Simplify permission checks
This commit is contained in:
parent
326220762e
commit
1aa36b6b2c
2 changed files with 21 additions and 44 deletions
|
@ -2188,11 +2188,8 @@ App::get('/v1/databases/:databaseId/collections/:collectionId/documents/:documen
|
||||||
throw new Exception(Exception::DOCUMENT_NOT_FOUND);
|
throw new Exception(Exception::DOCUMENT_NOT_FOUND);
|
||||||
}
|
}
|
||||||
|
|
||||||
if ($documentSecurity) {
|
if ($documentSecurity && !$validator->isValid($document->getRead())) {
|
||||||
$valid |= $validator->isValid($document->getRead());
|
throw new Exception(Exception::USER_UNAUTHORIZED);
|
||||||
}
|
|
||||||
if (!$valid) {
|
|
||||||
throw new Exception('Unauthorized permissions', 401, Exception::USER_UNAUTHORIZED);
|
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
@ -2362,10 +2359,7 @@ App::patch('/v1/databases/:databaseId/collections/:collectionId/documents/:docum
|
||||||
throw new Exception(Exception::DOCUMENT_NOT_FOUND);
|
throw new Exception(Exception::DOCUMENT_NOT_FOUND);
|
||||||
}
|
}
|
||||||
|
|
||||||
if ($documentSecurity) {
|
if ($documentSecurity && !$validator->isValid($document->getUpdate())) {
|
||||||
$valid |= $validator->isValid($document->getUpdate());
|
|
||||||
}
|
|
||||||
if (!$valid) {
|
|
||||||
throw new Exception(Exception::USER_UNAUTHORIZED);
|
throw new Exception(Exception::USER_UNAUTHORIZED);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -2490,11 +2484,8 @@ App::delete('/v1/databases/:databaseId/collections/:collectionId/documents/:docu
|
||||||
throw new Exception(Exception::DOCUMENT_NOT_FOUND);
|
throw new Exception(Exception::DOCUMENT_NOT_FOUND);
|
||||||
}
|
}
|
||||||
|
|
||||||
if ($documentSecurity) {
|
if ($documentSecurity && !$validator->isValid($document->getDelete())) {
|
||||||
$valid |= $validator->isValid($document->getDelete());
|
throw new Exception(Exception::USER_UNAUTHORIZED);
|
||||||
}
|
|
||||||
if (!$valid) {
|
|
||||||
throw new Exception('Unauthorized permissions', 401, Exception::USER_UNAUTHORIZED);
|
|
||||||
}
|
}
|
||||||
|
|
||||||
$dbForProject->deleteDocument('database_' . $database->getInternalId() . '_collection_' . $collection->getInternalId(), $documentId);
|
$dbForProject->deleteDocument('database_' . $database->getInternalId() . '_collection_' . $collection->getInternalId(), $documentId);
|
||||||
|
|
|
@ -394,6 +394,8 @@ App::post('/v1/storage/buckets/:bucketId/files')
|
||||||
*/
|
*/
|
||||||
$permissions = PermissionsProcessor::aggregate($permissions, 'file');
|
$permissions = PermissionsProcessor::aggregate($permissions, 'file');
|
||||||
|
|
||||||
|
\var_dump($permissions);
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Add permissions for current the user for any missing types
|
* Add permissions for current the user for any missing types
|
||||||
* from the allowed permissions for this resource type.
|
* from the allowed permissions for this resource type.
|
||||||
|
@ -418,6 +420,8 @@ App::post('/v1/storage/buckets/:bucketId/files')
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
\var_dump($permissions);
|
||||||
|
|
||||||
// Users can only manage their own roles, API keys and Admin users can manage any
|
// Users can only manage their own roles, API keys and Admin users can manage any
|
||||||
$roles = Authorization::getRoles();
|
$roles = Authorization::getRoles();
|
||||||
if (!Auth::isAppUser($roles) && !Auth::isPrivilegedUser($roles)) {
|
if (!Auth::isAppUser($roles) && !Auth::isPrivilegedUser($roles)) {
|
||||||
|
@ -790,11 +794,8 @@ App::get('/v1/storage/buckets/:bucketId/files/:fileId')
|
||||||
throw new Exception(Exception::STORAGE_FILE_NOT_FOUND);
|
throw new Exception(Exception::STORAGE_FILE_NOT_FOUND);
|
||||||
}
|
}
|
||||||
|
|
||||||
if ($fileSecurity) {
|
if ($fileSecurity && !$validator->isValid($file->getRead())) {
|
||||||
$valid |= $validator->isValid($file->getRead());
|
throw new Exception(Exception::USER_UNAUTHORIZED);
|
||||||
}
|
|
||||||
if (!$valid) {
|
|
||||||
throw new Exception('Unauthorized permissions', 401, Exception::USER_UNAUTHORIZED);
|
|
||||||
}
|
}
|
||||||
|
|
||||||
$usage
|
$usage
|
||||||
|
@ -874,11 +875,8 @@ App::get('/v1/storage/buckets/:bucketId/files/:fileId/preview')
|
||||||
throw new Exception(Exception::STORAGE_FILE_NOT_FOUND);
|
throw new Exception(Exception::STORAGE_FILE_NOT_FOUND);
|
||||||
}
|
}
|
||||||
|
|
||||||
if ($fileSecurity) {
|
if ($fileSecurity && !$validator->isValid($file->getRead())) {
|
||||||
$valid |= $validator->isValid($file->getRead());
|
throw new Exception(Exception::USER_UNAUTHORIZED);
|
||||||
}
|
|
||||||
if (!$valid) {
|
|
||||||
throw new Exception('Unauthorized permissions', 401, Exception::USER_UNAUTHORIZED);
|
|
||||||
}
|
}
|
||||||
|
|
||||||
$path = $file->getAttribute('path');
|
$path = $file->getAttribute('path');
|
||||||
|
@ -1029,11 +1027,8 @@ App::get('/v1/storage/buckets/:bucketId/files/:fileId/download')
|
||||||
throw new Exception(Exception::STORAGE_FILE_NOT_FOUND);
|
throw new Exception(Exception::STORAGE_FILE_NOT_FOUND);
|
||||||
}
|
}
|
||||||
|
|
||||||
if ($bucket->getAttribute('fileSecurity', false)) {
|
if ($fileSecurity && !$validator->isValid($file->getRead())) {
|
||||||
$valid |= $validator->isValid($file->getRead());
|
throw new Exception(Exception::USER_UNAUTHORIZED);
|
||||||
}
|
|
||||||
if (!$valid) {
|
|
||||||
throw new Exception('Unauthorized permissions', 401, Exception::USER_UNAUTHORIZED);
|
|
||||||
}
|
}
|
||||||
|
|
||||||
$path = $file->getAttribute('path', '');
|
$path = $file->getAttribute('path', '');
|
||||||
|
@ -1167,11 +1162,8 @@ App::get('/v1/storage/buckets/:bucketId/files/:fileId/view')
|
||||||
throw new Exception(Exception::STORAGE_FILE_NOT_FOUND);
|
throw new Exception(Exception::STORAGE_FILE_NOT_FOUND);
|
||||||
}
|
}
|
||||||
|
|
||||||
if ($fileSecurity) {
|
if ($fileSecurity && !$validator->isValid($file->getRead())) {
|
||||||
$valid |= $validator->isValid($file->getRead());
|
throw new Exception(Exception::USER_UNAUTHORIZED);
|
||||||
}
|
|
||||||
if (!$valid) {
|
|
||||||
throw new Exception('Unauthorized permissions', 401, Exception::USER_UNAUTHORIZED);
|
|
||||||
}
|
}
|
||||||
|
|
||||||
$mimes = Config::getParam('storage-mimes');
|
$mimes = Config::getParam('storage-mimes');
|
||||||
|
@ -1319,11 +1311,8 @@ App::put('/v1/storage/buckets/:bucketId/files/:fileId')
|
||||||
throw new Exception(Exception::STORAGE_FILE_NOT_FOUND);
|
throw new Exception(Exception::STORAGE_FILE_NOT_FOUND);
|
||||||
}
|
}
|
||||||
|
|
||||||
if ($fileSecurity) {
|
if ($fileSecurity && !$validator->isValid($file->getUpdate())) {
|
||||||
$valid |= $validator->isValid($file->getUpdate());
|
throw new Exception(Exception::USER_UNAUTHORIZED);
|
||||||
}
|
|
||||||
if (!$valid) {
|
|
||||||
throw new Exception('Unauthorized permissions', 401, Exception::USER_UNAUTHORIZED);
|
|
||||||
}
|
}
|
||||||
|
|
||||||
// Users can only manage their own roles, API keys and Admin users can manage any
|
// Users can only manage their own roles, API keys and Admin users can manage any
|
||||||
|
@ -1410,11 +1399,8 @@ App::delete('/v1/storage/buckets/:bucketId/files/:fileId')
|
||||||
throw new Exception(Exception::STORAGE_FILE_NOT_FOUND);
|
throw new Exception(Exception::STORAGE_FILE_NOT_FOUND);
|
||||||
}
|
}
|
||||||
|
|
||||||
if ($fileSecurity) {
|
if ($fileSecurity && !$validator->isValid($file->getDelete())) {
|
||||||
$valid |= $validator->isValid($file->getDelete());
|
throw new Exception(Exception::USER_UNAUTHORIZED);
|
||||||
}
|
|
||||||
if (!$valid) {
|
|
||||||
throw new Exception('Unauthorized permissions', 401, Exception::USER_UNAUTHORIZED);
|
|
||||||
}
|
}
|
||||||
|
|
||||||
$deviceDeleted = false;
|
$deviceDeleted = false;
|
||||||
|
|
Loading…
Reference in a new issue