diff --git a/app/controllers/general.php b/app/controllers/general.php index 5892aee47..cd5666662 100644 --- a/app/controllers/general.php +++ b/app/controllers/general.php @@ -240,21 +240,11 @@ App::init(function ($utopia, $request, $response, $console, $project, $consoleDB } } - if ($user->getId()) { - Authorization::setRole('user:'.$user->getId()); - } - Authorization::setRole('role:'.$role); - \array_map(function ($node) { - if (isset($node['teamId']) && isset($node['roles'])) { - Authorization::setRole('team:'.$node['teamId']); - - foreach ($node['roles'] as $nodeRole) { // Set all team roles - Authorization::setRole('team:'.$node['teamId'].'/'.$nodeRole); - } - } - }, $user->getAttribute('memberships', [])); + foreach (Auth::getRoles($user) as $role) { + Authorization::setRole($role); + } // TDOO Check if user is root diff --git a/app/init.php b/app/init.php index 40c626a76..260682034 100644 --- a/app/init.php +++ b/app/init.php @@ -432,8 +432,7 @@ App::setResource('user', function($mode, $project, $console, $request, $response if (APP_MODE_ADMIN !== $mode) { $user = $projectDB->getDocument(Auth::$unique); - } - else { + } else { $user = $consoleDB->getDocument(Auth::$unique); $user @@ -450,8 +449,7 @@ App::setResource('user', function($mode, $project, $console, $request, $response if (APP_MODE_ADMIN === $mode) { if (!empty($user->search('teamId', $project->getAttribute('teamId'), $user->getAttribute('memberships')))) { Authorization::setDefaultStatus(false); // Cancel security segmentation for admin users. - } - else { + } else { $user = new Document(['$id' => '', '$collection' => Database::SYSTEM_COLLECTION_USERS]); } } diff --git a/app/realtime.php b/app/realtime.php index 5c4ba4a12..5b087aa96 100644 --- a/app/realtime.php +++ b/app/realtime.php @@ -1,5 +1,6 @@ create(); $server = new Server($adapter); -$server->onStart(function(SwooleServer $server) use ($stats) { +$server->onStart(function (SwooleServer $server) use ($stats) { Console::success('Server started succefully'); Console::info("Master pid {$server->master_pid}, manager pid {$server->manager_pid}"); @@ -82,7 +83,7 @@ $server->onStart(function(SwooleServer $server) use ($stats) { }); }); -$server->onWorkerStart(function(SwooleServer $swooleServer, int $workerId) use ($server, $register, $stats, &$subscriptions, &$connections) { +$server->onWorkerStart(function (SwooleServer $swooleServer, int $workerId) use ($server, $register, $stats, &$subscriptions, &$connections) { Console::success('Worker ' . $workerId . ' started succefully'); $attempts = 0; @@ -107,7 +108,7 @@ $server->onWorkerStart(function(SwooleServer $swooleServer, int $workerId) use ( 'channels' => ['project'], 'timestamp' => time(), 'payload' => $payload - ])); + ])); } }); @@ -137,38 +138,38 @@ $server->onWorkerStart(function(SwooleServer $swooleServer, int $workerId) use ( if ($event['permissionsChanged'] && isset($event['userId'])) { $project = $event['project']; $userId = $event['userId']; - - if (array_key_exists($project, $subscriptions) && array_key_exists('user:'.$userId, $subscriptions[$project])) { - $connection = array_key_first(reset($subscriptions[$project]['user:'.$userId])); + + if (array_key_exists($project, $subscriptions) && array_key_exists('user:' . $userId, $subscriptions[$project])) { + $connection = array_key_first(reset($subscriptions[$project]['user:' . $userId])); } else { return; } - + /** * This is redundant soon and will be gone with merging the usage branch. */ $db = $register->get('dbPool')->get(); $cache = $register->get('redisPool')->get(); - + $projectDB = new Database(); $projectDB->setAdapter(new RedisAdapter(new MySQLAdapter($db, $cache), $cache)); - $projectDB->setNamespace('app_'.$project); + $projectDB->setNamespace('app_' . $project); $projectDB->setMocks(Config::getParam('collections', [])); - + $user = $projectDB->getDocument($userId); - + Parser::setUser($user); - - $roles = Parser::getRoles(); - + + $roles = Auth::getRoles($user); + Parser::subscribe($project, $connection, $roles, $subscriptions, $connections, $connections[$connection]['channels']); - + $register->get('dbPool')->put($db); $register->get('redisPool')->put($cache); } - + $receivers = Parser::identifyReceivers($event, $subscriptions); - + // Temporarily print debug logs by default for Alpha testing. // if (App::isDevelopment() && !empty($receivers)) { if (!empty($receivers)) { @@ -199,7 +200,7 @@ $server->onWorkerStart(function(SwooleServer $swooleServer, int $workerId) use ( Console::error('Failed to restart pub/sub...'); }); -$server->onOpen(function(SwooleServer $swooleServer, SwooleRequest $request) use ($server, $register, $stats, &$subscriptions, &$connections) { +$server->onOpen(function (SwooleServer $swooleServer, SwooleRequest $request) use ($server, $register, $stats, &$subscriptions, &$connections) { $app = new App('UTC'); $connection = $request->fd; $request = new Request($request); @@ -315,13 +316,13 @@ $server->onOpen(function(SwooleServer $swooleServer, SwooleRequest $request) use } }); -$server->onMessage(function(SwooleServer $swooleServer, Frame $frame) use ($server) { +$server->onMessage(function (SwooleServer $swooleServer, Frame $frame) use ($server) { $connection = $frame->fd; $server->send([$connection], 'Sending messages is not allowed.'); $server->close($connection, 1003); }); -$server->onClose(function(SwooleServer $server, int $connection) use (&$connections, &$subscriptions, $stats) { +$server->onClose(function (SwooleServer $server, int $connection) use (&$connections, &$subscriptions, $stats) { if (array_key_exists($connection, $connections)) { $stats->decr($connections[$connection]['projectId'], 'connectionsTotal'); } @@ -329,4 +330,4 @@ $server->onClose(function(SwooleServer $server, int $connection) use (&$connecti Console::info('Connection close: ' . $connection); }); -$server->start(); \ No newline at end of file +$server->start(); diff --git a/src/Appwrite/Auth/Auth.php b/src/Appwrite/Auth/Auth.php index 9fa181486..ffdf1e631 100644 --- a/src/Appwrite/Auth/Auth.php +++ b/src/Appwrite/Auth/Auth.php @@ -271,4 +271,31 @@ class Auth return false; } + + /** + * Returns all roles for a user. + * + * @param Document $user + * @return array + */ + public static function getRoles(Document $user): array + { + $roles = []; + + if ($user->getId()) { + $roles[] = 'user:'.$user->getId(); + } + + foreach ($user->getAttribute('memberships', []) as $node) { + if (isset($node['teamId']) && isset($node['roles'])) { + $roles[] = 'team:' . $node['teamId']; + + foreach ($node['roles'] as $nodeRole) { // Set all team roles + $roles[] = 'team:' . $node['teamId'] . '/' . $nodeRole; + } + } + } + + return $roles; + } }