Simplify permission checks
This commit is contained in:
parent
326220762e
commit
1aa36b6b2c
2 changed files with 21 additions and 44 deletions
|
@ -2188,11 +2188,8 @@ App::get('/v1/databases/:databaseId/collections/:collectionId/documents/:documen
|
|||
throw new Exception(Exception::DOCUMENT_NOT_FOUND);
|
||||
}
|
||||
|
||||
if ($documentSecurity) {
|
||||
$valid |= $validator->isValid($document->getRead());
|
||||
}
|
||||
if (!$valid) {
|
||||
throw new Exception('Unauthorized permissions', 401, Exception::USER_UNAUTHORIZED);
|
||||
if ($documentSecurity && !$validator->isValid($document->getRead())) {
|
||||
throw new Exception(Exception::USER_UNAUTHORIZED);
|
||||
}
|
||||
|
||||
/**
|
||||
|
@ -2362,10 +2359,7 @@ App::patch('/v1/databases/:databaseId/collections/:collectionId/documents/:docum
|
|||
throw new Exception(Exception::DOCUMENT_NOT_FOUND);
|
||||
}
|
||||
|
||||
if ($documentSecurity) {
|
||||
$valid |= $validator->isValid($document->getUpdate());
|
||||
}
|
||||
if (!$valid) {
|
||||
if ($documentSecurity && !$validator->isValid($document->getUpdate())) {
|
||||
throw new Exception(Exception::USER_UNAUTHORIZED);
|
||||
}
|
||||
|
||||
|
@ -2490,11 +2484,8 @@ App::delete('/v1/databases/:databaseId/collections/:collectionId/documents/:docu
|
|||
throw new Exception(Exception::DOCUMENT_NOT_FOUND);
|
||||
}
|
||||
|
||||
if ($documentSecurity) {
|
||||
$valid |= $validator->isValid($document->getDelete());
|
||||
}
|
||||
if (!$valid) {
|
||||
throw new Exception('Unauthorized permissions', 401, Exception::USER_UNAUTHORIZED);
|
||||
if ($documentSecurity && !$validator->isValid($document->getDelete())) {
|
||||
throw new Exception(Exception::USER_UNAUTHORIZED);
|
||||
}
|
||||
|
||||
$dbForProject->deleteDocument('database_' . $database->getInternalId() . '_collection_' . $collection->getInternalId(), $documentId);
|
||||
|
|
|
@ -394,6 +394,8 @@ App::post('/v1/storage/buckets/:bucketId/files')
|
|||
*/
|
||||
$permissions = PermissionsProcessor::aggregate($permissions, 'file');
|
||||
|
||||
\var_dump($permissions);
|
||||
|
||||
/**
|
||||
* Add permissions for current the user for any missing types
|
||||
* from the allowed permissions for this resource type.
|
||||
|
@ -418,6 +420,8 @@ App::post('/v1/storage/buckets/:bucketId/files')
|
|||
}
|
||||
}
|
||||
|
||||
\var_dump($permissions);
|
||||
|
||||
// Users can only manage their own roles, API keys and Admin users can manage any
|
||||
$roles = Authorization::getRoles();
|
||||
if (!Auth::isAppUser($roles) && !Auth::isPrivilegedUser($roles)) {
|
||||
|
@ -790,11 +794,8 @@ App::get('/v1/storage/buckets/:bucketId/files/:fileId')
|
|||
throw new Exception(Exception::STORAGE_FILE_NOT_FOUND);
|
||||
}
|
||||
|
||||
if ($fileSecurity) {
|
||||
$valid |= $validator->isValid($file->getRead());
|
||||
}
|
||||
if (!$valid) {
|
||||
throw new Exception('Unauthorized permissions', 401, Exception::USER_UNAUTHORIZED);
|
||||
if ($fileSecurity && !$validator->isValid($file->getRead())) {
|
||||
throw new Exception(Exception::USER_UNAUTHORIZED);
|
||||
}
|
||||
|
||||
$usage
|
||||
|
@ -874,11 +875,8 @@ App::get('/v1/storage/buckets/:bucketId/files/:fileId/preview')
|
|||
throw new Exception(Exception::STORAGE_FILE_NOT_FOUND);
|
||||
}
|
||||
|
||||
if ($fileSecurity) {
|
||||
$valid |= $validator->isValid($file->getRead());
|
||||
}
|
||||
if (!$valid) {
|
||||
throw new Exception('Unauthorized permissions', 401, Exception::USER_UNAUTHORIZED);
|
||||
if ($fileSecurity && !$validator->isValid($file->getRead())) {
|
||||
throw new Exception(Exception::USER_UNAUTHORIZED);
|
||||
}
|
||||
|
||||
$path = $file->getAttribute('path');
|
||||
|
@ -1029,11 +1027,8 @@ App::get('/v1/storage/buckets/:bucketId/files/:fileId/download')
|
|||
throw new Exception(Exception::STORAGE_FILE_NOT_FOUND);
|
||||
}
|
||||
|
||||
if ($bucket->getAttribute('fileSecurity', false)) {
|
||||
$valid |= $validator->isValid($file->getRead());
|
||||
}
|
||||
if (!$valid) {
|
||||
throw new Exception('Unauthorized permissions', 401, Exception::USER_UNAUTHORIZED);
|
||||
if ($fileSecurity && !$validator->isValid($file->getRead())) {
|
||||
throw new Exception(Exception::USER_UNAUTHORIZED);
|
||||
}
|
||||
|
||||
$path = $file->getAttribute('path', '');
|
||||
|
@ -1167,11 +1162,8 @@ App::get('/v1/storage/buckets/:bucketId/files/:fileId/view')
|
|||
throw new Exception(Exception::STORAGE_FILE_NOT_FOUND);
|
||||
}
|
||||
|
||||
if ($fileSecurity) {
|
||||
$valid |= $validator->isValid($file->getRead());
|
||||
}
|
||||
if (!$valid) {
|
||||
throw new Exception('Unauthorized permissions', 401, Exception::USER_UNAUTHORIZED);
|
||||
if ($fileSecurity && !$validator->isValid($file->getRead())) {
|
||||
throw new Exception(Exception::USER_UNAUTHORIZED);
|
||||
}
|
||||
|
||||
$mimes = Config::getParam('storage-mimes');
|
||||
|
@ -1319,11 +1311,8 @@ App::put('/v1/storage/buckets/:bucketId/files/:fileId')
|
|||
throw new Exception(Exception::STORAGE_FILE_NOT_FOUND);
|
||||
}
|
||||
|
||||
if ($fileSecurity) {
|
||||
$valid |= $validator->isValid($file->getUpdate());
|
||||
}
|
||||
if (!$valid) {
|
||||
throw new Exception('Unauthorized permissions', 401, Exception::USER_UNAUTHORIZED);
|
||||
if ($fileSecurity && !$validator->isValid($file->getUpdate())) {
|
||||
throw new Exception(Exception::USER_UNAUTHORIZED);
|
||||
}
|
||||
|
||||
// Users can only manage their own roles, API keys and Admin users can manage any
|
||||
|
@ -1410,11 +1399,8 @@ App::delete('/v1/storage/buckets/:bucketId/files/:fileId')
|
|||
throw new Exception(Exception::STORAGE_FILE_NOT_FOUND);
|
||||
}
|
||||
|
||||
if ($fileSecurity) {
|
||||
$valid |= $validator->isValid($file->getDelete());
|
||||
}
|
||||
if (!$valid) {
|
||||
throw new Exception('Unauthorized permissions', 401, Exception::USER_UNAUTHORIZED);
|
||||
if ($fileSecurity && !$validator->isValid($file->getDelete())) {
|
||||
throw new Exception(Exception::USER_UNAUTHORIZED);
|
||||
}
|
||||
|
||||
$deviceDeleted = false;
|
||||
|
|
Loading…
Reference in a new issue