2020-01-13 21:46:09 +13:00
|
|
|
<?php
|
|
|
|
|
2022-06-22 22:51:49 +12:00
|
|
|
namespace Tests\E2E\Services\Databases;
|
2020-01-13 21:46:09 +13:00
|
|
|
|
2022-01-26 03:51:04 +13:00
|
|
|
use Tests\E2E\Client;
|
2020-01-13 21:46:09 +13:00
|
|
|
use Tests\E2E\Scopes\Scope;
|
|
|
|
use Tests\E2E\Scopes\ProjectCustom;
|
|
|
|
use Tests\E2E\Scopes\SideClient;
|
2022-08-14 22:33:36 +12:00
|
|
|
use Utopia\Database\ID;
|
|
|
|
use Utopia\Database\Permission;
|
|
|
|
use Utopia\Database\Role;
|
2020-01-13 21:46:09 +13:00
|
|
|
|
2022-06-22 22:51:49 +12:00
|
|
|
class DatabasesCustomClientTest extends Scope
|
2020-01-13 21:46:09 +13:00
|
|
|
{
|
2022-06-22 22:51:49 +12:00
|
|
|
use DatabasesBase;
|
2020-01-13 21:46:09 +13:00
|
|
|
use ProjectCustom;
|
|
|
|
use SideClient;
|
2022-01-26 03:51:04 +13:00
|
|
|
|
|
|
|
public function testUpdateWithoutPermission(): array
|
|
|
|
{
|
|
|
|
// If document has been created by server and client tried to update it without adjusting permissions, permission validation should be skipped
|
|
|
|
|
|
|
|
// As a part of preparation, we get ID of currently logged-in user
|
|
|
|
$response = $this->client->call(Client::METHOD_GET, '/account', array_merge([
|
|
|
|
'content-type' => 'application/json',
|
|
|
|
'x-appwrite-project' => $this->getProject()['$id'],
|
2022-06-22 22:51:49 +12:00
|
|
|
'x-appwrite-key' => $this->getProject()['apiKey']
|
2022-01-26 03:51:04 +13:00
|
|
|
], $this->getHeaders()));
|
|
|
|
$this->assertEquals(200, $response['headers']['status-code']);
|
|
|
|
|
|
|
|
$userId = $response['body']['$id'];
|
|
|
|
|
2022-06-22 22:51:49 +12:00
|
|
|
$database = $this->client->call(Client::METHOD_POST, '/databases', array_merge([
|
|
|
|
'content-type' => 'application/json',
|
|
|
|
'x-appwrite-project' => $this->getProject()['$id'],
|
|
|
|
'x-appwrite-key' => $this->getProject()['apiKey']
|
|
|
|
]), [
|
2022-08-14 22:33:36 +12:00
|
|
|
'databaseId' => ID::custom('permissionCheckDatabase'),
|
2022-06-22 22:51:49 +12:00
|
|
|
'name' => 'Test Database',
|
|
|
|
]);
|
|
|
|
$this->assertEquals(201, $database['headers']['status-code']);
|
|
|
|
$this->assertEquals('Test Database', $database['body']['name']);
|
|
|
|
|
|
|
|
$databaseId = $database['body']['$id'];
|
2022-01-26 03:51:04 +13:00
|
|
|
// Create collection
|
2022-06-22 22:51:49 +12:00
|
|
|
$response = $this->client->call(Client::METHOD_POST, '/databases/' . $databaseId . '/collections', array_merge([
|
2022-01-26 03:51:04 +13:00
|
|
|
'content-type' => 'application/json',
|
|
|
|
'x-appwrite-project' => $this->getProject()['$id'],
|
|
|
|
'x-appwrite-key' => $this->getProject()['apiKey']
|
|
|
|
]), [
|
2022-08-14 22:33:36 +12:00
|
|
|
'collectionId' => ID::custom('permissionCheck'),
|
2022-01-26 03:51:04 +13:00
|
|
|
'name' => 'permissionCheck',
|
2022-08-03 16:17:49 +12:00
|
|
|
'permissions' => [],
|
|
|
|
'documentSecurity' => true,
|
2022-01-26 03:51:04 +13:00
|
|
|
]);
|
|
|
|
$this->assertEquals(201, $response['headers']['status-code']);
|
|
|
|
|
|
|
|
// Add attribute to collection
|
2022-06-22 22:51:49 +12:00
|
|
|
$response = $this->client->call(Client::METHOD_POST, '/databases/' . $databaseId . '/collections/permissionCheck/attributes/string', array_merge([
|
2022-01-26 03:51:04 +13:00
|
|
|
'content-type' => 'application/json',
|
|
|
|
'x-appwrite-project' => $this->getProject()['$id'],
|
|
|
|
'x-appwrite-key' => $this->getProject()['apiKey']
|
|
|
|
]), [
|
|
|
|
'key' => 'name',
|
|
|
|
'size' => 255,
|
|
|
|
'required' => true,
|
|
|
|
]);
|
2022-07-19 01:22:23 +12:00
|
|
|
$this->assertEquals(202, $response['headers']['status-code']);
|
2022-01-26 03:51:04 +13:00
|
|
|
|
|
|
|
// Wait for database worker to finish creating attributes
|
|
|
|
sleep(2);
|
|
|
|
|
|
|
|
// Creating document by server, give read permission to our user + some other user
|
2022-06-22 22:51:49 +12:00
|
|
|
$response = $this->client->call(Client::METHOD_POST, '/databases/' . $databaseId . '/collections/permissionCheck/documents', array_merge([
|
2022-01-26 03:51:04 +13:00
|
|
|
'content-type' => 'application/json',
|
|
|
|
'x-appwrite-project' => $this->getProject()['$id'],
|
|
|
|
'x-appwrite-key' => $this->getProject()['apiKey']
|
|
|
|
]), [
|
2022-08-14 22:33:36 +12:00
|
|
|
'documentId' => ID::custom('permissionCheckDocument'),
|
2022-01-26 03:51:04 +13:00
|
|
|
'data' => [
|
|
|
|
'name' => 'AppwriteBeginner',
|
|
|
|
],
|
2022-08-03 16:17:49 +12:00
|
|
|
'permissions' => [
|
2022-08-14 22:33:36 +12:00
|
|
|
Permission::read(Role::user(ID::custom('user2'))),
|
2022-08-15 23:24:31 +12:00
|
|
|
Permission::read(Role::user($userId)),
|
|
|
|
Permission::update(Role::user($userId)),
|
|
|
|
Permission::delete(Role::user($userId)),
|
2022-08-03 16:17:49 +12:00
|
|
|
],
|
2022-01-26 03:51:04 +13:00
|
|
|
]);
|
2022-08-13 00:49:57 +12:00
|
|
|
|
2022-01-26 03:51:04 +13:00
|
|
|
$this->assertEquals(201, $response['headers']['status-code']);
|
|
|
|
|
|
|
|
// Update document
|
|
|
|
// This is the point of this test. We should be allowed to do this action, and it should not fail on permission check
|
2022-06-22 22:51:49 +12:00
|
|
|
$response = $this->client->call(Client::METHOD_PATCH, '/databases/' . $databaseId . '/collections/permissionCheck/documents/permissionCheckDocument', array_merge([
|
2022-01-26 03:51:04 +13:00
|
|
|
'content-type' => 'application/json',
|
|
|
|
'x-appwrite-project' => $this->getProject()['$id'],
|
|
|
|
], $this->getHeaders()), [
|
|
|
|
'data' => [
|
|
|
|
'name' => 'AppwriteExpert',
|
|
|
|
]
|
|
|
|
]);
|
2022-08-08 23:00:03 +12:00
|
|
|
|
2022-01-26 03:51:04 +13:00
|
|
|
$this->assertEquals(200, $response['headers']['status-code']);
|
|
|
|
|
|
|
|
// Get name of the document, should be the new one
|
2022-06-22 22:51:49 +12:00
|
|
|
$response = $this->client->call(Client::METHOD_GET, '/databases/' . $databaseId . '/collections/permissionCheck/documents/permissionCheckDocument', array_merge([
|
2022-01-26 03:51:04 +13:00
|
|
|
'content-type' => 'application/json',
|
|
|
|
'x-appwrite-project' => $this->getProject()['$id'],
|
|
|
|
], $this->getHeaders()));
|
|
|
|
$this->assertEquals(200, $response['headers']['status-code']);
|
|
|
|
$this->assertEquals("AppwriteExpert", $response['body']['name']);
|
|
|
|
|
|
|
|
// Cleanup to prevent collision with other tests
|
|
|
|
// Delete collection
|
2022-06-22 22:51:49 +12:00
|
|
|
$response = $this->client->call(Client::METHOD_DELETE, '/databases/' . $databaseId . '/collections/permissionCheck', array_merge([
|
2022-01-26 03:51:04 +13:00
|
|
|
'content-type' => 'application/json',
|
|
|
|
'x-appwrite-project' => $this->getProject()['$id'],
|
|
|
|
'x-appwrite-key' => $this->getProject()['apiKey']
|
|
|
|
]));
|
|
|
|
|
|
|
|
$this->assertEquals(204, $response['headers']['status-code']);
|
|
|
|
|
|
|
|
|
|
|
|
// Wait for database worker to finish deleting collection
|
|
|
|
sleep(2);
|
|
|
|
|
|
|
|
// Make sure collection has been deleted
|
2022-06-22 22:51:49 +12:00
|
|
|
$response = $this->client->call(Client::METHOD_GET, '/databases/' . $databaseId . '/collections/permissionCheck', array_merge([
|
2022-01-26 03:51:04 +13:00
|
|
|
'content-type' => 'application/json',
|
|
|
|
'x-appwrite-project' => $this->getProject()['$id'],
|
|
|
|
'x-appwrite-key' => $this->getProject()['apiKey']
|
|
|
|
]));
|
|
|
|
$this->assertEquals(404, $response['headers']['status-code']);
|
|
|
|
|
|
|
|
return [];
|
|
|
|
}
|
2022-05-24 02:54:50 +12:00
|
|
|
}
|