2020-01-13 21:46:09 +13:00
< ? php
2022-06-22 22:51:49 +12:00
namespace Tests\E2E\Services\Databases ;
2020-01-13 21:46:09 +13:00
2022-01-26 03:51:04 +13:00
use Tests\E2E\Client ;
2020-01-13 21:46:09 +13:00
use Tests\E2E\Scopes\ProjectCustom ;
2024-03-07 06:34:21 +13:00
use Tests\E2E\Scopes\Scope ;
2020-01-13 21:46:09 +13:00
use Tests\E2E\Scopes\SideClient ;
2023-11-17 02:56:52 +13:00
use Utopia\Database\Database ;
2022-12-15 04:42:25 +13:00
use Utopia\Database\Helpers\ID ;
2022-12-15 05:04:06 +13:00
use Utopia\Database\Helpers\Permission ;
use Utopia\Database\Helpers\Role ;
2020-01-13 21:46:09 +13:00
2022-06-22 22:51:49 +12:00
class DatabasesCustomClientTest extends Scope
2020-01-13 21:46:09 +13:00
{
2022-06-22 22:51:49 +12:00
use DatabasesBase ;
2020-01-13 21:46:09 +13:00
use ProjectCustom ;
use SideClient ;
2022-01-26 03:51:04 +13:00
2022-09-05 14:16:40 +12:00
public function testAllowedPermissions () : void
{
/**
* Test for SUCCESS
*/
$database = $this -> client -> call ( Client :: METHOD_POST , '/databases' , [
'content-type' => 'application/json' ,
'x-appwrite-project' => $this -> getProject ()[ '$id' ],
'x-appwrite-key' => $this -> getProject ()[ 'apiKey' ]
], [
'databaseId' => ID :: unique (),
'name' => 'Test Database'
]);
$databaseId = $database [ 'body' ][ '$id' ];
// Collection aliases write to create, update, delete
$movies = $this -> client -> call ( Client :: METHOD_POST , '/databases/' . $databaseId . '/collections' , array_merge ([
'content-type' => 'application/json' ,
'x-appwrite-project' => $this -> getProject ()[ '$id' ],
'x-appwrite-key' => $this -> getProject ()[ 'apiKey' ]
]), [
'collectionId' => ID :: unique (),
'name' => 'Movies' ,
'documentSecurity' => true ,
'permissions' => [
2022-09-06 21:13:42 +12:00
Permission :: write ( Role :: user ( $this -> getUser ()[ '$id' ])),
2022-09-05 14:16:40 +12:00
],
]);
2022-09-05 19:51:33 +12:00
$moviesId = $movies [ 'body' ][ '$id' ];
2022-09-05 14:16:40 +12:00
$this -> assertContains ( Permission :: create ( Role :: user ( $this -> getUser ()[ '$id' ])), $movies [ 'body' ][ '$permissions' ]);
$this -> assertContains ( Permission :: update ( Role :: user ( $this -> getUser ()[ '$id' ])), $movies [ 'body' ][ '$permissions' ]);
$this -> assertContains ( Permission :: delete ( Role :: user ( $this -> getUser ()[ '$id' ])), $movies [ 'body' ][ '$permissions' ]);
2023-03-17 00:48:27 +13:00
$response = $this -> client -> call ( Client :: METHOD_POST , '/databases/' . $databaseId . '/collections/' . $moviesId . '/attributes/string' , array_merge ([
2022-09-05 19:51:33 +12:00
'content-type' => 'application/json' ,
'x-appwrite-project' => $this -> getProject ()[ '$id' ],
'x-appwrite-key' => $this -> getProject ()[ 'apiKey' ]
]), [
'key' => 'title' ,
'size' => 256 ,
'required' => true ,
]);
sleep ( 1 );
2023-03-17 00:48:27 +13:00
$this -> assertEquals ( 202 , $response [ 'headers' ][ 'status-code' ]);
2022-09-05 14:16:40 +12:00
// Document aliases write to update, delete
2022-09-05 19:51:33 +12:00
$document1 = $this -> client -> call ( Client :: METHOD_POST , '/databases/' . $databaseId . '/collections/' . $moviesId . '/documents' , array_merge ([
2022-09-05 14:16:40 +12:00
'content-type' => 'application/json' ,
'x-appwrite-project' => $this -> getProject ()[ '$id' ],
], $this -> getHeaders ()), [
'documentId' => ID :: unique (),
'data' => [
'title' => 'Captain America' ,
],
'permissions' => [
2022-09-06 21:13:42 +12:00
Permission :: write ( Role :: user ( $this -> getUser ()[ '$id' ])),
2022-09-05 14:16:40 +12:00
]
]);
$this -> assertNotContains ( Permission :: create ( Role :: user ( $this -> getUser ()[ '$id' ])), $document1 [ 'body' ][ '$permissions' ]);
$this -> assertContains ( Permission :: update ( Role :: user ( $this -> getUser ()[ '$id' ])), $document1 [ 'body' ][ '$permissions' ]);
$this -> assertContains ( Permission :: delete ( Role :: user ( $this -> getUser ()[ '$id' ])), $document1 [ 'body' ][ '$permissions' ]);
/**
* Test for FAILURE
*/
// Document does not allow create permission
2022-09-05 19:51:33 +12:00
$document2 = $this -> client -> call ( Client :: METHOD_POST , '/databases/' . $databaseId . '/collections/' . $moviesId . '/documents' , array_merge ([
2022-09-05 14:16:40 +12:00
'content-type' => 'application/json' ,
'x-appwrite-project' => $this -> getProject ()[ '$id' ],
], $this -> getHeaders ()), [
'documentId' => ID :: unique (),
'data' => [
'title' => 'Captain America' ,
],
'permissions' => [
Permission :: create ( Role :: user ( $this -> getUser ()[ '$id' ])),
]
]);
$this -> assertEquals ( 400 , $document2 [ 'headers' ][ 'status-code' ]);
}
2022-01-26 03:51:04 +13:00
public function testUpdateWithoutPermission () : array
{
// If document has been created by server and client tried to update it without adjusting permissions, permission validation should be skipped
// As a part of preparation, we get ID of currently logged-in user
$response = $this -> client -> call ( Client :: METHOD_GET , '/account' , array_merge ([
'content-type' => 'application/json' ,
'x-appwrite-project' => $this -> getProject ()[ '$id' ],
], $this -> getHeaders ()));
$this -> assertEquals ( 200 , $response [ 'headers' ][ 'status-code' ]);
$userId = $response [ 'body' ][ '$id' ];
2022-06-22 22:51:49 +12:00
$database = $this -> client -> call ( Client :: METHOD_POST , '/databases' , array_merge ([
'content-type' => 'application/json' ,
'x-appwrite-project' => $this -> getProject ()[ '$id' ],
'x-appwrite-key' => $this -> getProject ()[ 'apiKey' ]
]), [
2022-08-14 22:33:36 +12:00
'databaseId' => ID :: custom ( 'permissionCheckDatabase' ),
2022-06-22 22:51:49 +12:00
'name' => 'Test Database' ,
]);
$this -> assertEquals ( 201 , $database [ 'headers' ][ 'status-code' ]);
$this -> assertEquals ( 'Test Database' , $database [ 'body' ][ 'name' ]);
$databaseId = $database [ 'body' ][ '$id' ];
2022-01-26 03:51:04 +13:00
// Create collection
2022-06-22 22:51:49 +12:00
$response = $this -> client -> call ( Client :: METHOD_POST , '/databases/' . $databaseId . '/collections' , array_merge ([
2022-01-26 03:51:04 +13:00
'content-type' => 'application/json' ,
'x-appwrite-project' => $this -> getProject ()[ '$id' ],
'x-appwrite-key' => $this -> getProject ()[ 'apiKey' ]
]), [
2022-08-14 22:33:36 +12:00
'collectionId' => ID :: custom ( 'permissionCheck' ),
2022-01-26 03:51:04 +13:00
'name' => 'permissionCheck' ,
2022-08-03 16:17:49 +12:00
'permissions' => [],
'documentSecurity' => true ,
2022-01-26 03:51:04 +13:00
]);
$this -> assertEquals ( 201 , $response [ 'headers' ][ 'status-code' ]);
// Add attribute to collection
2022-06-22 22:51:49 +12:00
$response = $this -> client -> call ( Client :: METHOD_POST , '/databases/' . $databaseId . '/collections/permissionCheck/attributes/string' , array_merge ([
2022-01-26 03:51:04 +13:00
'content-type' => 'application/json' ,
'x-appwrite-project' => $this -> getProject ()[ '$id' ],
'x-appwrite-key' => $this -> getProject ()[ 'apiKey' ]
]), [
'key' => 'name' ,
'size' => 255 ,
'required' => true ,
]);
2022-07-19 01:22:23 +12:00
$this -> assertEquals ( 202 , $response [ 'headers' ][ 'status-code' ]);
2022-01-26 03:51:04 +13:00
// Wait for database worker to finish creating attributes
sleep ( 2 );
// Creating document by server, give read permission to our user + some other user
2022-06-22 22:51:49 +12:00
$response = $this -> client -> call ( Client :: METHOD_POST , '/databases/' . $databaseId . '/collections/permissionCheck/documents' , array_merge ([
2022-01-26 03:51:04 +13:00
'content-type' => 'application/json' ,
'x-appwrite-project' => $this -> getProject ()[ '$id' ],
'x-appwrite-key' => $this -> getProject ()[ 'apiKey' ]
]), [
2022-08-14 22:33:36 +12:00
'documentId' => ID :: custom ( 'permissionCheckDocument' ),
2022-01-26 03:51:04 +13:00
'data' => [
'name' => 'AppwriteBeginner' ,
],
2022-08-03 16:17:49 +12:00
'permissions' => [
2022-08-14 22:33:36 +12:00
Permission :: read ( Role :: user ( ID :: custom ( 'user2' ))),
2022-08-15 23:24:31 +12:00
Permission :: read ( Role :: user ( $userId )),
Permission :: update ( Role :: user ( $userId )),
Permission :: delete ( Role :: user ( $userId )),
2022-08-03 16:17:49 +12:00
],
2022-01-26 03:51:04 +13:00
]);
2022-08-13 00:49:57 +12:00
2022-01-26 03:51:04 +13:00
$this -> assertEquals ( 201 , $response [ 'headers' ][ 'status-code' ]);
// Update document
// This is the point of this test. We should be allowed to do this action, and it should not fail on permission check
2022-06-22 22:51:49 +12:00
$response = $this -> client -> call ( Client :: METHOD_PATCH , '/databases/' . $databaseId . '/collections/permissionCheck/documents/permissionCheckDocument' , array_merge ([
2022-01-26 03:51:04 +13:00
'content-type' => 'application/json' ,
'x-appwrite-project' => $this -> getProject ()[ '$id' ],
], $this -> getHeaders ()), [
'data' => [
'name' => 'AppwriteExpert' ,
]
]);
2022-08-08 23:00:03 +12:00
2022-01-26 03:51:04 +13:00
$this -> assertEquals ( 200 , $response [ 'headers' ][ 'status-code' ]);
// Get name of the document, should be the new one
2022-06-22 22:51:49 +12:00
$response = $this -> client -> call ( Client :: METHOD_GET , '/databases/' . $databaseId . '/collections/permissionCheck/documents/permissionCheckDocument' , array_merge ([
2022-01-26 03:51:04 +13:00
'content-type' => 'application/json' ,
'x-appwrite-project' => $this -> getProject ()[ '$id' ],
], $this -> getHeaders ()));
$this -> assertEquals ( 200 , $response [ 'headers' ][ 'status-code' ]);
$this -> assertEquals ( " AppwriteExpert " , $response [ 'body' ][ 'name' ]);
// Cleanup to prevent collision with other tests
// Delete collection
2022-06-22 22:51:49 +12:00
$response = $this -> client -> call ( Client :: METHOD_DELETE , '/databases/' . $databaseId . '/collections/permissionCheck' , array_merge ([
2022-01-26 03:51:04 +13:00
'content-type' => 'application/json' ,
'x-appwrite-project' => $this -> getProject ()[ '$id' ],
'x-appwrite-key' => $this -> getProject ()[ 'apiKey' ]
]));
$this -> assertEquals ( 204 , $response [ 'headers' ][ 'status-code' ]);
// Wait for database worker to finish deleting collection
sleep ( 2 );
// Make sure collection has been deleted
2022-06-22 22:51:49 +12:00
$response = $this -> client -> call ( Client :: METHOD_GET , '/databases/' . $databaseId . '/collections/permissionCheck' , array_merge ([
2022-01-26 03:51:04 +13:00
'content-type' => 'application/json' ,
'x-appwrite-project' => $this -> getProject ()[ '$id' ],
'x-appwrite-key' => $this -> getProject ()[ 'apiKey' ]
]));
$this -> assertEquals ( 404 , $response [ 'headers' ][ 'status-code' ]);
return [];
}
2023-07-08 07:58:24 +12:00
public function testUpdateTwoWayRelationship () : void
{
$database = $this -> client -> call ( Client :: METHOD_POST , '/databases' , [
'content-type' => 'application/json' ,
'x-appwrite-project' => $this -> getProject ()[ '$id' ],
'x-appwrite-key' => $this -> getProject ()[ 'apiKey' ]
], [
'databaseId' => ID :: unique (),
'name' => 'Test Database'
]);
$databaseId = $database [ 'body' ][ '$id' ];
2023-07-10 20:04:32 +12:00
// Creating collection 1
2023-07-08 07:58:24 +12:00
$collection1 = $this -> client -> call ( Client :: METHOD_POST , '/databases/' . $databaseId . '/collections' , array_merge ([
'content-type' => 'application/json' ,
'x-appwrite-project' => $this -> getProject ()[ '$id' ],
'x-appwrite-key' => $this -> getProject ()[ 'apiKey' ]
]), [
'collectionId' => ID :: unique (),
'name' => 'level1' ,
'documentSecurity' => false ,
'permissions' => [
Permission :: create ( Role :: user ( $this -> getUser ()[ '$id' ])),
Permission :: read ( Role :: user ( $this -> getUser ()[ '$id' ])),
Permission :: update ( Role :: user ( $this -> getUser ()[ '$id' ])),
Permission :: delete ( Role :: user ( $this -> getUser ()[ '$id' ])),
]
]);
2023-07-10 20:04:32 +12:00
// Creating collection 2
2023-07-08 07:58:24 +12:00
$collection2 = $this -> client -> call ( Client :: METHOD_POST , '/databases/' . $databaseId . '/collections' , array_merge ([
'content-type' => 'application/json' ,
'x-appwrite-project' => $this -> getProject ()[ '$id' ],
'x-appwrite-key' => $this -> getProject ()[ 'apiKey' ]
]), [
'collectionId' => ID :: unique (),
'name' => 'level2' ,
'documentSecurity' => false ,
'permissions' => [
Permission :: create ( Role :: user ( $this -> getUser ()[ '$id' ])),
Permission :: read ( Role :: user ( $this -> getUser ()[ '$id' ])),
Permission :: update ( Role :: user ( $this -> getUser ()[ '$id' ])),
Permission :: delete ( Role :: user ( $this -> getUser ()[ '$id' ])),
]
]);
\sleep ( 2 );
2023-07-10 20:04:32 +12:00
// Creating two way relationship between collection 1 and collection 2 from collection 1
2023-07-08 07:58:24 +12:00
$relation = $this -> client -> call ( Client :: METHOD_POST , '/databases/' . $databaseId . '/collections/' . $collection1 [ 'body' ][ '$id' ] . '/attributes/relationship' , array_merge ([
'content-type' => 'application/json' ,
'x-appwrite-project' => $this -> getProject ()[ '$id' ],
'x-appwrite-key' => $this -> getProject ()[ 'apiKey' ]
]), [
'relatedCollectionId' => $collection2 [ 'body' ][ '$id' ],
'type' => 'oneToMany' ,
'twoWay' => true ,
'onDelete' => 'cascade' ,
'key' => $collection2 [ 'body' ][ '$id' ],
'twoWayKey' => $collection1 [ 'body' ][ '$id' ]
]);
\sleep ( 3 );
2023-07-10 20:04:32 +12:00
// Update relation from collection 2 to on delete restrict
2023-07-08 07:58:24 +12:00
$this -> client -> call ( Client :: METHOD_PATCH , '/databases/' . $databaseId . '/collections/' . $collection2 [ 'body' ][ '$id' ] . '/attributes/' . $collection1 [ 'body' ][ '$id' ] . '/relationship' , array_merge ([
'content-type' => 'application/json' ,
'x-appwrite-project' => $this -> getProject ()[ '$id' ],
'x-appwrite-key' => $this -> getProject ()[ 'apiKey' ]
]), [
'onDelete' => 'restrict' ,
]);
2023-07-10 20:04:32 +12:00
// Fetching attributes after updating relation to compare
2023-07-08 07:58:24 +12:00
$collection1Attributes = $this -> client -> call ( Client :: METHOD_GET , '/databases/' . $databaseId . '/collections/' . $collection1 [ 'body' ][ '$id' ], [
'content-type' => 'application/json' ,
'x-appwrite-project' => $this -> getProject ()[ '$id' ],
'x-appwrite-key' => $this -> getProject ()[ 'apiKey' ]
]);
$collection1RelationAttribute = $collection1Attributes [ 'body' ][ 'attributes' ][ 0 ];
$this -> assertEquals ( $relation [ 'body' ][ 'side' ], $collection1RelationAttribute [ 'side' ]);
$this -> assertEquals ( $relation [ 'body' ][ 'twoWayKey' ], $collection1RelationAttribute [ 'twoWayKey' ]);
$this -> assertEquals ( $relation [ 'body' ][ 'relatedCollection' ], $collection1RelationAttribute [ 'relatedCollection' ]);
$this -> assertEquals ( 'restrict' , $collection1RelationAttribute [ 'onDelete' ]);
}
2023-07-14 05:45:10 +12:00
2023-11-17 02:56:52 +13:00
public function testRelationshipSameTwoWayKey () : void
{
$database = $this -> client -> call ( Client :: METHOD_POST , '/databases' , [
'content-type' => 'application/json' ,
'x-appwrite-project' => $this -> getProject ()[ '$id' ],
'x-appwrite-key' => $this -> getProject ()[ 'apiKey' ]
], [
'databaseId' => ID :: unique (),
'name' => 'Same two way key'
]);
$databaseId = $database [ 'body' ][ '$id' ];
$collection1 = $this -> client -> call ( Client :: METHOD_POST , '/databases/' . $databaseId . '/collections' , array_merge ([
'content-type' => 'application/json' ,
'x-appwrite-project' => $this -> getProject ()[ '$id' ],
'x-appwrite-key' => $this -> getProject ()[ 'apiKey' ]
]), [
'collectionId' => ID :: unique (),
'name' => 'c1' ,
'documentSecurity' => false ,
'permissions' => [
Permission :: create ( Role :: user ( $this -> getUser ()[ '$id' ])),
Permission :: read ( Role :: user ( $this -> getUser ()[ '$id' ])),
Permission :: update ( Role :: user ( $this -> getUser ()[ '$id' ])),
Permission :: delete ( Role :: user ( $this -> getUser ()[ '$id' ])),
]
]);
$collection2 = $this -> client -> call ( Client :: METHOD_POST , '/databases/' . $databaseId . '/collections' , array_merge ([
'content-type' => 'application/json' ,
'x-appwrite-project' => $this -> getProject ()[ '$id' ],
'x-appwrite-key' => $this -> getProject ()[ 'apiKey' ]
]), [
'collectionId' => ID :: unique (),
'name' => 'c2' ,
'documentSecurity' => false ,
'permissions' => [
Permission :: create ( Role :: user ( $this -> getUser ()[ '$id' ])),
Permission :: read ( Role :: user ( $this -> getUser ()[ '$id' ])),
Permission :: update ( Role :: user ( $this -> getUser ()[ '$id' ])),
Permission :: delete ( Role :: user ( $this -> getUser ()[ '$id' ])),
]
]);
\sleep ( 2 );
$relation = $this -> client -> call ( Client :: METHOD_POST , '/databases/' . $databaseId . '/collections/' . $collection1 [ 'body' ][ '$id' ] . '/attributes/relationship' , array_merge ([
'content-type' => 'application/json' ,
'x-appwrite-project' => $this -> getProject ()[ '$id' ],
'x-appwrite-key' => $this -> getProject ()[ 'apiKey' ]
]), [
'relatedCollectionId' => $collection2 [ 'body' ][ '$id' ],
'type' => Database :: RELATION_ONE_TO_ONE ,
'twoWay' => false ,
'onDelete' => 'cascade' ,
'key' => 'attr1' ,
'twoWayKey' => 'same_key'
]);
\sleep ( 2 );
$this -> assertEquals ( 202 , $relation [ 'headers' ][ 'status-code' ]);
$this -> assertEquals ( 'same_key' , $relation [ 'body' ][ 'twoWayKey' ]);
$relation = $this -> client -> call ( Client :: METHOD_POST , '/databases/' . $databaseId . '/collections/' . $collection1 [ 'body' ][ '$id' ] . '/attributes/relationship' , array_merge ([
'content-type' => 'application/json' ,
'x-appwrite-project' => $this -> getProject ()[ '$id' ],
'x-appwrite-key' => $this -> getProject ()[ 'apiKey' ]
]), [
'relatedCollectionId' => $collection2 [ 'body' ][ '$id' ],
'type' => Database :: RELATION_ONE_TO_MANY ,
'twoWay' => false ,
'onDelete' => 'cascade' ,
'key' => 'attr2' ,
'twoWayKey' => 'same_key'
]);
\sleep ( 2 );
$this -> assertEquals ( 409 , $relation [ 'body' ][ 'code' ]);
$this -> assertEquals ( 'Attribute with the requested key already exists. Attribute keys must be unique, try again with a different key.' , $relation [ 'body' ][ 'message' ]);
// twoWayKey is null TwoWayKey is default
$relation = $this -> client -> call ( Client :: METHOD_POST , '/databases/' . $databaseId . '/collections/' . $collection1 [ 'body' ][ '$id' ] . '/attributes/relationship' , array_merge ([
'content-type' => 'application/json' ,
'x-appwrite-project' => $this -> getProject ()[ '$id' ],
'x-appwrite-key' => $this -> getProject ()[ 'apiKey' ]
]), [
'relatedCollectionId' => $collection2 [ 'body' ][ '$id' ],
'type' => Database :: RELATION_ONE_TO_MANY ,
'twoWay' => false ,
'onDelete' => 'cascade' ,
'key' => 'attr3' ,
]);
\sleep ( 2 );
$this -> assertEquals ( 202 , $relation [ 'headers' ][ 'status-code' ]);
$this -> assertArrayHasKey ( 'twoWayKey' , $relation [ 'body' ]);
// twoWayKey is null, TwoWayKey is default, second POST
$relation = $this -> client -> call ( Client :: METHOD_POST , '/databases/' . $databaseId . '/collections/' . $collection1 [ 'body' ][ '$id' ] . '/attributes/relationship' , array_merge ([
'content-type' => 'application/json' ,
'x-appwrite-project' => $this -> getProject ()[ '$id' ],
'x-appwrite-key' => $this -> getProject ()[ 'apiKey' ]
]), [
'relatedCollectionId' => $collection2 [ 'body' ][ '$id' ],
'type' => Database :: RELATION_ONE_TO_MANY ,
'twoWay' => false ,
'onDelete' => 'cascade' ,
'key' => 'attr4' ,
]);
\sleep ( 2 );
$this -> assertEquals ( 'Attribute with the requested key already exists. Attribute keys must be unique, try again with a different key.' , $relation [ 'body' ][ 'message' ]);
$this -> assertEquals ( 409 , $relation [ 'body' ][ 'code' ]);
// RelationshipManyToMany
$relation = $this -> client -> call ( Client :: METHOD_POST , '/databases/' . $databaseId . '/collections/' . $collection1 [ 'body' ][ '$id' ] . '/attributes/relationship' , array_merge ([
'content-type' => 'application/json' ,
'x-appwrite-project' => $this -> getProject ()[ '$id' ],
'x-appwrite-key' => $this -> getProject ()[ 'apiKey' ]
]), [
'relatedCollectionId' => $collection2 [ 'body' ][ '$id' ],
'type' => Database :: RELATION_MANY_TO_MANY ,
'twoWay' => true ,
'onDelete' => 'setNull' ,
'key' => 'songs' ,
'twoWayKey' => 'playlist' ,
]);
\sleep ( 2 );
$this -> assertEquals ( 202 , $relation [ 'headers' ][ 'status-code' ]);
$this -> assertArrayHasKey ( 'twoWayKey' , $relation [ 'body' ]);
// Second RelationshipManyToMany on Same collections
$relation = $this -> client -> call ( Client :: METHOD_POST , '/databases/' . $databaseId . '/collections/' . $collection1 [ 'body' ][ '$id' ] . '/attributes/relationship' , array_merge ([
'content-type' => 'application/json' ,
'x-appwrite-project' => $this -> getProject ()[ '$id' ],
'x-appwrite-key' => $this -> getProject ()[ 'apiKey' ]
]), [
'relatedCollectionId' => $collection2 [ 'body' ][ '$id' ],
'type' => Database :: RELATION_MANY_TO_MANY ,
'twoWay' => true ,
'onDelete' => 'setNull' ,
'key' => 'songs2' ,
'twoWayKey' => 'playlist2' ,
]);
\sleep ( 2 );
$this -> assertEquals ( 409 , $relation [ 'body' ][ 'code' ]);
$this -> assertEquals ( 'Creating more than one "manyToMany" relationship on the same collection is currently not permitted.' , $relation [ 'body' ][ 'message' ]);
}
2023-07-14 05:45:10 +12:00
public function testUpdateWithoutRelationPermission () : void
{
2023-08-09 03:50:19 +12:00
$userId = $this -> getUser ()[ '$id' ];
2023-07-14 05:45:10 +12:00
$database = $this -> client -> call ( Client :: METHOD_POST , '/databases' , [
'content-type' => 'application/json' ,
'x-appwrite-project' => $this -> getProject ()[ '$id' ],
'x-appwrite-key' => $this -> getProject ()[ 'apiKey' ]
], [
'databaseId' => ID :: unique (),
'name' => ID :: unique (),
]);
$databaseId = $database [ 'body' ][ '$id' ];
// Creating collection 1
$collection1 = $this -> client -> call ( Client :: METHOD_POST , '/databases/' . $databaseId . '/collections' , array_merge ([
'content-type' => 'application/json' ,
'x-appwrite-project' => $this -> getProject ()[ '$id' ],
'x-appwrite-key' => $this -> getProject ()[ 'apiKey' ]
]), [
2023-08-02 05:59:15 +12:00
'collectionId' => ID :: custom ( 'collection1' ),
'name' => ID :: custom ( 'collection1' ),
2023-07-14 05:45:10 +12:00
'documentSecurity' => false ,
'permissions' => [
Permission :: create ( Role :: user ( $userId )),
Permission :: read ( Role :: user ( $userId )),
Permission :: delete ( Role :: user ( $userId )),
]
]);
// Creating collection 2
$collection2 = $this -> client -> call ( Client :: METHOD_POST , '/databases/' . $databaseId . '/collections' , array_merge ([
'content-type' => 'application/json' ,
'x-appwrite-project' => $this -> getProject ()[ '$id' ],
'x-appwrite-key' => $this -> getProject ()[ 'apiKey' ]
]), [
2023-08-02 05:59:15 +12:00
'collectionId' => ID :: custom ( 'collection2' ),
'name' => ID :: custom ( 'collection2' ),
2023-07-14 05:45:10 +12:00
'documentSecurity' => false ,
'permissions' => [
Permission :: read ( Role :: user ( $userId )),
]
]);
2023-07-29 18:31:10 +12:00
$collection3 = $this -> client -> call ( Client :: METHOD_POST , '/databases/' . $databaseId . '/collections' , array_merge ([
'content-type' => 'application/json' ,
'x-appwrite-project' => $this -> getProject ()[ '$id' ],
'x-appwrite-key' => $this -> getProject ()[ 'apiKey' ]
]), [
2023-08-02 05:59:15 +12:00
'collectionId' => ID :: custom ( 'collection3' ),
'name' => ID :: custom ( 'collection3' ),
2023-07-29 18:31:10 +12:00
'documentSecurity' => false ,
'permissions' => [
Permission :: create ( Role :: user ( $userId )),
Permission :: read ( Role :: user ( $userId )),
2023-08-02 06:02:15 +12:00
Permission :: delete ( Role :: user ( $userId )),
2023-08-02 05:59:15 +12:00
]
]);
$collection4 = $this -> client -> call ( Client :: METHOD_POST , '/databases/' . $databaseId . '/collections' , array_merge ([
'content-type' => 'application/json' ,
'x-appwrite-project' => $this -> getProject ()[ '$id' ],
'x-appwrite-key' => $this -> getProject ()[ 'apiKey' ]
]), [
'collectionId' => ID :: custom ( 'collection4' ),
'name' => ID :: custom ( 'collection4' ),
'documentSecurity' => false ,
'permissions' => [
Permission :: read ( Role :: user ( $userId )),
]
]);
$collection5 = $this -> client -> call ( Client :: METHOD_POST , '/databases/' . $databaseId . '/collections' , array_merge ([
'content-type' => 'application/json' ,
'x-appwrite-project' => $this -> getProject ()[ '$id' ],
'x-appwrite-key' => $this -> getProject ()[ 'apiKey' ]
]), [
'collectionId' => ID :: custom ( 'collection5' ),
'name' => ID :: custom ( 'collection5' ),
'documentSecurity' => false ,
'permissions' => [
Permission :: create ( Role :: user ( $userId )),
Permission :: read ( Role :: user ( $userId )),
2023-08-02 06:02:15 +12:00
Permission :: delete ( Role :: user ( $userId )),
2023-08-02 05:59:15 +12:00
]
2023-07-29 18:31:10 +12:00
]);
// Creating one to one relationship from collection 1 to colletion 2
$this -> client -> call ( Client :: METHOD_POST , '/databases/' . $databaseId . '/collections/' . $collection1 [ 'body' ][ '$id' ] . '/attributes/relationship' , array_merge ([
2023-07-14 05:45:10 +12:00
'content-type' => 'application/json' ,
'x-appwrite-project' => $this -> getProject ()[ '$id' ],
'x-appwrite-key' => $this -> getProject ()[ 'apiKey' ]
]), [
'relatedCollectionId' => $collection2 [ 'body' ][ '$id' ],
2023-07-29 18:31:10 +12:00
'type' => 'oneToOne' ,
2023-07-14 05:45:10 +12:00
'twoWay' => false ,
'onDelete' => 'setNull' ,
'key' => $collection2 [ 'body' ][ '$id' ]
]);
2023-07-29 18:31:10 +12:00
// Creating one to one relationship from collection 2 to colletion 3
$this -> client -> call ( Client :: METHOD_POST , '/databases/' . $databaseId . '/collections/' . $collection2 [ 'body' ][ '$id' ] . '/attributes/relationship' , array_merge ([
'content-type' => 'application/json' ,
'x-appwrite-project' => $this -> getProject ()[ '$id' ],
'x-appwrite-key' => $this -> getProject ()[ 'apiKey' ]
]), [
'relatedCollectionId' => $collection3 [ 'body' ][ '$id' ],
'type' => 'oneToOne' ,
'twoWay' => false ,
'onDelete' => 'setNull' ,
'key' => $collection3 [ 'body' ][ '$id' ]
]);
2023-08-02 05:59:15 +12:00
// Creating one to one relationship from collection 3 to colletion 4
$this -> client -> call ( Client :: METHOD_POST , '/databases/' . $databaseId . '/collections/' . $collection3 [ 'body' ][ '$id' ] . '/attributes/relationship' , array_merge ([
'content-type' => 'application/json' ,
'x-appwrite-project' => $this -> getProject ()[ '$id' ],
'x-appwrite-key' => $this -> getProject ()[ 'apiKey' ]
]), [
'relatedCollectionId' => $collection4 [ 'body' ][ '$id' ],
'type' => 'oneToOne' ,
'twoWay' => false ,
'onDelete' => 'setNull' ,
'key' => $collection4 [ 'body' ][ '$id' ]
]);
// Creating one to one relationship from collection 4 to colletion 5
$this -> client -> call ( Client :: METHOD_POST , '/databases/' . $databaseId . '/collections/' . $collection4 [ 'body' ][ '$id' ] . '/attributes/relationship' , array_merge ([
'content-type' => 'application/json' ,
'x-appwrite-project' => $this -> getProject ()[ '$id' ],
'x-appwrite-key' => $this -> getProject ()[ 'apiKey' ]
]), [
'relatedCollectionId' => $collection5 [ 'body' ][ '$id' ],
'type' => 'oneToOne' ,
'twoWay' => false ,
'onDelete' => 'setNull' ,
'key' => $collection5 [ 'body' ][ '$id' ]
]);
2023-07-14 05:45:10 +12:00
$this -> client -> call ( Client :: METHOD_POST , '/databases/' . $databaseId . '/collections/' . $collection1 [ 'body' ][ '$id' ] . '/attributes/string' , array_merge ([
'content-type' => 'application/json' ,
'x-appwrite-project' => $this -> getProject ()[ '$id' ],
'x-appwrite-key' => $this -> getProject ()[ 'apiKey' ]
]), [
'key' => " Title " ,
'size' => 100 ,
'required' => false ,
'array' => false ,
'default' => null ,
]);
2023-08-16 21:27:50 +12:00
$this -> client -> call ( Client :: METHOD_POST , '/databases/' . $databaseId . '/collections/' . $collection2 [ 'body' ][ '$id' ] . '/attributes/string' , array_merge ([
2023-07-14 05:45:10 +12:00
'content-type' => 'application/json' ,
'x-appwrite-project' => $this -> getProject ()[ '$id' ],
'x-appwrite-key' => $this -> getProject ()[ 'apiKey' ]
2023-08-16 21:27:50 +12:00
]), [
2023-07-14 05:45:10 +12:00
'key' => " Rating " ,
'size' => 100 ,
'required' => false ,
'array' => false ,
'default' => null ,
2023-08-16 21:27:50 +12:00
]);
2023-07-14 05:45:10 +12:00
2023-08-16 21:27:50 +12:00
$this -> client -> call ( Client :: METHOD_POST , '/databases/' . $databaseId . '/collections/' . $collection3 [ 'body' ][ '$id' ] . '/attributes/string' , array_merge ([
2023-07-14 05:45:10 +12:00
'content-type' => 'application/json' ,
'x-appwrite-project' => $this -> getProject ()[ '$id' ],
'x-appwrite-key' => $this -> getProject ()[ 'apiKey' ]
2023-08-16 21:27:50 +12:00
]), [
2023-07-29 18:31:10 +12:00
'key' => " Rating " ,
'size' => 100 ,
'required' => false ,
'array' => false ,
'default' => null ,
2023-08-16 21:27:50 +12:00
]);
2023-07-29 18:31:10 +12:00
2023-08-16 21:27:50 +12:00
$this -> client -> call ( Client :: METHOD_POST , '/databases/' . $databaseId . '/collections/' . $collection4 [ 'body' ][ '$id' ] . '/attributes/string' , array_merge ([
2023-08-02 05:59:15 +12:00
'content-type' => 'application/json' ,
'x-appwrite-project' => $this -> getProject ()[ '$id' ],
'x-appwrite-key' => $this -> getProject ()[ 'apiKey' ]
2023-08-16 21:27:50 +12:00
]), [
2023-08-02 05:59:15 +12:00
'key' => " Rating " ,
'size' => 100 ,
'required' => false ,
'array' => false ,
'default' => null ,
2023-08-16 21:27:50 +12:00
]);
2023-08-02 05:59:15 +12:00
2023-08-16 21:27:50 +12:00
$this -> client -> call ( Client :: METHOD_POST , '/databases/' . $databaseId . '/collections/' . $collection5 [ 'body' ][ '$id' ] . '/attributes/string' , array_merge ([
2023-08-02 05:59:15 +12:00
'content-type' => 'application/json' ,
'x-appwrite-project' => $this -> getProject ()[ '$id' ],
'x-appwrite-key' => $this -> getProject ()[ 'apiKey' ]
2023-08-16 21:27:50 +12:00
]), [
2023-08-02 05:59:15 +12:00
'key' => " Rating " ,
'size' => 100 ,
'required' => false ,
'array' => false ,
'default' => null ,
2023-08-16 21:27:50 +12:00
]);
2023-07-14 05:45:10 +12:00
2023-07-29 18:31:10 +12:00
\sleep ( 2 );
2023-07-14 05:45:10 +12:00
// Creating parent document with a child reference to test the permissions
$parentDocument = $this -> client -> call ( Client :: METHOD_POST , '/databases/' . $databaseId . '/collections/' . $collection1 [ 'body' ][ '$id' ] . '/documents' , array_merge ([
'content-type' => 'application/json' ,
'x-appwrite-project' => $this -> getProject ()[ '$id' ],
'x-appwrite-key' => $this -> getProject ()[ 'apiKey' ]
]), [
2023-08-02 05:59:15 +12:00
'documentId' => ID :: custom ( $collection1 [ 'body' ][ '$id' ]),
2023-07-14 05:45:10 +12:00
'data' => [
'Title' => 'Captain America' ,
2023-07-29 18:31:10 +12:00
$collection2 [ 'body' ][ '$id' ] => [
'$id' => ID :: custom ( $collection2 [ 'body' ][ '$id' ]),
'Rating' => '10' ,
$collection3 [ 'body' ][ '$id' ] => [
'$id' => ID :: custom ( $collection3 [ 'body' ][ '$id' ]),
2023-08-02 05:59:15 +12:00
'Rating' => '10' ,
$collection4 [ 'body' ][ '$id' ] => [
'$id' => ID :: custom ( $collection4 [ 'body' ][ '$id' ]),
'Rating' => '10' ,
$collection5 [ 'body' ][ '$id' ] => [
'$id' => ID :: custom ( $collection5 [ 'body' ][ '$id' ]),
'Rating' => '10'
]
]
2023-07-29 18:31:10 +12:00
]
]
2023-08-02 05:59:15 +12:00
]
2023-07-14 05:45:10 +12:00
]);
2023-08-11 08:44:38 +12:00
2023-07-14 05:45:10 +12:00
$this -> assertEquals ( 201 , $parentDocument [ 'headers' ][ 'status-code' ]);
2023-08-11 23:55:34 +12:00
// This is the point of the test. We should not need any authorization permission to update the document with same data.
$response = $this -> client -> call ( Client :: METHOD_PATCH , '/databases/' . $databaseId . '/collections/' . $collection1 [ 'body' ][ '$id' ] . '/documents/' . $collection1 [ 'body' ][ '$id' ], array_merge ([
'content-type' => 'application/json' ,
'x-appwrite-project' => $this -> getProject ()[ '$id' ],
], $this -> getHeaders ()), [
'documentId' => ID :: custom ( $collection1 [ 'body' ][ '$id' ]),
'data' => [
'Title' => 'Captain America' ,
$collection2 [ 'body' ][ '$id' ] => [
'$id' => $collection2 [ 'body' ][ '$id' ],
'Rating' => '10' ,
$collection3 [ 'body' ][ '$id' ] => [
'$id' => $collection3 [ 'body' ][ '$id' ],
'Rating' => '10' ,
$collection4 [ 'body' ][ '$id' ] => [
'$id' => $collection4 [ 'body' ][ '$id' ],
'Rating' => '10' ,
$collection5 [ 'body' ][ '$id' ] => [
'$id' => $collection5 [ 'body' ][ '$id' ],
'Rating' => '10'
]
]
]
]
]
]);
$this -> assertEquals ( 200 , $response [ 'headers' ][ 'status-code' ]);
$this -> assertEquals ( $parentDocument [ 'body' ], $response [ 'body' ]);
2023-08-11 23:58:32 +12:00
// Giving update permission of collection 3 to user.
2023-08-11 23:55:34 +12:00
$this -> client -> call ( Client :: METHOD_PUT , '/databases/' . $databaseId . '/collections/collection3' , array_merge ([
'content-type' => 'application/json' ,
'x-appwrite-project' => $this -> getProject ()[ '$id' ],
'x-appwrite-key' => $this -> getProject ()[ 'apiKey' ]
]), [
'collectionId' => ID :: custom ( 'collection3' ),
'name' => ID :: custom ( 'collection3' ),
'documentSecurity' => false ,
'permissions' => [
Permission :: create ( Role :: user ( $userId )),
Permission :: read ( Role :: user ( $userId )),
Permission :: update ( Role :: user ( $userId )),
Permission :: delete ( Role :: user ( $userId )),
]
]);
2023-07-14 05:45:10 +12:00
// This is the point of this test. We should be allowed to do this action, and it should not fail on permission check
2023-08-02 05:59:15 +12:00
$response = $this -> client -> call ( Client :: METHOD_PATCH , '/databases/' . $databaseId . '/collections/' . $collection1 [ 'body' ][ '$id' ] . '/documents/' . $collection1 [ 'body' ][ '$id' ], array_merge ([
2023-07-14 05:45:10 +12:00
'content-type' => 'application/json' ,
'x-appwrite-project' => $this -> getProject ()[ '$id' ],
], $this -> getHeaders ()), [
'data' => [
2023-08-02 05:59:15 +12:00
'Title' => 'Captain America' ,
$collection2 [ 'body' ][ '$id' ] => [
'$id' => ID :: custom ( $collection2 [ 'body' ][ '$id' ]),
'Rating' => '10' ,
$collection3 [ 'body' ][ '$id' ] => [
'$id' => ID :: custom ( $collection3 [ 'body' ][ '$id' ]),
'Rating' => '11' ,
$collection4 [ 'body' ][ '$id' ] => [
'$id' => ID :: custom ( $collection4 [ 'body' ][ '$id' ]),
'Rating' => '10' ,
$collection5 [ 'body' ][ '$id' ] => [
'$id' => ID :: custom ( $collection5 [ 'body' ][ '$id' ]),
'Rating' => '11'
]
]
]
]
2023-07-14 05:45:10 +12:00
]
]);
$this -> assertEquals ( 200 , $response [ 'headers' ][ 'status-code' ]);
2023-08-10 23:48:45 +12:00
$this -> assertEquals ( 11 , $response [ 'body' ][ $collection2 [ 'body' ][ '$id' ]][ 'collection3' ][ 'Rating' ]);
2023-08-11 08:44:38 +12:00
// We should not be allowed to update the document as we do not have permission for collection 2.
$response = $this -> client -> call ( Client :: METHOD_PATCH , '/databases/' . $databaseId . '/collections/' . $collection1 [ 'body' ][ '$id' ] . '/documents/' . $collection1 [ 'body' ][ '$id' ], array_merge ([
'content-type' => 'application/json' ,
'x-appwrite-project' => $this -> getProject ()[ '$id' ],
], $this -> getHeaders ()), [
'data' => [
'Title' => 'Captain America' ,
$collection2 [ 'body' ][ '$id' ] => [
'$id' => ID :: custom ( $collection2 [ 'body' ][ '$id' ]),
'Rating' => '11' ,
$collection3 [ 'body' ][ '$id' ] => null ,
]
]
]);
$this -> assertEquals ( 401 , $response [ 'headers' ][ 'status-code' ]);
2023-07-29 18:31:10 +12:00
// We should not be allowed to update the document as we do not have permission for collection 2.
$response = $this -> client -> call ( Client :: METHOD_PATCH , '/databases/' . $databaseId . '/collections/' . $collection2 [ 'body' ][ '$id' ] . '/documents/' . $collection2 [ 'body' ][ '$id' ], array_merge ([
'content-type' => 'application/json' ,
'x-appwrite-project' => $this -> getProject ()[ '$id' ],
], $this -> getHeaders ()), [
'data' => [
'Rating' => '11' ,
]
]);
$this -> assertEquals ( 401 , $response [ 'headers' ][ 'status-code' ]);
2023-08-16 21:27:50 +12:00
// Removing update permission from collection 3.
$this -> client -> call ( Client :: METHOD_PUT , '/databases/' . $databaseId . '/collections/collection3' , array_merge ([
'content-type' => 'application/json' ,
'x-appwrite-project' => $this -> getProject ()[ '$id' ],
'x-appwrite-key' => $this -> getProject ()[ 'apiKey' ]
]), [
'collectionId' => ID :: custom ( 'collection3' ),
'name' => ID :: custom ( 'collection3' ),
'documentSecurity' => false ,
'permissions' => [
Permission :: create ( Role :: user ( $userId )),
Permission :: read ( Role :: user ( $userId )),
Permission :: delete ( Role :: user ( $userId )),
]
]);
// Giving update permission to collection 2.
$this -> client -> call ( Client :: METHOD_PUT , '/databases/' . $databaseId . '/collections/collection2' , array_merge ([
'content-type' => 'application/json' ,
'x-appwrite-project' => $this -> getProject ()[ '$id' ],
'x-appwrite-key' => $this -> getProject ()[ 'apiKey' ]
]), [
'collectionId' => ID :: custom ( 'collection2' ),
'name' => ID :: custom ( 'collection2' ),
'documentSecurity' => false ,
'permissions' => [
Permission :: create ( Role :: user ( $userId )),
Permission :: update ( Role :: user ( $userId )),
Permission :: read ( Role :: user ( $userId )),
Permission :: delete ( Role :: user ( $userId )),
]
]);
// Creating collection 3 new document
$response = $this -> client -> call ( Client :: METHOD_POST , '/databases/' . $databaseId . '/collections/' . $collection3 [ 'body' ][ '$id' ] . '/documents' , array_merge ([
'content-type' => 'application/json' ,
'x-appwrite-project' => $this -> getProject ()[ '$id' ],
'x-appwrite-key' => $this -> getProject ()[ 'apiKey' ]
]), [
'documentId' => ID :: custom ( 'collection3Doc1' ),
'data' => [
'Rating' => '20'
]
]);
$this -> assertEquals ( 201 , $response [ 'headers' ][ 'status-code' ]);
// We should be allowed to link a new document from collection 3 to collection 2.
$response = $this -> client -> call ( Client :: METHOD_PATCH , '/databases/' . $databaseId . '/collections/' . $collection1 [ 'body' ][ '$id' ] . '/documents/' . $collection1 [ 'body' ][ '$id' ], array_merge ([
'content-type' => 'application/json' ,
'x-appwrite-project' => $this -> getProject ()[ '$id' ],
], $this -> getHeaders ()), [
'data' => [
'Title' => 'Captain America' ,
$collection2 [ 'body' ][ '$id' ] => [
'$id' => ID :: custom ( $collection2 [ 'body' ][ '$id' ]),
$collection3 [ 'body' ][ '$id' ] => 'collection3Doc1' ,
]
]
]);
$this -> assertEquals ( 200 , $response [ 'headers' ][ 'status-code' ]);
// We should be allowed to link and create a new document from collection 3 to collection 2.
$response = $this -> client -> call ( Client :: METHOD_PATCH , '/databases/' . $databaseId . '/collections/' . $collection1 [ 'body' ][ '$id' ] . '/documents/' . $collection1 [ 'body' ][ '$id' ], array_merge ([
'content-type' => 'application/json' ,
'x-appwrite-project' => $this -> getProject ()[ '$id' ],
], $this -> getHeaders ()), [
'data' => [
'Title' => 'Captain America' ,
$collection2 [ 'body' ][ '$id' ] => [
'$id' => ID :: custom ( $collection2 [ 'body' ][ '$id' ]),
$collection3 [ 'body' ][ '$id' ] => [
'$id' => ID :: custom ( 'collection3Doc2' )
],
]
]
]);
$this -> assertEquals ( 200 , $response [ 'headers' ][ 'status-code' ]);
2023-07-14 05:45:10 +12:00
}
2022-05-24 02:54:50 +12:00
}