Update permissions

2024-10-03 19:53:33 +13:00 · 2022-09-21 19:11:49 +12:00 · 2022-09-21 19:11:49 +12:00 · 0389cc9ef2
commit 0389cc9ef2
parent 9f008a18ea
2 changed files with 26 additions and 19 deletions
--- a/tests/e2e/Services/GraphQL/GraphQLAuthTest.php
+++ b/tests/e2e/Services/GraphQL/GraphQLAuthTest.php
@ -6,6 +6,8 @@ use Tests\E2E\Client;
 use Tests\E2E\Scopes\ProjectCustom;
 use Tests\E2E\Scopes\Scope;
 use Tests\E2E\Scopes\SideClient;
+use Utopia\Database\Role;
+use Utopia\Database\Permission;

 class GraphQLAuthTest extends Scope
 {
@ -100,15 +102,17 @@ class GraphQLAuthTest extends Scope

        // Create collection
        $query = $this->getQuery(self::$CREATE_COLLECTION);
+        $userId = $this->account1['body']['data']['accountCreate']['_id'];
        $gqlPayload = [
            'query' => $query,
            'variables' => [
                'databaseId' => $this->database['body']['data']['databasesCreate']['_id'],
                'collectionId' => 'unique()',
                'name' => 'Actors',
-                'permission' => 'document',
-                'read' => ['role:member'],
-                'write' => ['role:member'],
+                'documentSecurity' => true,
+                'permissions' => [
+                    Permission::create(Role::user($userId))
+                ]
            ]
        ];
        $this->collection = $this->client->call(Client::METHOD_POST, '/graphql', [
@ -144,6 +148,7 @@ class GraphQLAuthTest extends Scope

        // Create document as account 1
        $query = $this->getQuery(self::$CREATE_DOCUMENT);
+        $userId = $this->account1['body']['data']['accountCreate']['_id'];
        $gqlPayload = [
            'query' => $query,
            'variables' => [
@ -153,8 +158,11 @@ class GraphQLAuthTest extends Scope
                'data' => [
                    'name' => 'John Doe',
                ],
-                'read' => ['user:' . $this->account1['body']['data']['accountCreate']['_id']],
-                'write' => ['user:' . $this->account1['body']['data']['accountCreate']['_id']],
+                'permissions' => [
+                    Permission::read(Role::user($userId)),
+                    Permission::update(Role::user($userId)),
+                    Permission::delete(Role::user($userId)),
+                ]
            ]
        ];
        $document = $this->client->call(Client::METHOD_POST, '/graphql', [
@ -189,9 +197,8 @@ class GraphQLAuthTest extends Scope
            'cookie' => 'a_session_' . $projectId . '=' . $this->token2,
        ], $gqlPayload);

-        $message = 'No document found';
        $this->assertArrayHasKey('errors', $document['body']);
-        $this->assertEquals($message, $document['body']['errors'][0]['message']);
+        $this->assertEquals('Document with the requested ID could not be found.', $document['body']['errors'][0]['message']);
    }

    public function testValidAuth()
--- a/tests/e2e/Services/GraphQL/GraphQLBase.php
+++ b/tests/e2e/Services/GraphQL/GraphQLBase.php
@ -413,8 +413,8 @@ trait GraphQLBase
                    }   
                }';
            case self::$CREATE_DOCUMENT:
-                return 'mutation createDocument($databaseId: String!, $collectionId: String!, $documentId: String!, $data: Json!, $read: [String!]!, $write: [String!]!){
-                    databasesCreateDocument(databaseId: $databaseId, collectionId: $collectionId, documentId: $documentId, data: $data, read: $read, write: $write) {
+                return 'mutation createDocument($databaseId: String!, $collectionId: String!, $documentId: String!, $data: Json!, $permissions: [String!]){
+                    databasesCreateDocument(databaseId: $databaseId, collectionId: $collectionId, documentId: $documentId, data: $data, permissions: $permissions) {
                        _id
                        _collectionId
                        _permissions
@ -479,8 +479,8 @@ trait GraphQLBase
                        actorsDelete(id: $id)
                    }';
            case self::$UPDATE_DOCUMENT:
-                return 'mutation updateDocument($databaseId: String!, $collectionId: String!, $documentId: String!, $data: Json!, $read: [String!], $write: [String!]){
-                    databasesUpdateDocument(databaseId: $databaseId, collectionId: $collectionId, documentId: $documentId, data: $data, read: $read, write: $write) {
+                return 'mutation updateDocument($databaseId: String!, $collectionId: String!, $documentId: String!, $data: Json!, $permissions: [String!]){
+                    databasesUpdateDocument(databaseId: $databaseId, collectionId: $collectionId, documentId: $documentId, data: $data, permissions: $permissions) {
                        _id
                        _collection
                        data
@ -1197,8 +1197,8 @@ trait GraphQLBase
                    functionsRetryBuild(functionId: $functionId, deploymentId: $deploymentId, buildId: $buildId)
                }';
            case self::$CREATE_BUCKET:
-                return 'mutation createBucket($bucketId: String!, $name: String!, $permission: String!, $read: [String!]!, $write: [String!]!) {
-                    storageCreateBucket(bucketId: $bucketId, name: $name, permission: $permission, read: $read, write: $write) {
+                return 'mutation createBucket($bucketId: String!, $name: String!, $fileSecurity: Boolean, $permissions: [String!]) {
+                    storageCreateBucket(bucketId: $bucketId, name: $name, permission: $permission, permissions: $permissions) {
                        _id
                        name
                        enabled
@ -1224,8 +1224,8 @@ trait GraphQLBase
                    }
                }';
            case self::$UPDATE_BUCKET:
-                return 'mutation updateBucket($bucketId: String!, $name: String!, $permission: String!, $read: [String!], $write: [String!]) {
-                    storageUpdateBucket(bucketId: $bucketId, name: $name, permission: $permission, read: $read, write: $write) {
+                return 'mutation updateBucket($bucketId: String!, $name: String!, $fileSecurity: Boolean, $permissions: [String!]) {
+                    storageUpdateBucket(bucketId: $bucketId, name: $name, permission: $permission, permissions: $permissions) {
                        _id
                        name
                        enabled
@ -1236,8 +1236,8 @@ trait GraphQLBase
                    storageDeleteBucket(bucketId: $bucketId)
                }';
            case self::$CREATE_FILE:
-                return 'mutation createFile($bucketId: String!, $fileId: String!, $file: InputFile!, $read: [String!]!, $write: [String!]!) {
-                    storageCreateFile(bucketId: $bucketId, fileId: $fileId, file: $file, read: $read, write: $write) {
+                return 'mutation createFile($bucketId: String!, $fileId: String!, $file: InputFile!, $permissions: [String!]) {
+                    storageCreateFile(bucketId: $bucketId, fileId: $fileId, file: $file, permissions: $permissions) {
                        _id
                        bucketId
                        name
@ -1273,8 +1273,8 @@ trait GraphQLBase
                    storageGetFileView(bucketId: $bucketId, fileId: $fileId)
                }';
            case self::$UPDATE_FILE:
-                return 'mutation updateFile($bucketId: String!, $fileId: String!, $read: [String!], $write: [String!]) {
-                    storageUpdateFile(bucketId: $bucketId, fileId: $fileId, read: $read, write: $write) {
+                return 'mutation updateFile($bucketId: String!, $fileId: String!, $permissions: [String!]) {
+                    storageUpdateFile(bucketId: $bucketId, fileId: $fileId, permissions: $permissions) {
                        _id
                        name
                    }