feat: Ability to allow everyone to create projects (#787)

client/src/containers/ProjectsContainer.js

@@ -6,12 +6,13 @@ import entryActions from '../entry-actions';
 import Projects from '../components/Projects';
 
 const mapStateToProps = (state) => {
+  const { allowAllToCreateProjects } = selectors.selectConfig(state);
   const { isAdmin } = selectors.selectCurrentUser(state);
   const projects = selectors.selectProjectsForCurrentUser(state);
 
   return {
     items: projects,
-    canAdd: isAdmin,
+    canAdd: allowAllToCreateProjects || isAdmin,
   };
 };
 

docker-compose-dev.yml

@@ -1,7 +1,6 @@
 version: '3.8'
 
 services:
-
   server:
     build:
       context: ./server
@@ -13,6 +12,7 @@ services:
       - NODE_ENV=development
       - DATABASE_URL=postgresql://user:password@postgres:5432/planka_db
       - SECRET_KEY=notsecretkey
+
       # - TRUST_PROXY=0
       # - TOKEN_EXPIRES_IN=365 # In days
 
@@ -23,6 +23,9 @@ services:
 
       # Configure knex to accept SSL certificates
       # - KNEX_REJECT_UNAUTHORIZED_SSL_CERTIFICATE=false
+
+      # - ALLOW_ALL_TO_CREATE_PROJECTS=true
+
       # - OIDC_ISSUER=
       # - OIDC_CLIENT_ID=
       # - OIDC_CLIENT_SECRET=
@@ -56,7 +59,6 @@ services:
 
       # - SLACK_BOT_TOKEN=
       # - SLACK_CHANNEL_ID=
-
     working_dir: /app
     command: ["sh", "-c", "npm run start"]
     depends_on:
@@ -85,11 +87,11 @@ services:
       dockerfile: ../config/development/Dockerfile.server
     environment:
       - DATABASE_URL=postgresql://user:password@postgres:5432/planka_db
+
       # - DEFAULT_ADMIN_EMAIL=demo@demo.demo # Do not remove if you want to prevent this user from being edited/deleted
       # - DEFAULT_ADMIN_PASSWORD=demo
       # - DEFAULT_ADMIN_NAME=Demo Demo
       # - DEFAULT_ADMIN_USERNAME=demo
-
     working_dir: /app
     command: ["sh", "-c", "npm run db:init"]
     volumes:
@@ -126,6 +128,5 @@ services:
       - server
       - client
 
-
 volumes:
   db-data:

docker-compose.yml

@@ -31,6 +31,8 @@ services:
       # - DEFAULT_ADMIN_NAME=Demo Demo
       # - DEFAULT_ADMIN_USERNAME=demo
 
+      # - ALLOW_ALL_TO_CREATE_PROJECTS=true
+
       # - OIDC_ISSUER=
       # - OIDC_CLIENT_ID=
       # - OIDC_CLIENT_SECRET=

server/.env.sample

@@ -22,6 +22,8 @@ SECRET_KEY=notsecretkey
 # DEFAULT_ADMIN_NAME=Demo Demo
 # DEFAULT_ADMIN_USERNAME=demo
 
+# ALLOW_ALL_TO_CREATE_PROJECTS=true
+
 # OIDC_ISSUER=
 # OIDC_CLIENT_ID=
 # OIDC_CLIENT_SECRET=

server/api/controllers/projects/create.js

@@ -1,3 +1,9 @@
+const Errors = {
+  NOT_ENOUGH_RIGHTS: {
+    notEnoughRights: 'Not enough rights',
+  },
+};
+
 module.exports = {
   inputs: {
     name: {
@@ -6,9 +12,19 @@ module.exports = {
     },
   },
 
+  exits: {
+    notEnoughRights: {
+      responseType: 'forbidden',
+    },
+  },
+
   async fn(inputs) {
     const { currentUser } = this.req;
 
+    if (!currentUser.isAdmin && !sails.config.custom.allowAllToCreateProjects) {
+      throw Errors.NOT_ENOUGH_RIGHTS;
+    }
+
     const values = _.pick(inputs, ['name']);
 
     const { project, projectManager } = await sails.helpers.projects.createOne.with({

server/api/controllers/show-config.js

@@ -17,6 +17,7 @@ module.exports = {
     return {
       item: {
         oidc,
+        allowAllToCreateProjects: sails.config.custom.allowAllToCreateProjects,
       },
     };
   },

server/config/custom.js

@@ -34,6 +34,8 @@ module.exports.custom = {
   defaultAdminEmail:
     process.env.DEFAULT_ADMIN_EMAIL && process.env.DEFAULT_ADMIN_EMAIL.toLowerCase(),
 
+  allowAllToCreateProjects: process.env.ALLOW_ALL_TO_CREATE_PROJECTS === 'true',
+
   oidcIssuer: process.env.OIDC_ISSUER,
   oidcClientId: process.env.OIDC_CLIENT_ID,
   oidcClientSecret: process.env.OIDC_CLIENT_SECRET,

server/config/policies.js

@@ -21,8 +21,6 @@ module.exports.policies = {
   'users/create': ['is-authenticated', 'is-admin'],
   'users/delete': ['is-authenticated', 'is-admin'],
 
-  'projects/create': ['is-authenticated', 'is-admin'],
-
   'show-config': true,
   'access-tokens/create': true,
   'access-tokens/exchange-using-oidc': true,