Only allow admins to create polls #352
Replies: 4 comments 14 replies
-
WorkaroundIt's difficult to prevent access to certain paths because the frontend is a SPA and routing is done on the client. However, we can put certain API paths behind authentication via a reverse proxy. This could, however, be a workaround if we could have a list of API paths that should be allowed for all responding users. Here's an example definition for an Ingress definition. Poll responders: - path: /p/
pathType: Prefix
- path: /_next/
pathType: Prefix
- path: /site.webmanifest
pathType: Exact
- path: /api/trpc/polls.touch
pathType: Prefix
- path: /api/trpc/session.get
pathType: Prefix
- path: /api/trpc/polls.get
pathType: Prefix
- path: /api/trpc/polls.comments.list
pathType: Prefix
- path: /api/trpc/polls.commands.add
pathType: Prefix
- path: /api/trpc/polls.participants.list
pathType: Prefix
- path: /api/trpc/polls.participants.add
pathType: Prefix I'm sure there are others, too. For the API calls, those should probably use regex instead since it looks like some API calls are chained so that a prefix wouldn't work. (e.g. Admins only catch-all: - path: /
pathType: Prefix Am I missing any? |
Beta Was this translation helpful? Give feedback.
-
Totally agree, while self-hosting, I don't want any random person that finds my page to start making polls and using my system. I want to be the only person to create polls, but still have people I send the polls to be able to answer. |
Beta Was this translation helpful? Give feedback.
-
I hear you, I understand this is not desirable for self-hosters. I will address this in a future update but no ETA yet for when this will be ready. |
Beta Was this translation helpful? Give feedback.
-
I think this should now be possible by combining these two options within the ...
environment:
- DISABLE_LANDING_PAGE=true
- AUTH_REQUIRED=true
... |
Beta Was this translation helpful? Give feedback.
-
This feature request is to only allow admins to create new polls.
Related: #152
Beta Was this translation helpful? Give feedback.
All reactions