleware/AuthenticationMiddleware.php b/src/core/Directus/Application/Http/Middleware/AuthenticationMiddleware.php
@@ -16,6 +16,7 @@
 use Directus\Services\UsersService;
 use Zend\Db\Sql\Select;
 use Zend\Db\TableGateway\TableGateway;
+use Directus\Api\Routes\Roles;
 
 class AuthenticationMiddleware extends AbstractMiddleware
 {
@@ -38,7 +39,7 @@ public function __invoke(Request $request, Response $response, callable $next)
         $dbConnection = $this->container->get('database');
         $permissionsTable = new DirectusPermissionsTableGateway($dbConnection, null);
 
-        $publicRoleId = $this->getPublicRoleId();
+        $publicRoleId = ROLES::PUBLIC;
 
         $rolesIpWhitelist = [];
         $permissionsByCollection = [];
@@ -154,25 +155,6 @@ protected function getAuthToken(Request $request)
         return get_request_authorization_token($request);
     }
 
-    /**
-     * Gets the public role id if exists
-     *
-     * @return int|null
-     */
-    protected function getPublicRoleId()
-    {
-        $dbConnection = $this->container->get('database');
-        $directusGroupsTableGateway = new TableGateway('directus_roles', $dbConnection);
-        $publicRole = $directusGroupsTableGateway->select(['name' => 'public'])->current();
-
-        $roleId = null;
-        if ($publicRole) {
-            $roleId = $publicRole['id'];
-        }
-
-        return $roleId;
-    }
-
     /**
      * Gets IP whitelist
      *

diff --git a/src/core/Directus/Services/RolesService.php b/src/core/Directus/Services/RolesService.php
@@ -8,6 +8,7 @@
 use Directus\Database\TableGateway\DirectusRolesTableGateway;
 use Directus\Exception\UnauthorizedException;
 use Directus\Util\ArrayUtils;
+use Directus\Api\Routes\Roles;
 
 class RolesService extends AbstractService
 {
@@ -157,7 +158,7 @@ public function canDelete($id, $fetchNew = false)
         }
 
         // TODO: RowGateWay should parse values against their column type
-        return !(!$group || $group->id == 1 || strtolower($group->name) === 'public');
+        return !(!$group || $group->id == 1 || strtolower($group->name) === Roles::PUBLIC);
     }
 
     /**

diff --git a/src/endpoints/Roles.php b/src/endpoints/Roles.php
@@ -11,6 +11,8 @@
 
 class Roles extends Route
 {
+    const ADMIN = 1;
+    const PUBLIC = 2;
     /**
      * @param Application $app
      */