feat: Ability to allow everyone to create projects (#787)

2025-07-18 12:49:43 +02:00 · 2024-06-14 16:38:06 +02:00 · 2024-06-14 16:38:06 +02:00 · 0f8e2b4b0d
commit 0f8e2b4b0d
parent 12189f57f3
8 changed files with 30 additions and 7 deletions
--- a/server/.env.sample
+++ b/server/.env.sample
@ -22,6 +22,8 @@ SECRET_KEY=notsecretkey
 # DEFAULT_ADMIN_NAME=Demo Demo
 # DEFAULT_ADMIN_USERNAME=demo

+# ALLOW_ALL_TO_CREATE_PROJECTS=true
+
 # OIDC_ISSUER=
 # OIDC_CLIENT_ID=
 # OIDC_CLIENT_SECRET=
--- a/server/api/controllers/projects/create.js
+++ b/server/api/controllers/projects/create.js
@ -1,3 +1,9 @@
+const Errors = {
+  NOT_ENOUGH_RIGHTS: {
+    notEnoughRights: 'Not enough rights',
+  },
+};
+
 module.exports = {
  inputs: {
    name: {
@ -6,9 +12,19 @@ module.exports = {
    },
  },

+  exits: {
+    notEnoughRights: {
+      responseType: 'forbidden',
+    },
+  },
+
  async fn(inputs) {
    const { currentUser } = this.req;

+    if (!currentUser.isAdmin && !sails.config.custom.allowAllToCreateProjects) {
+      throw Errors.NOT_ENOUGH_RIGHTS;
+    }
+
    const values = _.pick(inputs, ['name']);

    const { project, projectManager } = await sails.helpers.projects.createOne.with({
--- a/server/api/controllers/show-config.js
+++ b/server/api/controllers/show-config.js
@ -17,6 +17,7 @@ module.exports = {
    return {
      item: {
        oidc,
+        allowAllToCreateProjects: sails.config.custom.allowAllToCreateProjects,
      },
    };
  },
--- a/server/config/custom.js
+++ b/server/config/custom.js
@ -34,6 +34,8 @@ module.exports.custom = {
  defaultAdminEmail:
    process.env.DEFAULT_ADMIN_EMAIL && process.env.DEFAULT_ADMIN_EMAIL.toLowerCase(),

+  allowAllToCreateProjects: process.env.ALLOW_ALL_TO_CREATE_PROJECTS === 'true',
+
  oidcIssuer: process.env.OIDC_ISSUER,
  oidcClientId: process.env.OIDC_CLIENT_ID,
  oidcClientSecret: process.env.OIDC_CLIENT_SECRET,
--- a/server/config/policies.js
+++ b/server/config/policies.js
@ -21,8 +21,6 @@ module.exports.policies = {
  'users/create': ['is-authenticated', 'is-admin'],
  'users/delete': ['is-authenticated', 'is-admin'],

-  'projects/create': ['is-authenticated', 'is-admin'],
-
  'show-config': true,
  'access-tokens/create': true,
  'access-tokens/exchange-using-oidc': true,