CodeMirror/appwrite
1
0
Fork 0
mirror of synced 2024-06-29 19:50:26 +12:00
Code Issues Projects Releases Wiki Activity

Merge pull request #3346 from gepd/feat-empty-payload

Browse source 
Allows to update permissions without payload
This commit is contained in:
Torsten Dittmann 2022-06-24 14:09:01 +02:00 committed by GitHub
parent ad85f21faa 020e08143e
commit 0f0654d49e
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 105 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
app/controllers/api/database.php
View file

@ -1859,7 +1859,7 @@ App::patch('/v1/database/collections/:collectionId/documents/:documentId')
->label('sdk.response.model', Response::MODEL_DOCUMENT)
->param('collectionId', null, new UID(), 'Collection ID.')
->param('documentId', null, new UID(), 'Document ID.')
->param('data', [], new JSON(), 'Document data as JSON object. Include only attribute and value pairs to be updated.')
->param('data', [], new JSON(), 'Document data as JSON object. Include only attribute and value pairs to be updated.', true)
->param('read', null, new Permissions(), 'An array of strings with read permissions. By default inherits the existing read permissions. [learn more about permissions](https://appwrite.io/docs/permissions) and get a full list of available permissions.', true)
->param('write', null, new Permissions(), 'An array of strings with write permissions. By default inherits the existing write permissions. [learn more about permissions](https://appwrite.io/docs/permissions) and get a full list of available permissions.', true)
->inject('response')
@ -1900,8 +1900,8 @@ App::patch('/v1/database/collections/:collectionId/documents/:documentId')
$data = (\is_string($data)) ? \json_decode($data, true) : $data; // Cast to JSON array
if (empty($data)) {
throw new Exception('Missing payload', 400, Exception::DOCUMENT_MISSING_PAYLOAD);
if (empty($data) && empty($read) && empty($write)) {
throw new Exception('Missing payload or read/write permissions', 400, Exception::DOCUMENT_MISSING_PAYLOAD);
}
if (!\is_array($data)) {

102
tests/e2e/Services/Database/DatabaseBase.php
View file

@ -2181,4 +2181,106 @@ trait DatabaseBase
return $data;
}
public function testUpdatePermissionsWithEmptyPayload(): array
{
// Create collection
$movies = $this->client->call(Client::METHOD_POST, '/database/collections', array_merge([
'content-type' => 'application/json',
'x-appwrite-project' => $this->getProject()['$id'],
'x-appwrite-key' => $this->getProject()['apiKey']
]), [
'collectionId' => 'unique()',
'name' => 'Movies',
'read' => [],
'write' => [],
'permission' => 'document',
]);
$this->assertEquals($movies['headers']['status-code'], 201);
$this->assertEquals($movies['body']['name'], 'Movies');
$moviesId = $movies['body']['$id'];
// create attribute
$title = $this->client->call(Client::METHOD_POST, '/database/collections/' . $moviesId . '/attributes/string', array_merge([
'content-type' => 'application/json',
'x-appwrite-project' => $this->getProject()['$id'],
'x-appwrite-key' => $this->getProject()['apiKey']
]), [
'key' => 'title',
'size' => 256,
'required' => true,
]);
$this->assertEquals($title['headers']['status-code'], 201);
// wait for database worker to create attributes
sleep(2);
// add document
$document = $this->client->call(Client::METHOD_POST, '/database/collections/' . $moviesId . '/documents', array_merge([
'content-type' => 'application/json',
'x-appwrite-project' => $this->getProject()['$id'],
], $this->getHeaders()), [
'documentId' => 'unique()',
'data' => [
'title' => 'Captain America',
],
'read' => ['role:all'],
'write' => ['role:all'],
]);
$id = $document['body']['$id'];
$this->assertEquals($document['headers']['status-code'], 201);
$this->assertCount(1, $document['body']['$read']);
$this->assertCount(1, $document['body']['$write']);
$this->assertEquals(['role:all'], $document['body']['$read']);
$this->assertEquals(['role:all'], $document['body']['$write']);
// Send only read permission
$document = $this->client->call(Client::METHOD_PATCH, '/database/collections/' . $moviesId . '/documents/' . $id, array_merge([
'content-type' => 'application/json',
'x-appwrite-project' => $this->getProject()['$id'],
], $this->getHeaders()), [
'read' => ['user:' . $this->getUser()['$id']],
]);
if ($this->getSide() == 'client') {
$this->assertEquals($document['headers']['status-code'], 200);
}
if ($this->getSide() == 'server') {
$this->assertEquals($document['headers']['status-code'], 200);
$this->assertCount(1, $document['body']['$read']);
$this->assertCount(1, $document['body']['$write']);
$this->assertEquals(['user:' . $this->getUser()['$id']], $document['body']['$read']);
$this->assertEquals(['role:all'], $document['body']['$write']);
}
// send only write permission
$document = $this->client->call(Client::METHOD_PATCH, '/database/collections/' . $moviesId . '/documents/' . $id, array_merge([
'content-type' => 'application/json',
'x-appwrite-project' => $this->getProject()['$id'],
], $this->getHeaders()), [
'write' => ['user:' . $this->getUser()['$id']],
]);
if ($this->getSide() == 'server') {
$this->assertEquals($document['headers']['status-code'], 200);
$this->assertCount(1, $document['body']['$read']);
$this->assertCount(1, $document['body']['$write']);
$this->assertEquals(['user:' . $this->getUser()['$id']], $document['body']['$read']);
$this->assertEquals(['user:' . $this->getUser()['$id']], $document['body']['$write']);
}
// remove collection
$this->client->call(Client::METHOD_DELETE, '/database/collections/' . $moviesId, array_merge([
'content-type' => 'application/json',
'x-appwrite-project' => $this->getProject()['$id'],
], $this->getHeaders()));
return [];
}
}