CodeMirror/appwrite
1
0
Fork 0
mirror of synced 2024-05-20 04:32:37 +12:00
Code Issues Projects Releases Wiki Activity

Role reference updates

Browse source
This commit is contained in:
Jake Barnby 2022-08-03 16:17:49 +12:00
parent ce38e74ba2
commit 1ab86c9331
34 changed files with 484 additions and 321 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
app/controllers/api/account.php
View file

@ -897,7 +897,7 @@ App::post('/v1/account/sessions/phone')
$user = Authorization::skip(fn () => $dbForProject->createDocument('users', new Document([
'$id' => $userId,
'$permissions' => [
'read(any)',
'read(any)',
'write(user:' . $userId . ')'
],
'email' => null,
@ -1174,8 +1174,7 @@ App::post('/v1/account/sessions/anonymous')
Authorization::setRole('user:' . $user->getId());
$session = $dbForProject->createDocument('sessions', $session
-->setAttribute('$permissions', [
$session = $dbForProject->createDocument('sessions', $session-- > setAttribute('$permissions', [
'read(user: ' . $user->getId() . ')',
'write(user:' . $user->getId() . ')'
]));

2
app/controllers/api/databases.php
View file

@ -757,7 +757,7 @@ App::put('/v1/databases/:databaseId/collections/:collectionId')
->inject('audits')
->inject('usage')
->inject('events')
->action(function (string $databaseId, string $collectionId, string $name, ?array $permissions, bool $documentSecurity, bool $enabled, Response $response, Database $dbForProject, EventAudit $audits, Stats $usage, Event $events) {
->action(function (string $databaseId, string $collectionId, string $name, ?array $permissions, bool $documentSecurity, bool $enabled, Response $response, Database $dbForProject, EventAudit $audits, Stats $usage, Event $events) {
$database = Authorization::skip(fn () => $dbForProject->getDocument('databases', $databaseId));

3
app/http.php
View file

@ -163,7 +163,6 @@ $http->on('start', function (Server $http) use ($payloadSize, $register) {
'$id' => 'default',
'$collection' => 'buckets',
'name' => 'Default',
'permission' => 'file',
'maximumFileSize' => (int) App::getEnv('_APP_STORAGE_LIMIT', 0), // 10MB
'allowedFileExtensions' => [],
'enabled' => true,
@ -254,7 +253,7 @@ $http->on('request', function (SwooleRequest $swooleRequest, SwooleResponse $swo
try {
Authorization::cleanRoles();
Authorization::setRole('role:all');
Authorization::setRole('any');
$app->run($request, $response);
} catch (\Throwable $th) {

6
app/realtime.php
View file

@ -202,7 +202,7 @@ $server->onWorkerStart(function (int $workerId) use ($server, $register, $stats,
/**
* Sending current connections to project channels on the console project every 5 seconds.
*/
if ($realtime->hasSubscriber('console', 'role:member', 'project')) {
if ($realtime->hasSubscriber('console', 'users', 'project')) {
[$database, $returnDatabase] = getDatabase($register, '_console');
$payload = [];
@ -253,12 +253,12 @@ $server->onWorkerStart(function (int $workerId) use ($server, $register, $stats,
/**
* Sending test message for SDK E2E tests every 5 seconds.
*/
if ($realtime->hasSubscriber('console', 'role:guest', 'tests')) {
if ($realtime->hasSubscriber('console', 'guests', 'tests')) {
$payload = ['response' => 'WS:/v1/realtime:passed'];
$event = [
'project' => 'console',
'roles' => ['role:guest'],
'roles' => ['guests'],
'data' => [
'events' => ['test.event'],
'channels' => ['tests'],

4
app/views/console/databases/collection.phtml
View file

@ -553,11 +553,11 @@ $logs = $this->getParam('logs', null);
<div data-ls-if="{{project-collection.permission}} === 'collection'">
<label for="collection-read">Read Access <span class="text-size-small">(<a data-ls-attrs="href={{env.HOME}}/docs/permissions" target="_blank" rel="noopener">Learn more</a>)</span></label>
<input type="hidden" id="collection-read" name="read" data-forms-tags data-cast-to="json" data-ls-bind="{{project-collection.$read}}" placeholder="User ID, Team ID or Role" />
<div class="text-fade text-size-xs margin-top-negative-small margin-bottom">Add 'role:all' for wildcard access</div>
<div class="text-fade text-size-xs margin-top-negative-small margin-bottom">Add 'any' for wildcard access</div>
<label for="collection-write">Write Access <span class="text-size-small">(<a data-ls-attrs="href={{env.HOME}}/docs/permissions" target="_blank" rel="noopener">Learn more</a>)</label>
<input type="hidden" id="collection-write" name="write" data-forms-tags data-cast-to="json" data-ls-bind="{{project-collection.$write}}" placeholder="User ID, Team ID or Role" />
<div class="text-fade text-size-xs margin-top-negative-small margin-bottom">Add 'role:all' for wildcard access</div>
<div class="text-fade text-size-xs margin-top-negative-small margin-bottom">Add 'any' for wildcard access</div>
</div>
</div>
</div>

4
app/views/console/databases/document.phtml
View file

@ -321,11 +321,11 @@ $logs = $this->getParam('logs', null);
<label for="collection-read">Read Access <span class="text-size-small">(<a data-ls-attrs="href={{env.HOME}}/docs/permissions" target="_blank" rel="noopener">Learn more</a>)</span></label>
<input type="hidden" id="collection-read" name="read" data-forms-tags data-cast-to="json" data-ls-bind="{{project-document.$read}}" placeholder="User ID, Team ID or Role" />
<div class="text-fade text-size-xs margin-top-negative-small margin-bottom">Add 'role:all' for wildcard access</div>
<div class="text-fade text-size-xs margin-top-negative-small margin-bottom">Add 'any' for wildcard access</div>
<label for="collection-write">Write Access <span class="text-size-small">(<a data-ls-attrs="href={{env.HOME}}/docs/permissions" target="_blank" rel="noopener">Learn more</a>)</label>
<input type="hidden" id="collection-write" name="write" data-forms-tags data-cast-to="json" data-ls-bind="{{project-document.$write}}" placeholder="User ID, Team ID or Role" />
<div class="text-fade text-size-xs margin-top-negative-small margin-bottom">Add 'role:all' for wildcard access</div>
<div class="text-fade text-size-xs margin-top-negative-small margin-bottom">Add 'any' for wildcard access</div>
</div>
<button data-ls-if="({{project-document.$id}})">Update</button>

2
app/views/console/functions/function.phtml
View file

@ -537,7 +537,7 @@ sort($patterns);
<label for="execute">Execute Access <span class="tooltip small" data-tooltip="Choose who can execute this function using the client API."><i class="icon-info-circled"></i></span> <span class="text-size-small">(<a data-ls-attrs="href={{env.HOME}}/docs/permissions" target="_blank" rel="noopener">Learn more</a>)</span></label>
<input type="hidden" id="execute" name="execute" data-forms-tags data-cast-to="json" data-ls-bind="{{project-function.execute}}" placeholder="User ID, Team ID or Role" />
<div class="text-fade text-size-xs margin-top-negative-small margin-bottom">Add 'role:all' for wildcard access</div>
<div class="text-fade text-size-xs margin-top-negative-small margin-bottom">Add 'any' for wildcard access</div>
<label for="timeout">Timeout (seconds) <span class="tooltip small" data-tooltip="Limit the execution time of your function."><i class="icon-info-circled"></i></span></label>
<input name="timeout" id="function-timeout" type="number" autocomplete="off" data-ls-bind="{{project-function.timeout}}" min="1" max="<?php echo $this->escape($timeout); ?>" data-cast-to="integer" />

2
app/views/console/settings/index.phtml
View file

@ -57,7 +57,7 @@ $smtpEnabled = $this->getParam('smtpEnabled', false);
<label for="logo">Project Logo</label>
<div class="text-align-center clear">
<input type="hidden" name="logo" data-ls-bind="{{console-project.logo}}" data-read="<?php echo $this->escape(json_encode(['role:all'])); ?>" data-write="<?php echo $this->escape(json_encode(['team:{{console-project.teamId}}'])); ?>" data-accept="image/*" data-forms-upload="" data-label-button="Upload" data-preview-alt="Project Logo" data-scope="console" data-default="">
<input type="hidden" name="logo" data-ls-bind="{{console-project.logo}}" data-read="<?php echo $this->escape(json_encode(['any'])); ?>" data-write="<?php echo $this->escape(json_encode(['team:{{console-project.teamId}}'])); ?>" data-accept="image/*" data-forms-upload="" data-label-button="Upload" data-preview-alt="Project Logo" data-scope="console" data-default="">
</div>
<hr />

14
app/views/console/storage/bucket.phtml
View file

@ -133,11 +133,11 @@ $fileLimitHuman = $this->getParam('fileLimitHuman', 0);
<label for="file-read">Read Access (<a data-ls-attrs="href={{env.HOME}}/docs/permissions" target="_blank" rel="noopener">Learn more</a>)</label>
<input type="hidden" data-ls-attrs="id=file-read-{{file.$id}}" name="read" data-forms-tags data-cast-to="json" data-ls-bind="{{file.$permissions}}" placeholder="User ID, Team ID or Role" />
<div class="text-fade text-size-xs margin-top-negative-small margin-bottom">Add 'role:all' for wildcard access</div>
<div class="text-fade text-size-xs margin-top-negative-small margin-bottom">Add 'any' for wildcard access</div>
<label for="file-write">Write Access (<a data-ls-attrs="href={{env.HOME}}/docs/permissions" target="_blank" rel="noopener">Learn more</a>)</label>
<input type="hidden" data-ls-attrs="id=file-write-{{file.$id}}" name="write" data-forms-tags data-cast-to="json" data-ls-bind="{{file.$permissions}}" placeholder="User ID, Team ID or Role" />
<div class="text-fade text-size-xs margin-top-negative-small margin-bottom">Add 'role:all' for wildcard access</div>
<div class="text-fade text-size-xs margin-top-negative-small margin-bottom">Add 'any' for wildcard access</div>
</form>
<form class="strip"
@ -291,12 +291,12 @@ $fileLimitHuman = $this->getParam('fileLimitHuman', 0);
<div class="text-fade text-size-xs margin-top-negative-small margin-bottom">(Max file size allowed: <?php echo $fileLimitHuman; ?>)</div>
<label for="file-read">Read Access (<a data-ls-attrs="href={{env.HOME}}/docs/permissions" target="_blank" rel="noopener">Learn more</a>)</label>
<input type="hidden" id="file-read" name="read" data-forms-tags data-cast-to="json" value="<?php echo htmlentities(json_encode(['role:all'])); ?>" placeholder="User ID, Team ID or Role" />
<div class="text-fade text-size-xs margin-top-negative-small margin-bottom">Add 'role:all' for wildcard access</div>
<input type="hidden" id="file-read" name="read" data-forms-tags data-cast-to="json" value="<?php echo htmlentities(json_encode(['any'])); ?>" placeholder="User ID, Team ID or Role" />
<div class="text-fade text-size-xs margin-top-negative-small margin-bottom">Add 'any' for wildcard access</div>
<label for="file-write">Write Access (<a data-ls-attrs="href={{env.HOME}}/docs/permissions" target="_blank" rel="noopener">Learn more</a>)</label>
<input type="hidden" id="file-write" name="write" data-forms-tags data-cast-to="json" value="" placeholder="User ID, Team ID or Role" />
<div class="text-fade text-size-xs margin-top-negative-small margin-bottom">Add 'role:all' for wildcard access</div>
<div class="text-fade text-size-xs margin-top-negative-small margin-bottom">Add 'any' for wildcard access</div>
<footer>
<button type="submit">Create</button> &nbsp; <button data-ui-modal-close="" type="button" class="reverse">Cancel</button>
@ -440,11 +440,11 @@ $fileLimitHuman = $this->getParam('fileLimitHuman', 0);
<label for="bucket-read">Read Access <span class="text-size-small">(<a data-ls-attrs="href={{env.HOME}}/docs/permissions" target="_blank" rel="noopener">Learn more</a>)</span></label>
<input type="hidden" id="bucket-read" name="read" data-forms-tags data-cast-to="json" data-ls-bind="{{project-bucket.$permissions}}" placeholder="User ID, Team ID or Role" />
<div class="text-fade text-size-xs margin-top-negative-small margin-bottom">Add 'role:all' for wildcard access</div>
<div class="text-fade text-size-xs margin-top-negative-small margin-bottom">Add 'any' for wildcard access</div>
<label for="bucket-write">Write Access <span class="text-size-small">(<a data-ls-attrs="href={{env.HOME}}/docs/permissions" target="_blank" rel="noopener">Learn more</a>)</label>
<input type="hidden" id="bucket-write" name="write" data-forms-tags data-cast-to="json" data-ls-bind="{{project-bucket.$permissions}}" placeholder="User ID, Team ID or Role" />
<div class="text-fade text-size-xs margin-top-negative-small margin-bottom">Add 'role:all' for wildcard access</div>
<div class="text-fade text-size-xs margin-top-negative-small margin-bottom">Add 'any' for wildcard access</div>
</div>
</div>
</div>

4
docs/specs/authentication.drawio.svg
View file

@ -342,7 +342,7 @@
<div style="display: inline-block; font-size: 12px; font-family: Helvetica; color: rgb(0, 0, 0); line-height: 1.2; pointer-events: all; white-space: normal; overflow-wrap: normal;">
Guset
<br/>
role:guest
guests
</div>
</div>
</div>
@ -363,7 +363,7 @@
<div style="display: inline-block; font-size: 12px; font-family: Helvetica; color: rgb(0, 0, 0); line-height: 1.2; pointer-events: all; white-space: normal; overflow-wrap: normal;">
Member
<br/>
role:member
users
</div>
</div>
</div>

Side by side Swipe Overlay

Before

Width:  |  Height:  |  Size: 64 KiB

After

Width:  |  Height:  |  Size: 64 KiB

6
src/Appwrite/Messaging/Adapter/Realtime.php
View file

@ -288,13 +288,15 @@ class Realtime extends Adapter
$channels[] = 'databases.' . $database->getId() . '.collections.' . $payload->getCollection() . '.documents';
$channels[] = 'databases.' . $database->getId() . '.collections.' . $payload->getCollection() . '.documents.' . $payload->getId();
$roles = ($collection->getAttribute('permission') === 'collection') ? $collection->getRead() : $payload->getRead();
$roles = ($collection->getAttribute('documentSecurity', false))
? \array_merge($collection->getRead(), $payload->getRead())
: $collection->getRead();
}
break;
case 'buckets':
if ($parts[2] === 'files') {
if ($bucket->isEmpty()) {
throw new \Exception('Bucket needs to be pased to Realtime for File events in the Storage.');
throw new \Exception('Bucket needs to be passed to Realtime for File events in the Storage.');
}
$channels[] = 'files';
$channels[] = 'buckets.' . $payload->getAttribute('bucketId') . '.files';

2
src/Appwrite/Specification/Format/Swagger2.php
View file

@ -312,7 +312,7 @@ class Swagger2 extends Format
$node['items'] = [
'type' => 'string',
];
$node['x-example'] = '["role:all"]';
$node['x-example'] = '["read(any)"]';
break;
case 'Appwrite\Auth\Validator\Password':
$node['type'] = $validator->getType();

2
src/Appwrite/Utopia/Response/Model/Execution.php
View file

@ -32,7 +32,7 @@ class Execution extends Model
'type' => self::TYPE_STRING,
'description' => 'Execution permissions.',
'default' => '',
'example' => 'role:all',
'example' => 'any',
'array' => true,
])
->addRule('functionId', [

2
src/Appwrite/Utopia/Response/Model/File.php
View file

@ -38,7 +38,7 @@ class File extends Model
'type' => self::TYPE_STRING,
'description' => 'File permissions.',
'default' => [],
'example' => 'read(role:all)',
'example' => 'read(any)',
'array' => true,
])
->addRule('name', [

2
src/Appwrite/Utopia/Response/Model/Func.php
View file

@ -34,7 +34,7 @@ class Func extends Model
'type' => self::TYPE_STRING,
'description' => 'Execution permissions.',
'default' => [],
'example' => 'role:member',
'example' => 'users',
'array' => true,
])
->addRule('name', [

231
tests/e2e/Services/Databases/DatabasesBase.php
View file

@ -44,9 +44,8 @@ trait DatabasesBase
]), [
'collectionId' => 'unique()',
'name' => 'Movies',
'read' => [],
'write' => [],
'permission' => 'document',
'permissions' => [],
'documentSecurity' => true,
]);
$this->assertEquals($movies['headers']['status-code'], 201);
@ -71,7 +70,7 @@ trait DatabasesBase
]), [
'name' => 'Movies',
'enabled' => false,
'permission' => 'document',
'documentSecurity' => true,
]);
$this->assertEquals($response['headers']['status-code'], 200);
@ -86,8 +85,10 @@ trait DatabasesBase
'data' => [
'title' => 'Captain America',
],
'read' => ['user:' . $this->getUser()['$id']],
'write' => ['user:' . $this->getUser()['$id']],
'permissions' => [
'read(user:' . $this->getUser()['$id'] . ')',
'write(user:' . $this->getUser()['$id'] . ')',
],
]);
$responseListDocument = $this->client->call(Client::METHOD_GET, '/databases/' . $databaseId . '/collections/' . $data['moviesId'] . '/documents', array_merge([
@ -112,7 +113,7 @@ trait DatabasesBase
]), [
'name' => 'Movies',
'enabled' => true,
'permission' => 'document',
'documentSecurity' => true,
]);
$this->assertEquals($response['headers']['status-code'], 200);
@ -220,9 +221,8 @@ trait DatabasesBase
]), [
'collectionId' => 'unique()',
'name' => 'Response Models',
'read' => [],
'write' => [],
'permission' => 'document',
'permissions' => [],
'documentSecurity' => true,
]);
$this->assertEquals($collection['headers']['status-code'], 201);
@ -785,8 +785,10 @@ trait DatabasesBase
'Samuel Jackson',
]
],
'read' => ['user:' . $this->getUser()['$id']],
'write' => ['user:' . $this->getUser()['$id']],
'permissions' => [
'read(user: ' . $this->getUser()['$id'] . ')',
'write(user: ' . $this->getUser()['$id'] . ')',
]
]);
$document2 = $this->client->call(Client::METHOD_POST, '/databases/' . $databaseId . '/collections/' . $data['moviesId'] . '/documents', array_merge([
@ -803,8 +805,10 @@ trait DatabasesBase
'Samuel Jackson',
]
],
'read' => ['user:' . $this->getUser()['$id']],
'write' => ['user:' . $this->getUser()['$id']],
'permissions' => [
'read(user: ' . $this->getUser()['$id'] . ')',
'write(user: ' . $this->getUser()['$id'] . ')',
]
]);
$document3 = $this->client->call(Client::METHOD_POST, '/databases/' . $databaseId . '/collections/' . $data['moviesId'] . '/documents', array_merge([
@ -821,8 +825,10 @@ trait DatabasesBase
'Zendaya Maree Stoermer',
],
],
'read' => ['user:' . $this->getUser()['$id']],
'write' => ['user:' . $this->getUser()['$id']],
'permissions' => [
'read(user: ' . $this->getUser()['$id'] . ')',
'write(user: ' . $this->getUser()['$id'] . ')',
]
]);
$document4 = $this->client->call(Client::METHOD_POST, '/databases/' . $databaseId . '/collections/' . $data['moviesId'] . '/documents', array_merge([
@ -833,8 +839,10 @@ trait DatabasesBase
'data' => [
'releaseYear' => 2020, // Missing title, expect an 400 error
],
'read' => ['user:' . $this->getUser()['$id']],
'write' => ['user:' . $this->getUser()['$id']],
'permissions' => [
'read(user: ' . $this->getUser()['$id'] . ')',
'write(user: ' . $this->getUser()['$id'] . ')',
]
]);
$this->assertEquals($document1['headers']['status-code'], 201);
@ -942,9 +950,8 @@ trait DatabasesBase
]), [
'collectionId' => 'unique()',
'name' => 'Movies',
'read' => [],
'write' => [],
'permission' => 'document',
'permissions' => [],
'documentSecurity' => true,
]);
$this->assertEquals($movies['headers']['status-code'], 201);
@ -1476,8 +1483,10 @@ trait DatabasesBase
'releaseYear' => 2017,
'actors' => [],
],
'read' => ['user:' . $this->getUser()['$id']],
'write' => ['user:' . $this->getUser()['$id']],
'permissions' => [
'read(user: ' . $this->getUser()['$id'] . ')',
'write(user: ' . $this->getUser()['$id'] . ')',
]
]);
$id = $document['body']['$id'];
@ -1529,9 +1538,8 @@ trait DatabasesBase
]), [
'collectionId' => 'unique()',
'name' => 'invalidDocumentStructure',
'read' => [],
'write' => [],
'permission' => 'document',
'permissions' => [],
'documentSecurity' => true,
]);
$this->assertEquals(201, $collection['headers']['status-code']);
@ -1726,8 +1734,10 @@ trait DatabasesBase
'data' => [
'email' => 'user@example.com',
],
'read' => ['user:' . $this->getUser()['$id']],
'write' => ['user:' . $this->getUser()['$id']],
'permissions' => [
'read(user: ' . $this->getUser()['$id'] . ')',
'write(user: ' . $this->getUser()['$id'] . ')',
]
]);
$goodEnum = $this->client->call(Client::METHOD_POST, '/databases/' . $databaseId . '/collections/' . $collectionId . '/documents', array_merge([
@ -1738,8 +1748,10 @@ trait DatabasesBase
'data' => [
'enum' => 'yes',
],
'read' => ['user:' . $this->getUser()['$id']],
'write' => ['user:' . $this->getUser()['$id']],
'permissions' => [
'read(user: ' . $this->getUser()['$id'] . ')',
'write(user: ' . $this->getUser()['$id'] . ')',
]
]);
$goodIp = $this->client->call(Client::METHOD_POST, '/databases/' . $databaseId . '/collections/' . $collectionId . '/documents', array_merge([
@ -1750,8 +1762,10 @@ trait DatabasesBase
'data' => [
'ip' => '1.1.1.1',
],
'read' => ['user:' . $this->getUser()['$id']],
'write' => ['user:' . $this->getUser()['$id']],
'permissions' => [
'read(user: ' . $this->getUser()['$id'] . ')',
'write(user: ' . $this->getUser()['$id'] . ')',
]
]);
$goodUrl = $this->client->call(Client::METHOD_POST, '/databases/' . $databaseId . '/collections/' . $collectionId . '/documents', array_merge([
@ -1762,8 +1776,10 @@ trait DatabasesBase
'data' => [
'url' => 'http://www.example.com',
],
'read' => ['user:' . $this->getUser()['$id']],
'write' => ['user:' . $this->getUser()['$id']],
'permissions' => [
'read(user: ' . $this->getUser()['$id'] . ')',
'write(user: ' . $this->getUser()['$id'] . ')',
]
]);
$goodRange = $this->client->call(Client::METHOD_POST, '/databases/' . $databaseId . '/collections/' . $collectionId . '/documents', array_merge([
@ -1774,8 +1790,10 @@ trait DatabasesBase
'data' => [
'range' => 3,
],
'read' => ['user:' . $this->getUser()['$id']],
'write' => ['user:' . $this->getUser()['$id']],
'permissions' => [
'read(user: ' . $this->getUser()['$id'] . ')',
'write(user: ' . $this->getUser()['$id'] . ')',
]
]);
$goodFloatRange = $this->client->call(Client::METHOD_POST, '/databases/' . $databaseId . '/collections/' . $collectionId . '/documents', array_merge([
@ -1786,8 +1804,10 @@ trait DatabasesBase
'data' => [
'floatRange' => 1.4,
],
'read' => ['user:' . $this->getUser()['$id']],
'write' => ['user:' . $this->getUser()['$id']],
'permissions' => [
'read(user: ' . $this->getUser()['$id'] . ')',
'write(user: ' . $this->getUser()['$id'] . ')',
]
]);
$goodProbability = $this->client->call(Client::METHOD_POST, '/databases/' . $databaseId . '/collections/' . $collectionId . '/documents', array_merge([
@ -1798,8 +1818,10 @@ trait DatabasesBase
'data' => [
'probability' => 0.99999,
],
'read' => ['user:' . $this->getUser()['$id']],
'write' => ['user:' . $this->getUser()['$id']],
'permissions' => [
'read(user: ' . $this->getUser()['$id'] . ')',
'write(user: ' . $this->getUser()['$id'] . ')',
]
]);
$notTooHigh = $this->client->call(Client::METHOD_POST, '/databases/' . $databaseId . '/collections/' . $collectionId . '/documents', array_merge([
@ -1810,8 +1832,10 @@ trait DatabasesBase
'data' => [
'upperBound' => 8,
],
'read' => ['user:' . $this->getUser()['$id']],
'write' => ['user:' . $this->getUser()['$id']],
'permissions' => [
'read(user: ' . $this->getUser()['$id'] . ')',
'write(user: ' . $this->getUser()['$id'] . ')',
]
]);
$notTooLow = $this->client->call(Client::METHOD_POST, '/databases/' . $databaseId . '/collections/' . $collectionId . '/documents', array_merge([
@ -1822,8 +1846,10 @@ trait DatabasesBase
'data' => [
'lowerBound' => 8,
],
'read' => ['user:' . $this->getUser()['$id']],
'write' => ['user:' . $this->getUser()['$id']],
'permissions' => [
'read(user: ' . $this->getUser()['$id'] . ')',
'write(user: ' . $this->getUser()['$id'] . ')',
]
]);
$this->assertEquals(201, $goodEmail['headers']['status-code']);
@ -1848,8 +1874,10 @@ trait DatabasesBase
'data' => [
'email' => 'user@@example.com',
],
'read' => ['user:' . $this->getUser()['$id']],
'write' => ['user:' . $this->getUser()['$id']],
'permissions' => [
'read(user: ' . $this->getUser()['$id'] . ')',
'write(user: ' . $this->getUser()['$id'] . ')',
]
]);
$badEnum = $this->client->call(Client::METHOD_POST, '/databases/' . $databaseId . '/collections/' . $collectionId . '/documents', array_merge([
@ -1860,8 +1888,10 @@ trait DatabasesBase
'data' => [
'enum' => 'badEnum',
],
'read' => ['user:' . $this->getUser()['$id']],
'write' => ['user:' . $this->getUser()['$id']],
'permissions' => [
'read(user: ' . $this->getUser()['$id'] . ')',
'write(user: ' . $this->getUser()['$id'] . ')',
]
]);
$badIp = $this->client->call(Client::METHOD_POST, '/databases/' . $databaseId . '/collections/' . $collectionId . '/documents', array_merge([
@ -1872,8 +1902,10 @@ trait DatabasesBase
'data' => [
'ip' => '1.1.1.1.1',
],
'read' => ['user:' . $this->getUser()['$id']],
'write' => ['user:' . $this->getUser()['$id']],
'permissions' => [
'read(user: ' . $this->getUser()['$id'] . ')',
'write(user: ' . $this->getUser()['$id'] . ')',
]
]);
$badUrl = $this->client->call(Client::METHOD_POST, '/databases/' . $databaseId . '/collections/' . $collectionId . '/documents', array_merge([
@ -1884,8 +1916,10 @@ trait DatabasesBase
'data' => [
'url' => 'example...com',
],
'read' => ['user:' . $this->getUser()['$id']],
'write' => ['user:' . $this->getUser()['$id']],
'permissions' => [
'read(user: ' . $this->getUser()['$id'] . ')',
'write(user: ' . $this->getUser()['$id'] . ')',
]
]);
$badRange = $this->client->call(Client::METHOD_POST, '/databases/' . $databaseId . '/collections/' . $collectionId . '/documents', array_merge([
@ -1896,8 +1930,10 @@ trait DatabasesBase
'data' => [
'range' => 11,
],
'read' => ['user:' . $this->getUser()['$id']],
'write' => ['user:' . $this->getUser()['$id']],
'permissions' => [
'read(user: ' . $this->getUser()['$id'] . ')',
'write(user: ' . $this->getUser()['$id'] . ')',
]
]);
$badFloatRange = $this->client->call(Client::METHOD_POST, '/databases/' . $databaseId . '/collections/' . $collectionId . '/documents', array_merge([
@ -1908,8 +1944,10 @@ trait DatabasesBase
'data' => [
'floatRange' => 2.5,
],
'read' => ['user:' . $this->getUser()['$id']],
'write' => ['user:' . $this->getUser()['$id']],
'permissions' => [
'read(user: ' . $this->getUser()['$id'] . ')',
'write(user: ' . $this->getUser()['$id'] . ')',
]
]);
$badProbability = $this->client->call(Client::METHOD_POST, '/databases/' . $databaseId . '/collections/' . $collectionId . '/documents', array_merge([
@ -1920,8 +1958,10 @@ trait DatabasesBase
'data' => [
'probability' => 1.1,
],
'read' => ['user:' . $this->getUser()['$id']],
'write' => ['user:' . $this->getUser()['$id']],
'permissions' => [
'read(user: ' . $this->getUser()['$id'] . ')',
'write(user: ' . $this->getUser()['$id'] . ')',
]
]);
$tooHigh = $this->client->call(Client::METHOD_POST, '/databases/' . $databaseId . '/collections/' . $collectionId . '/documents', array_merge([
@ -1932,8 +1972,10 @@ trait DatabasesBase
'data' => [
'upperBound' => 11,
],
'read' => ['user:' . $this->getUser()['$id']],
'write' => ['user:' . $this->getUser()['$id']],
'permissions' => [
'read(user: ' . $this->getUser()['$id'] . ')',
'write(user: ' . $this->getUser()['$id'] . ')',
]
]);
$tooLow = $this->client->call(Client::METHOD_POST, '/databases/' . $databaseId . '/collections/' . $collectionId . '/documents', array_merge([
@ -1944,8 +1986,10 @@ trait DatabasesBase
'data' => [
'lowerBound' => 3,
],
'read' => ['user:' . $this->getUser()['$id']],
'write' => ['user:' . $this->getUser()['$id']],
'permissions' => [
'read(user: ' . $this->getUser()['$id'] . ')',
'write(user: ' . $this->getUser()['$id'] . ')',
]
]);
$this->assertEquals(400, $badEmail['headers']['status-code']);
@ -2066,8 +2110,7 @@ trait DatabasesBase
'releaseYear' => 1946,
'actors' => [],
],
'read' => [],
'write' => [],
'permissions' => [],
]);
if ($this->getSide() == 'client') {
@ -2108,9 +2151,10 @@ trait DatabasesBase
]), [
'collectionId' => 'unique()',
'name' => 'enforceCollectionPermissions',
'permission' => 'collection',
'read' => [$user],
'write' => [$user]
'permissions' => [
'read(' . $user . ')',
'write(' . $user . ')',
],
]);
$this->assertEquals($collection['headers']['status-code'], 201);
@ -2161,8 +2205,10 @@ trait DatabasesBase
'data' => [
'attribute' => 'one',
],
'read' => [$user],
'write' => [$user],
'permissions' => [
'read(' . $user . ')',
'write(' . $user . ')',
]
]);
$this->assertEquals(201, $document1['headers']['status-code']);
@ -2175,8 +2221,9 @@ trait DatabasesBase
'data' => [
'attribute' => 'one',
],
'read' => [],
'write' => [$user],
'permissions' => [
'write(' . $user . ')',
]
]);
$this->assertEquals(201, $document2['headers']['status-code']);
@ -2189,8 +2236,7 @@ trait DatabasesBase
'data' => [
'attribute' => 'one',
],
'read' => [],
'write' => [],
'permissions' => [],
]);
$this->assertEquals(201, $document3['headers']['status-code']);
@ -2214,9 +2260,9 @@ trait DatabasesBase
'x-appwrite-key' => $this->getProject()['apiKey']
]), [
'name' => 'enforceCollectionPermissions',
'permission' => 'collection',
'read' => [$user],
'write' => []
'permissions' => [
'read(' . $user . ')'
],
]);
$this->assertEquals(200, $collection['headers']['status-code']);
@ -2229,8 +2275,10 @@ trait DatabasesBase
'data' => [
'attribute' => 'bad',
],
'read' => [$user],
'write' => [$user],
'permissions' => [
'read(' . $user . ')',
'write(' . $user . ')',
],
]);
if ($this->getSide() == 'client') {
@ -2248,9 +2296,7 @@ trait DatabasesBase
'x-appwrite-key' => $this->getProject()['apiKey']
]), [
'name' => 'enforceCollectionPermissions',
'permission' => 'collection',
'read' => [],
'write' => []
'permissions' => [],
]);
$this->assertEquals(200, $collection['headers']['status-code']);
@ -2297,8 +2343,10 @@ trait DatabasesBase
'Samuel Jackson',
]
],
'read' => ['user:' . $this->getUser()['$id']],
'write' => ['user:' . $this->getUser()['$id']],
'permissions' => [
'read(user: ' . $this->getUser()['$id'] . ')',
'write(user: ' . $this->getUser()['$id'] . ')',
]
]);
$this->assertEquals(409, $duplicate['headers']['status-code']);
@ -2317,8 +2365,10 @@ trait DatabasesBase
'Samuel Jackson',
]
],
'read' => ['user:' . $this->getUser()['$id']],
'write' => ['user:' . $this->getUser()['$id']],
'permissions' => [
'read(user: ' . $this->getUser()['$id'] . ')',
'write(user: ' . $this->getUser()['$id'] . ')',
]
]);
$this->assertEquals(201, $document['headers']['status-code']);
@ -2337,8 +2387,10 @@ trait DatabasesBase
'Samuel Jackson',
]
],
'read' => ['user:' . $this->getUser()['$id']],
'write' => ['user:' . $this->getUser()['$id']],
'permissions' => [
'read(user: ' . $this->getUser()['$id'] . ')',
'write(user: ' . $this->getUser()['$id'] . ')',
]
]);
$this->assertEquals(409, $duplicate['headers']['status-code']);
@ -2430,9 +2482,8 @@ trait DatabasesBase
]), [
'collectionId' => 'unique()',
'name' => 'Movies',
'read' => [],
'write' => [],
'permission' => 'document',
'permissions' => [],
'documentSecurity' => true,
]);
$this->assertEquals($movies['headers']['status-code'], 201);

8
tests/e2e/Services/Databases/DatabasesConsoleClientTest.php
View file

@ -35,9 +35,11 @@ class DatabasesConsoleClientTest extends Scope
], $this->getHeaders()), [
'collectionId' => 'unique()',
'name' => 'Movies',
'read' => ['role:all'],
'write' => ['role:all'],
'permission' => 'document',
'permissions' => [
'read(any)',
'write(any)',
],
'documentSecurity' => true,
]);
$this->assertEquals($movies['headers']['status-code'], 201);

11
tests/e2e/Services/Databases/DatabasesCustomClientTest.php
View file

@ -47,9 +47,8 @@ class DatabasesCustomClientTest extends Scope
]), [
'collectionId' => 'permissionCheck',
'name' => 'permissionCheck',
'read' => [],
'write' => [],
'permission' => 'document'
'permissions' => [],
'documentSecurity' => true,
]);
$this->assertEquals(201, $response['headers']['status-code']);
@ -78,8 +77,10 @@ class DatabasesCustomClientTest extends Scope
'data' => [
'name' => 'AppwriteBeginner',
],
'read' => ['user:' . $userId, 'user:user2'],
'write' => ['user:' . $userId],
'permissions' => [
'read(user:' . $userId . ', user:user2)',
'write(user:' . $userId . ')',
],
]);
$this->assertEquals(201, $response['headers']['status-code']);

80
tests/e2e/Services/Databases/DatabasesCustomServerTest.php
View file

@ -250,9 +250,11 @@ class DatabasesCustomServerTest extends Scope
]), [
'name' => 'Test 1',
'collectionId' => 'first',
'read' => ['role:all'],
'write' => ['role:all'],
'permission' => 'document'
'permissions' => [
'read(any)',
'write(any)',
],
'documentSecurity' => true,
]);
$test2 = $this->client->call(Client::METHOD_POST, '/databases/' . $databaseId . '/collections', array_merge([
@ -262,9 +264,11 @@ class DatabasesCustomServerTest extends Scope
]), [
'name' => 'Test 2',
'collectionId' => 'second',
'read' => ['role:all'],
'write' => ['role:all'],
'permission' => 'document'
'permissions' => [
'read(any)',
'write(any)',
],
'documentSecurity' => true,
]);
$collections = $this->client->call(Client::METHOD_GET, '/databases/' . $databaseId . '/collections', array_merge([
@ -402,9 +406,11 @@ class DatabasesCustomServerTest extends Scope
]), [
'name' => 'Test 1',
'collectionId' => 'first',
'read' => ['role:all'],
'write' => ['role:all'],
'permission' => 'document'
'permissions' => [
'read(any)',
'write(any)',
],
'documentSecurity' => true,
]);
$this->assertEquals($response['headers']['status-code'], 409);
@ -436,9 +442,11 @@ class DatabasesCustomServerTest extends Scope
]), [
'collectionId' => 'unique()',
'name' => 'Actors',
'read' => ['role:all'],
'write' => ['role:all'],
'permission' => 'document'
'permissions' => [
'read(any)',
'write(any)',
],
'documentSecurity' => true,
]);
$this->assertEquals($actors['headers']['status-code'], 201);
@ -489,8 +497,10 @@ class DatabasesCustomServerTest extends Scope
'lastName' => 'ipsum',
'unneeded' => 'dolor'
],
'read' => ['role:all'],
'write' => ['role:all'],
'permissions' => [
'read(any)',
'write(any)',
],
]);
$index = $this->client->call(Client::METHOD_POST, '/databases/' . $databaseId . '/collections/' . $actors['body']['$id'] . '/indexes', array_merge([
@ -712,9 +722,11 @@ class DatabasesCustomServerTest extends Scope
]), [
'collectionId' => 'unique()',
'name' => 'TestCleanupDuplicateIndexOnDeleteAttribute',
'read' => ['role:all'],
'write' => ['role:all'],
'permission' => 'document',
'permissions' => [
'read(any)',
'write(any)',
],
'documentSecurity' => true,
]);
$this->assertEquals(201, $collection['headers']['status-code']);
@ -831,8 +843,10 @@ class DatabasesCustomServerTest extends Scope
'firstName' => 'Tom',
'lastName' => 'Holland',
],
'read' => ['user:' . $this->getUser()['$id']],
'write' => ['user:' . $this->getUser()['$id']],
'permissions' => [
'read(user: ' . $this->getUser()['$id'] . ')',
'write(user: ' . $this->getUser()['$id'] . ')',
],
]);
$document2 = $this->client->call(Client::METHOD_POST, '/databases/' . $databaseId . '/collections/' . $collectionId . '/documents', array_merge([
@ -844,8 +858,10 @@ class DatabasesCustomServerTest extends Scope
'firstName' => 'Samuel',
'lastName' => 'Jackson',
],
'read' => ['user:' . $this->getUser()['$id']],
'write' => ['user:' . $this->getUser()['$id']],
'permissions' => [
'read(user: ' . $this->getUser()['$id'] . ')',
'write(user: ' . $this->getUser()['$id'] . ')',
],
]);
$this->assertEquals($document1['headers']['status-code'], 201);
@ -897,9 +913,9 @@ class DatabasesCustomServerTest extends Scope
// ]), [
// 'collectionId' => 'unique()',
// 'name' => 'attributeCountLimit',
// 'read' => ['role:all'],
// 'write' => ['role:all'],
// 'permission' => 'document',
// 'read' => ['any'],
// 'write' => ['any'],
// 'documentSecurity' => true,
// ]);
// $collectionId = $collection['body']['$id'];
@ -954,9 +970,11 @@ class DatabasesCustomServerTest extends Scope
]), [
'collectionId' => 'attributeRowWidthLimit',
'name' => 'attributeRowWidthLimit',
'read' => ['role:all'],
'write' => ['role:all'],
'permission' => 'document',
'permissions' => [
'read(any)',
'write(any)',
],
'documentSecurity' => true,
]);
$this->assertEquals($collection['headers']['status-code'], 201);
@ -1016,9 +1034,11 @@ class DatabasesCustomServerTest extends Scope
]), [
'collectionId' => 'testLimitException',
'name' => 'testLimitException',
'read' => ['role:all'],
'write' => ['role:all'],
'permission' => 'document',
'permissions' => [
'read(any)',
'write(any)',
],
'documentSecurity' => true,
]);
$this->assertEquals($collection['headers']['status-code'], 201);

22
tests/e2e/Services/Databases/DatabasesPermissionsGuestTest.php
View file

@ -30,9 +30,11 @@ class DatabasesPermissionsGuestTest extends Scope
$movies = $this->client->call(Client::METHOD_POST, '/databases/' . $databaseId . '/collections', $this->getServerHeader(), [
'collectionId' => 'unique()',
'name' => 'Movies',
'read' => ['role:all'],
'write' => ['role:all'],
'permission' => 'document',
'permissions' => [
'read(any)',
'write(any)',
],
'documentSecurity' => true,
]);
$collection = ['id' => $movies['body']['$id']];
@ -54,12 +56,12 @@ class DatabasesPermissionsGuestTest extends Scope
public function readDocumentsProvider()
{
return [
[['role:all'], []],
[['role:member'], []],
[[] ,['role:all']],
[['role:all'], ['role:all']],
[['role:member'], ['role:member']],
[['role:all'], ['role:member']],
[['any'], []],
[['users'], []],
[[] ,['any']],
[['any'], ['any']],
[['users'], ['users']],
[['any'], ['users']],
];
}
@ -86,7 +88,7 @@ class DatabasesPermissionsGuestTest extends Scope
]);
foreach ($documents['body']['documents'] as $document) {
$this->assertContains('role:all', $document['$permissions']);
$this->assertContains('any', $document['$permissions']);
}
}
}

64
tests/e2e/Services/Databases/DatabasesPermissionsMemberTest.php
View file

@ -29,16 +29,16 @@ class DatabasesPermissionsMemberTest extends Scope
public function readDocumentsProvider()
{
return [
[['role:all'], []],
[['role:member'], []],
[['any'], []],
[['users'], []],
[['user:random'], []],
[['user:lorem'] ,['user:lorem']],
[['user:dolor'] ,['user:dolor']],
[['user:dolor', 'user:lorem'] ,['user:dolor']],
[[], ['role:all']],
[['role:all'], ['role:all']],
[['role:member'], ['role:member']],
[['role:all'], ['role:member']],
[[], ['any']],
[['any'], ['any']],
[['users'], ['users']],
[['any'], ['users']],
];
}
@ -64,9 +64,11 @@ class DatabasesPermissionsMemberTest extends Scope
$public = $this->client->call(Client::METHOD_POST, '/databases/' . $databaseId . '/collections', $this->getServerHeader(), [
'collectionId' => 'unique()',
'name' => 'Movies',
'read' => ['role:all'],
'write' => ['role:all'],
'permission' => 'document',
'permissions' => [
'read(any)',
'write(any)',
],
'documentSecurity' => true,
]);
$this->assertEquals(201, $public['headers']['status-code']);
@ -82,9 +84,11 @@ class DatabasesPermissionsMemberTest extends Scope
$private = $this->client->call(Client::METHOD_POST, '/databases/' . $databaseId . '/collections', $this->getServerHeader(), [
'collectionId' => 'unique()',
'name' => 'Private Movies',
'read' => ['role:member'],
'write' => ['role:member'],
'permission' => 'document',
'permissions' => [
'read(users)',
'write(users)',
],
'documentSecurity' => true,
]);
$this->assertEquals(201, $private['headers']['status-code']);
@ -122,8 +126,10 @@ class DatabasesPermissionsMemberTest extends Scope
'data' => [
'title' => 'Lorem',
],
'read' => $read,
'write' => $write,
'permissions' => [
'read(' . $read . ')',
'write(' . $write . ')',
],
]);
$this->assertEquals(201, $response['headers']['status-code']);
@ -132,8 +138,10 @@ class DatabasesPermissionsMemberTest extends Scope
'data' => [
'title' => 'Lorem',
],
'read' => $read,
'write' => $write,
'permissions' => [
'read(' . $read . ')',
'write(' . $write . ')',
],
]);
$this->assertEquals(201, $response['headers']['status-code']);
@ -149,8 +157,16 @@ class DatabasesPermissionsMemberTest extends Scope
foreach ($documents['body']['documents'] as $document) {
$hasPermissions = \array_reduce(['any', 'users', 'user:' . $users['user1']['$id']], function ($carry, $item) use ($document) {
// TODO: Fix this
return $carry ? true : \in_array($item, $document['$permissions']);
if ($carry) {
return $carry;
}
foreach ($document['$permissions'] as $permission) {
if (\stripos($permission, $item) !== false
&& \str_starts_with('read', $permission)) {
return true;
}
}
return false;
}, false);
$this->assertTrue($hasPermissions);
}
@ -167,8 +183,16 @@ class DatabasesPermissionsMemberTest extends Scope
foreach ($documents['body']['documents'] as $document) {
$hasPermissions = \array_reduce(['any', 'users', 'user:' . $users['user1']['$id']], function ($carry, $item) use ($document) {
// TODO: Fix this
return $carry ? true : \in_array($item, $document['$permissions']);
if ($carry) {
return $carry;
}
foreach ($document['$permissions'] as $permission) {
if (\stripos($permission, $item) !== false
&& \str_starts_with('read', $permission)) {
return true;
}
}
return false;
}, false);
$this->assertTrue($hasPermissions);
}

14
tests/e2e/Services/Databases/DatabasesPermissionsTeamTest.php
View file

@ -44,9 +44,10 @@ class DatabasesPermissionsTeamTest extends Scope
$collection1 = $this->client->call(Client::METHOD_POST, '/databases/' . $this->databaseId . '/collections', $this->getServerHeader(), [
'collectionId' => 'collection1',
'name' => 'Collection 1',
'read' => ['team:' . $teams['team1']['$id']],
'write' => ['team:' . $teams['team1']['$id'] . '/admin'],
'permission' => 'collection',
'permissions' => [
'read(team: ' . $teams['team1']['$id'] . ')',
'write(team: ' . $teams['team1']['$id'] . '/admin)',
],
]);
$this->collections['collection1'] = $collection1['body']['$id'];
@ -60,9 +61,10 @@ class DatabasesPermissionsTeamTest extends Scope
$collection2 = $this->client->call(Client::METHOD_POST, '/databases/' . $this->databaseId . '/collections', $this->getServerHeader(), [
'collectionId' => 'collection2',
'name' => 'Collection 2',
'read' => ['team:' . $teams['team2']['$id']],
'write' => ['team:' . $teams['team2']['$id'] . '/owner'],
'permission' => 'collection',
'permissions' => [
'read(team: ' . $teams['team2']['$id'] . ')',
'write(team: ' . $teams['team2']['$id'] . '/owner)',
]
]);
$this->collections['collection2'] = $collection2['body']['$id'];

7
tests/e2e/Services/Realtime/RealtimeConsoleClientTest.php
View file

@ -159,9 +159,10 @@ class RealtimeConsoleClientTest extends Scope
], $this->getHeaders()), [
'collectionId' => 'unique()',
'name' => 'Actors',
'read' => ['role:all'],
'write' => ['role:all'],
'permission' => 'collection'
'permissions' => [
'read(any)',
'write(any)',
],
]);
$actorsId = $actors['body']['$id'];

60
tests/e2e/Services/Realtime/RealtimeCustomClientTest.php
View file

@ -644,9 +644,8 @@ class RealtimeCustomClientTest extends Scope
]), [
'collectionId' => 'unique()',
'name' => 'Actors',
'read' => [],
'write' => [],
'permission' => 'document'
'permissions' => [],
'documentSecurity' => true,
]);
$actorsId = $actors['body']['$id'];
@ -680,8 +679,10 @@ class RealtimeCustomClientTest extends Scope
'data' => [
'name' => 'Chris Evans'
],
'read' => ['role:all'],
'write' => ['role:all'],
'permissions' => [
'read(any)',
'write(any)',
],
]);
$response = json_decode($client->receive(), true);
@ -723,8 +724,10 @@ class RealtimeCustomClientTest extends Scope
'data' => [
'name' => 'Chris Evans 2'
],
'read' => ['role:all'],
'write' => ['role:all'],
'permissions' => [
'read(any)',
'write(any)',
],
]);
$response = json_decode($client->receive(), true);
@ -765,8 +768,10 @@ class RealtimeCustomClientTest extends Scope
'data' => [
'name' => 'Bradley Cooper'
],
'read' => ['role:all'],
'write' => ['role:all'],
'permissions' => [
'read(any)',
'write(any)',
],
]);
$client->receive();
@ -854,9 +859,10 @@ class RealtimeCustomClientTest extends Scope
]), [
'collectionId' => 'unique()',
'name' => 'Actors',
'read' => ['role:all'],
'write' => ['role:all'],
'permission' => 'collection'
'permissions' => [
'read(any)',
'write(any)',
]
]);
$actorsId = $actors['body']['$id'];
@ -890,8 +896,7 @@ class RealtimeCustomClientTest extends Scope
'data' => [
'name' => 'Chris Evans'
],
'read' => [],
'write' => [],
'permissions' => [],
]);
$documentId = $document['body']['$id'];
@ -932,8 +937,7 @@ class RealtimeCustomClientTest extends Scope
'data' => [
'name' => 'Chris Evans 2'
],
'read' => [],
'write' => [],
'permissions' => [],
]);
$response = json_decode($client->receive(), true);
@ -974,8 +978,7 @@ class RealtimeCustomClientTest extends Scope
'data' => [
'name' => 'Bradley Cooper'
],
'read' => [],
'write' => [],
'permissions' => [],
]);
$documentId = $document['body']['$id'];
@ -1047,9 +1050,10 @@ class RealtimeCustomClientTest extends Scope
]), [
'bucketId' => 'unique()',
'name' => 'Bucket 1',
'read' => ['role:all'],
'write' => ['role:all'],
'permission' => 'bucket'
'permissions' => [
'read(any)',
'write(any)'
]
]);
$bucketId = $bucket1['body']['$id'];
@ -1063,8 +1067,10 @@ class RealtimeCustomClientTest extends Scope
], $this->getHeaders()), [
'fileId' => 'unique()',
'file' => new CURLFile(realpath(__DIR__ . '/../../../resources/logo.png'), 'image/png', 'logo.png'),
'read' => ['role:all'],
'write' => ['role:all'],
'permissions' => [
'read(any)',
'write(any)',
],
]);
$fileId = $file['body']['$id'];
@ -1101,8 +1107,10 @@ class RealtimeCustomClientTest extends Scope
'content-type' => 'application/json',
'x-appwrite-project' => $this->getProject()['$id'],
], $this->getHeaders()), [
'read' => ['role:all'],
'write' => ['role:all'],
'permissions' => [
'read(any)',
'write(any)',
],
]);
$response = json_decode($client->receive(), true);
@ -1194,7 +1202,7 @@ class RealtimeCustomClientTest extends Scope
], [
'functionId' => 'unique()',
'name' => 'Test',
'execute' => ['role:member'],
'execute' => ['users'],
'runtime' => 'php-8.0',
'timeout' => 10,
]);

84
tests/e2e/Services/Storage/StorageBase.php
View file

@ -19,11 +19,13 @@ trait StorageBase
], [
'bucketId' => 'unique()',
'name' => 'Test Bucket',
'permission' => 'file',
'fileSecurity' => true,
'maximumFileSize' => 2000000, //2MB
'allowedFileExtensions' => ["jpg", "png"],
'read' => ['role:all'],
'write' => ['role:all'],
'permissions' => [
'read(any)',
'write(any)',
],
]);
$this->assertEquals(201, $bucket['headers']['status-code']);
$this->assertNotEmpty($bucket['body']['$id']);
@ -36,8 +38,10 @@ trait StorageBase
], $this->getHeaders()), [
'fileId' => 'unique()',
'file' => new CURLFile(realpath(__DIR__ . '/../../../resources/logo.png'), 'image/png', 'logo.png'),
'read' => ['role:all'],
'write' => ['role:all'],
'permissions' => [
'read(any)',
'write(any)',
],
]);
$this->assertEquals(201, $file['headers']['status-code']);
$this->assertNotEmpty($file['body']['$id']);
@ -59,9 +63,11 @@ trait StorageBase
], [
'bucketId' => 'unique()',
'name' => 'Test Bucket 2',
'permission' => 'file',
'read' => ['role:all'],
'write' => ['role:all'],
'fileSecurity' => true,
'permissions' => [
'read(any)',
'write(any)',
],
]);
$this->assertEquals(201, $bucket2['headers']['status-code']);
$this->assertNotEmpty($bucket2['body']['$id']);
@ -92,8 +98,10 @@ trait StorageBase
$largeFile = $this->client->call(Client::METHOD_POST, '/storage/buckets/' . $bucket2['body']['$id'] . '/files', array_merge($headers, $this->getHeaders()), [
'fileId' => $fileId,
'file' => $curlFile,
'read' => ['role:all'],
'write' => ['role:all'],
'permissions' => [
'read(any)',
'write(any)',
],
]);
$counter++;
$id = $largeFile['body']['$id'];
@ -130,8 +138,10 @@ trait StorageBase
$res = $this->client->call(Client::METHOD_POST, '/storage/buckets/' . $bucket2['body']['$id'] . '/files', $this->getHeaders(), [
'fileId' => $fileId,
'file' => $curlFile,
'read' => ['role:all'],
'write' => ['role:all'],
'permissions' => [
'read(any)',
'write(any)',
],
]);
@fclose($handle);
@ -148,8 +158,10 @@ trait StorageBase
], $this->getHeaders()), [
'fileId' => 'unique()',
'file' => new CURLFile(realpath(__DIR__ . '/../../../resources/logo.png'), 'image/png', 'logo.png'),
'read' => ['role:all'],
'write' => ['role:all'],
'permissions' => [
'read(any)',
'write(any)',
],
]);
$this->assertEquals(404, $res['headers']['status-code']);
@ -163,8 +175,10 @@ trait StorageBase
], $this->getHeaders()), [
'fileId' => 'unique()',
'file' => new CURLFile(realpath(__DIR__ . '/../../../resources/disk-b/kitten-1.png'), 'image/png', 'kitten-1.png'),
'read' => ['role:all'],
'write' => ['role:all'],
'permissions' => [
'read(any)',
'write(any)',
],
]);
$this->assertEquals(400, $res['headers']['status-code']);
@ -180,8 +194,10 @@ trait StorageBase
], $this->getHeaders()), [
'fileId' => 'unique()',
'file' => new CURLFile(realpath(__DIR__ . '/../../../resources/disk-a/kitten-3.gif'), 'image/gif', 'kitten-3.gif'),
'read' => ['role:all'],
'write' => ['role:all'],
'permissions' => [
'read(any)',
'write(any)',
],
]);
$this->assertEquals(400, $res['headers']['status-code']);
@ -199,11 +215,13 @@ trait StorageBase
], [
'bucketId' => 'unique()',
'name' => 'Test Bucket 2',
'permission' => 'file',
'fileSecurity' => true,
'maximumFileSize' => 200000000, //200MB
'allowedFileExtensions' => ["jpg", "png"],
'read' => ['role:all'],
'write' => ['role:all'],
'permissions' => [
'read(any)',
'write(any)',
],
]);
$this->assertEquals(400, $failedBucket['headers']['status-code']);
}
@ -453,8 +471,10 @@ trait StorageBase
], $this->getHeaders()), [
'fileId' => 'testcache',
'file' => new CURLFile(realpath(__DIR__ . '/../../../resources/logo.png'), 'image/png', 'logo.png'),
'read' => ['role:all'],
'write' => ['role:all'],
'permissions' => [
'read(any)',
'write(any)',
],
]);
$this->assertEquals(201, $file['headers']['status-code']);
$this->assertNotEmpty($file['body']['$id']);
@ -496,8 +516,10 @@ trait StorageBase
], $this->getHeaders()), [
'fileId' => 'testcache',
'file' => new CURLFile(realpath(__DIR__ . '/../../../resources/disk-b/kitten-2.png'), 'image/png', 'logo.png'),
'read' => ['role:all'],
'write' => ['role:all'],
'permissions' => [
'read(any)',
'write(any)',
],
]);
$this->assertEquals(201, $file['headers']['status-code']);
$this->assertNotEmpty($file['body']['$id']);
@ -539,8 +561,10 @@ trait StorageBase
'content-type' => 'application/json',
'x-appwrite-project' => $this->getProject()['$id'],
], $this->getHeaders()), [
'read' => ['user:' . $this->getUser()['$id']],
'write' => ['user:' . $this->getUser()['$id']],
'permissions' => [
'read(user: ' . $this->getUser()['$id'] . ')',
'write(user: ' . $this->getUser()['$id'] . ')',
]
]);
$this->assertEquals(200, $file['headers']['status-code']);
@ -566,8 +590,10 @@ trait StorageBase
'content-type' => 'application/json',
'x-appwrite-project' => $this->getProject()['$id'],
], $this->getHeaders()), [
'read' => ['user:' . $this->getUser()['$id']],
'write' => ['user:' . $this->getUser()['$id']],
'permissions' => [
'read(user: ' . $this->getUser()['$id'] . ')',
'write(user: ' . $this->getUser()['$id'] . ')',
]
]);
$this->assertEquals(404, $file['headers']['status-code']);

51
tests/e2e/Services/Storage/StorageCustomClientTest.php
View file

@ -29,9 +29,10 @@ class StorageCustomClientTest extends Scope
], [
'bucketId' => 'unique()',
'name' => 'Test Bucket',
'permission' => 'bucket',
'read' => ['role:all'],
'write' => ['role:member'],
'permissions' => [
'read(any)',
'write(users)',
],
]);
$bucketId = $bucket['body']['$id'];
@ -162,13 +163,15 @@ class StorageCustomClientTest extends Scope
'fileId' => 'unique()',
'file' => new CURLFile(realpath(__DIR__ . '/../../../resources/logo.png'), 'image/png', 'permissions.png'),
'folderId' => 'xyz',
'read' => ['user:notme']
'permissions' => [
'read(user:notme)',
],
]);
$this->assertEquals(400, $file['headers']['status-code']);
$this->assertStringStartsWith('Read permissions must be one of:', $file['body']['message']);
$this->assertStringContainsString('role:all', $file['body']['message']);
$this->assertStringContainsString('role:member', $file['body']['message']);
$this->assertStringContainsString('any', $file['body']['message']);
$this->assertStringContainsString('users', $file['body']['message']);
$this->assertStringContainsString('user:' . $this->getUser()['$id'], $file['body']['message']);
$file = $this->client->call(Client::METHOD_POST, '/storage/buckets/' . $data['bucketId'] . '/files', array_merge([
@ -183,8 +186,8 @@ class StorageCustomClientTest extends Scope
$this->assertEquals($file['headers']['status-code'], 400);
$this->assertStringStartsWith('Write permissions must be one of:', $file['body']['message']);
$this->assertStringContainsString('role:all', $file['body']['message']);
$this->assertStringContainsString('role:member', $file['body']['message']);
$this->assertStringContainsString('any', $file['body']['message']);
$this->assertStringContainsString('users', $file['body']['message']);
$this->assertStringContainsString('user:' . $this->getUser()['$id'], $file['body']['message']);
$file = $this->client->call(Client::METHOD_POST, '/storage/buckets/' . $data['bucketId'] . '/files', array_merge([
@ -194,14 +197,16 @@ class StorageCustomClientTest extends Scope
'fileId' => 'unique()',
'file' => new CURLFile(realpath(__DIR__ . '/../../../resources/logo.png'), 'image/png', 'permissions.png'),
'folderId' => 'xyz',
'read' => ['user:notme'],
'write' => ['user:notme']
'permissions' => [
'read(user:notme)',
'write(user:notme)',
],
]);
$this->assertEquals($file['headers']['status-code'], 400);
$this->assertStringStartsWith('Read permissions must be one of:', $file['body']['message']);
$this->assertStringContainsString('role:all', $file['body']['message']);
$this->assertStringContainsString('role:member', $file['body']['message']);
$this->assertStringContainsString('any', $file['body']['message']);
$this->assertStringContainsString('users', $file['body']['message']);
$this->assertStringContainsString('user:' . $this->getUser()['$id'], $file['body']['message']);
}
@ -217,13 +222,15 @@ class StorageCustomClientTest extends Scope
'content-type' => 'application/json',
'x-appwrite-project' => $this->getProject()['$id'],
], $this->getHeaders()), [
'read' => ['user:notme']
'permissions' => [
'read(user:notme)',
],
]);
$this->assertEquals($file['headers']['status-code'], 400);
$this->assertStringStartsWith('Read permissions must be one of:', $file['body']['message']);
$this->assertStringContainsString('role:all', $file['body']['message']);
$this->assertStringContainsString('role:member', $file['body']['message']);
$this->assertStringContainsString('any', $file['body']['message']);
$this->assertStringContainsString('users', $file['body']['message']);
$this->assertStringContainsString('user:' . $this->getUser()['$id'], $file['body']['message']);
$file = $this->client->call(Client::METHOD_PUT, '/storage/buckets/' . $data['bucketId'] . '/files/' . $data['fileId'], array_merge([
@ -235,22 +242,24 @@ class StorageCustomClientTest extends Scope
$this->assertEquals($file['headers']['status-code'], 400);
$this->assertStringStartsWith('Write permissions must be one of:', $file['body']['message']);
$this->assertStringContainsString('role:all', $file['body']['message']);
$this->assertStringContainsString('role:member', $file['body']['message']);
$this->assertStringContainsString('any', $file['body']['message']);
$this->assertStringContainsString('users', $file['body']['message']);
$this->assertStringContainsString('user:' . $this->getUser()['$id'], $file['body']['message']);
$file = $this->client->call(Client::METHOD_PUT, '/storage/buckets/' . $data['bucketId'] . '/files/' . $data['fileId'], array_merge([
'content-type' => 'application/json',
'x-appwrite-project' => $this->getProject()['$id'],
], $this->getHeaders()), [
'read' => ['user:notme'],
'write' => ['user:notme']
'permissions' => [
'read(user:notme)',
'write(user:notme)',
],
]);
$this->assertEquals($file['headers']['status-code'], 400);
$this->assertStringStartsWith('Read permissions must be one of:', $file['body']['message']);
$this->assertStringContainsString('role:all', $file['body']['message']);
$this->assertStringContainsString('role:member', $file['body']['message']);
$this->assertStringContainsString('any', $file['body']['message']);
$this->assertStringContainsString('users', $file['body']['message']);
$this->assertStringContainsString('user:' . $this->getUser()['$id'], $file['body']['message']);
}
}

10
tests/e2e/Services/Storage/StorageCustomServerTest.php
View file

@ -24,7 +24,7 @@ class StorageCustomServerTest extends Scope
], $this->getHeaders()), [
'bucketId' => 'unique()',
'name' => 'Test Bucket',
'permission' => 'file',
'fileSecurity' => true,
]);
$this->assertEquals(201, $bucket['headers']['status-code']);
$this->assertNotEmpty($bucket['body']['$id']);
@ -46,7 +46,7 @@ class StorageCustomServerTest extends Scope
], $this->getHeaders()), [
'bucketId' => 'bucket1',
'name' => 'Test Bucket',
'permission' => 'file',
'fileSecurity' => true,
]);
$this->assertEquals(201, $bucket['headers']['status-code']);
$this->assertEquals('bucket1', $bucket['body']['$id']);
@ -60,7 +60,7 @@ class StorageCustomServerTest extends Scope
], $this->getHeaders()), [
'bucketId' => 'unique()',
'name' => '',
'permission' => 'file',
'fileSecurity' => true,
]);
$this->assertEquals(400, $bucket['headers']['status-code']);
@ -182,13 +182,13 @@ class StorageCustomServerTest extends Scope
'bucketId' => 'unique()',
'name' => 'Test Bucket Updated',
'enabled' => false,
'permission' => 'file',
'fileSecurity' => true,
]);
$this->assertEquals(200, $bucket['headers']['status-code']);
$this->assertNotEmpty($bucket['body']['$id']);
$this->assertIsInt($bucket['body']['$createdAt']);
$this->assertIsArray($bucket['body']['$permissions']);
$this->assertIsArray($bucket['body']['allowedFileExtensions']);
$this->assertEquals('Test Bucket Updated', $bucket['body']['name']);
$this->assertEquals(false, $bucket['body']['enabled']);

49
tests/e2e/Services/Webhooks/WebhooksBase.php
View file

@ -41,9 +41,11 @@ trait WebhooksBase
]), [
'collectionId' => 'unique()',
'name' => 'Actors',
'read' => ['role:all'],
'write' => ['role:all'],
'permission' => 'document',
'permissions' => [
'read(any)',
'write(any)',
],
'documentSecurity' => true,
]);
$actorsId = $actors['body']['$id'];
@ -190,8 +192,10 @@ trait WebhooksBase
'firstName' => 'Chris',
'lastName' => 'Evans',
],
'read' => ['role:all'],
'write' => ['role:all'],
'permissions' => [
'read(any)',
'write(any)',
],
]);
$documentId = $document['body']['$id'];
@ -249,8 +253,10 @@ trait WebhooksBase
'firstName' => 'Chris1',
'lastName' => 'Evans2',
],
'read' => ['role:all'],
'write' => ['role:all'],
'permissions' => [
'read(any)',
'write(any)',
],
]);
$documentId = $document['body']['$id'];
@ -308,8 +314,10 @@ trait WebhooksBase
'lastName' => 'Cooper',
],
'read' => ['role:all'],
'write' => ['role:all'],
'permissions' => [
'read(any)',
'write(any)',
],
]);
$documentId = $document['body']['$id'];
@ -366,9 +374,10 @@ trait WebhooksBase
]), [
'bucketId' => 'unique()',
'name' => 'Test Bucket',
'permission' => 'bucket',
'read' => ['role:all'],
'write' => ['role:all']
'permissions' => [
'read(any)',
'write(any)',
],
]);
$bucketId = $bucket['body']['$id'];
@ -414,7 +423,7 @@ trait WebhooksBase
'x-appwrite-key' => $this->getProject()['apiKey']
]), [
'name' => 'Test Bucket Updated',
'permission' => 'file',
'fileSecurity' => true,
'enabled' => false,
]);
@ -457,7 +466,7 @@ trait WebhooksBase
'x-appwrite-key' => $this->getProject()['apiKey']
]), [
'name' => 'Test Bucket Updated',
'permission' => 'file',
'fileSecurity' => true,
'enabled' => true,
]);
@ -471,8 +480,10 @@ trait WebhooksBase
], $this->getHeaders()), [
'fileId' => 'unique()',
'file' => new CURLFile(realpath(__DIR__ . '/../../../resources/logo.png'), 'image/png', 'logo.png'),
'read' => ['role:all'],
'write' => ['role:all'],
'permissions' => [
'read(any)',
'write(any)',
],
'folderId' => 'xyz',
]);
@ -529,8 +540,10 @@ trait WebhooksBase
'content-type' => 'application/json',
'x-appwrite-project' => $this->getProject()['$id'],
], $this->getHeaders()), [
'read' => ['role:all'],
'write' => ['role:all'],
'permissions' => [
'read(any)',
'write(any)',
],
]);
$this->assertEquals($file['headers']['status-code'], 200);

10
tests/e2e/Services/Webhooks/WebhooksCustomServerTest.php
View file

@ -32,7 +32,7 @@ class WebhooksCustomServerTest extends Scope
'x-appwrite-key' => $this->getProject()['apiKey']
]), [
'name' => 'Actors1',
'permission' => 'document',
'documentSecurity' => true,
]);
$this->assertEquals($actors['headers']['status-code'], 200);
@ -157,9 +157,11 @@ class WebhooksCustomServerTest extends Scope
]), [
'collectionId' => 'unique()',
'name' => 'Demo',
'read' => ['role:all'],
'write' => ['role:all'],
'permission' => 'document'
'permissions' => [
'read(any)',
'write(any)',
],
'documentSecurity' => true,
]);
$id = $actors['body']['$id'];

4
tests/extensions/TestHook.php
View file

@ -9,9 +9,9 @@ class TestHook implements AfterTestHook
public function executeAfterTest(string $test, float $time): void
{
printf(
"%s ended in %s seconds\n",
"%s ended in %s milliseconds\n",
$test,
$time
$time * 1000
);
}
}

8
tests/unit/Auth/AuthTest.php
View file

@ -211,7 +211,7 @@ class AuthTest extends TestCase
$roles = Auth::getRoles($user);
$this->assertCount(1, $roles);
$this->assertContains('role:guest', $roles);
$this->assertContains('guests', $roles);
}
public function testUserRoles()
@ -238,7 +238,7 @@ class AuthTest extends TestCase
$roles = Auth::getRoles($user);
$this->assertCount(7, $roles);
$this->assertContains('role:member', $roles);
$this->assertContains('users', $roles);
$this->assertContains('user:123', $roles);
$this->assertContains('team:abc', $roles);
$this->assertContains('team:abc/administrator', $roles);
@ -272,7 +272,7 @@ class AuthTest extends TestCase
$roles = Auth::getRoles($user);
$this->assertCount(5, $roles);
$this->assertNotContains('role:member', $roles);
$this->assertNotContains('users', $roles);
$this->assertNotContains('user:123', $roles);
$this->assertContains('team:abc', $roles);
$this->assertContains('team:abc/administrator', $roles);
@ -306,7 +306,7 @@ class AuthTest extends TestCase
$roles = Auth::getRoles($user);
$this->assertCount(5, $roles);
$this->assertNotContains('role:member', $roles);
$this->assertNotContains('users', $roles);
$this->assertNotContains('user:123', $roles);
$this->assertContains('team:abc', $roles);
$this->assertContains('team:abc/administrator', $roles);

6
tests/unit/Messaging/MessagingChannelsTest.php
View file

@ -118,8 +118,8 @@ class MessagingChannelsTest extends TestCase
* - XXX users
* - XXX teams
* - XXX team roles (2 roles per team)
* - 1 role:guest
* - 1 role:member
* - 1 guests
* - 1 users
*/
$this->assertCount(($this->connectionsAuthenticated + (3 * $this->connectionsPerChannel) + 2), $this->realtime->subscriptions['1']);
@ -179,7 +179,7 @@ class MessagingChannelsTest extends TestCase
public function testRolePermissions()
{
$roles = ['role:guest', 'role:member'];
$roles = ['guests', 'users'];
foreach ($this->allChannels as $index => $channel) {
foreach ($roles as $role) {
$permissions = [$role];

6
tests/unit/Messaging/MessagingGuestTest.php
View file

@ -14,7 +14,7 @@ class MessagingGuestTest extends TestCase
$realtime->subscribe(
'1',
1,
['role:guest'],
['guests'],
['files' => 0, 'documents' => 0, 'documents.789' => 0, 'account.123' => 0]
);
@ -34,14 +34,14 @@ class MessagingGuestTest extends TestCase
$this->assertCount(1, $receivers);
$this->assertEquals(1, $receivers[0]);
$event['roles'] = ['role:guest'];
$event['roles'] = ['guests'];
$receivers = $realtime->getSubscribers($event);
$this->assertCount(1, $receivers);
$this->assertEquals(1, $receivers[0]);
$event['roles'] = ['role:member'];
$event['roles'] = ['users'];
$receivers = $realtime->getSubscribers($event);

20
tests/unit/Messaging/MessagingTest.php
View file

@ -23,13 +23,13 @@ class MessagingTest extends TestCase
$realtime->subscribe(
'1',
1,
['user:123', 'role:member', 'team:abc', 'team:abc/administrator', 'team:abc/moderator', 'team:def', 'team:def/guest'],
['user:123', 'users', 'team:abc', 'team:abc/administrator', 'team:abc/moderator', 'team:def', 'team:def/guest'],
['files' => 0, 'documents' => 0, 'documents.789' => 0, 'account.123' => 0]
);
$event = [
'project' => '1',
'roles' => ['role:all'],
'roles' => ['any'],
'data' => [
'channels' => [
0 => 'account.123',
@ -42,7 +42,7 @@ class MessagingTest extends TestCase
$this->assertCount(1, $receivers);
$this->assertEquals(1, $receivers[0]);
$event['roles'] = ['role:member'];
$event['roles'] = ['users'];
$receivers = $realtime->getSubscribers($event);
@ -103,7 +103,7 @@ class MessagingTest extends TestCase
$this->assertEmpty($receivers);
$event['roles'] = ['role:all'];
$event['roles'] = ['any'];
$event['data']['channels'] = ['documents.123'];
$receivers = $realtime->getSubscribers($event);
@ -223,7 +223,9 @@ class MessagingTest extends TestCase
])
);
$this->assertContains('role:all', $result['roles']);
\var_dump($result);
$this->assertContains('any', $result['roles']);
$this->assertNotContains('role:admin', $result['roles']);
/**
@ -252,7 +254,7 @@ class MessagingTest extends TestCase
])
);
$this->assertContains('role:all', $result['roles']);
$this->assertContains('any', $result['roles']);
$this->assertNotContains('role:admin', $result['roles']);
}
@ -280,7 +282,7 @@ class MessagingTest extends TestCase
])
);
$this->assertContains('role:all', $result['roles']);
$this->assertContains('any', $result['roles']);
$this->assertNotContains('role:admin', $result['roles']);
/**
@ -302,11 +304,11 @@ class MessagingTest extends TestCase
'read(admin)',
'write(admin)',
],
'documentSecurity' => 'true'
'documentSecurity' => true
])
);
$this->assertContains('role:all', $result['roles']);
$this->assertContains('any', $result['roles']);
$this->assertNotContains('role:admin', $result['roles']);
}
}