From 1ab86c9331668850a7d7838d4c67bf7169f424a6 Mon Sep 17 00:00:00 2001
From: Jake Barnby <jakeb994@gmail.com>
Date: Wed, 3 Aug 2022 16:17:49 +1200
Subject: [PATCH] Role reference updates

---
 app/controllers/api/account.php               |   5 +-
 app/controllers/api/databases.php             |   2 +-
 app/http.php                                  |   3 +-
 app/realtime.php                              |   6 +-
 app/views/console/databases/collection.phtml  |   4 +-
 app/views/console/databases/document.phtml    |   4 +-
 app/views/console/functions/function.phtml    |   2 +-
 app/views/console/settings/index.phtml        |   2 +-
 app/views/console/storage/bucket.phtml        |  14 +-
 docs/specs/authentication.drawio.svg          |   4 +-
 src/Appwrite/Messaging/Adapter/Realtime.php   |   6 +-
 .../Specification/Format/Swagger2.php         |   2 +-
 .../Utopia/Response/Model/Execution.php       |   2 +-
 src/Appwrite/Utopia/Response/Model/File.php   |   2 +-
 src/Appwrite/Utopia/Response/Model/Func.php   |   2 +-
 .../e2e/Services/Databases/DatabasesBase.php  | 231 +++++++++++-------
 .../Databases/DatabasesConsoleClientTest.php  |   8 +-
 .../Databases/DatabasesCustomClientTest.php   |  11 +-
 .../Databases/DatabasesCustomServerTest.php   |  80 +++---
 .../DatabasesPermissionsGuestTest.php         |  22 +-
 .../DatabasesPermissionsMemberTest.php        |  64 +++--
 .../DatabasesPermissionsTeamTest.php          |  14 +-
 .../Realtime/RealtimeConsoleClientTest.php    |   7 +-
 .../Realtime/RealtimeCustomClientTest.php     |  60 +++--
 tests/e2e/Services/Storage/StorageBase.php    |  84 ++++---
 .../Storage/StorageCustomClientTest.php       |  51 ++--
 .../Storage/StorageCustomServerTest.php       |  10 +-
 tests/e2e/Services/Webhooks/WebhooksBase.php  |  49 ++--
 .../Webhooks/WebhooksCustomServerTest.php     |  10 +-
 tests/extensions/TestHook.php                 |   4 +-
 tests/unit/Auth/AuthTest.php                  |   8 +-
 .../unit/Messaging/MessagingChannelsTest.php  |   6 +-
 tests/unit/Messaging/MessagingGuestTest.php   |   6 +-
 tests/unit/Messaging/MessagingTest.php        |  20 +-
 34 files changed, 484 insertions(+), 321 deletions(-)

diff --git a/app/controllers/api/account.php b/app/controllers/api/account.php
index f8f782b6a..2f74113ab 100644
--- a/app/controllers/api/account.php
+++ b/app/controllers/api/account.php
@@ -897,7 +897,7 @@ App::post('/v1/account/sessions/phone')
             $user = Authorization::skip(fn () => $dbForProject->createDocument('users', new Document([
                 '$id' => $userId,
                 '$permissions' => [
-                    'read(any)', 
+                    'read(any)',
                     'write(user:' . $userId . ')'
                 ],
                 'email' => null,
@@ -1174,8 +1174,7 @@ App::post('/v1/account/sessions/anonymous')
 
         Authorization::setRole('user:' . $user->getId());
 
-        $session = $dbForProject->createDocument('sessions', $session
-                -->setAttribute('$permissions', [
+        $session = $dbForProject->createDocument('sessions', $session-- > setAttribute('$permissions', [
                 'read(user: ' . $user->getId() . ')',
                 'write(user:' . $user->getId() . ')'
             ]));
diff --git a/app/controllers/api/databases.php b/app/controllers/api/databases.php
index f395ce49d..84f70cd77 100644
--- a/app/controllers/api/databases.php
+++ b/app/controllers/api/databases.php
@@ -757,7 +757,7 @@ App::put('/v1/databases/:databaseId/collections/:collectionId')
     ->inject('audits')
     ->inject('usage')
     ->inject('events')
-    ->action(function (string $databaseId, string $collectionId, string $name,  ?array $permissions, bool $documentSecurity, bool $enabled, Response $response, Database $dbForProject, EventAudit $audits, Stats $usage, Event $events) {
+    ->action(function (string $databaseId, string $collectionId, string $name, ?array $permissions, bool $documentSecurity, bool $enabled, Response $response, Database $dbForProject, EventAudit $audits, Stats $usage, Event $events) {
 
         $database = Authorization::skip(fn () => $dbForProject->getDocument('databases', $databaseId));
 
diff --git a/app/http.php b/app/http.php
index e7944e4f6..68bf3959d 100644
--- a/app/http.php
+++ b/app/http.php
@@ -163,7 +163,6 @@ $http->on('start', function (Server $http) use ($payloadSize, $register) {
                 '$id' => 'default',
                 '$collection' => 'buckets',
                 'name' => 'Default',
-                'permission' => 'file',
                 'maximumFileSize' => (int) App::getEnv('_APP_STORAGE_LIMIT', 0), // 10MB
                 'allowedFileExtensions' => [],
                 'enabled' => true,
@@ -254,7 +253,7 @@ $http->on('request', function (SwooleRequest $swooleRequest, SwooleResponse $swo
 
     try {
         Authorization::cleanRoles();
-        Authorization::setRole('role:all');
+        Authorization::setRole('any');
 
         $app->run($request, $response);
     } catch (\Throwable $th) {
diff --git a/app/realtime.php b/app/realtime.php
index 36620f51b..920d96dc0 100644
--- a/app/realtime.php
+++ b/app/realtime.php
@@ -202,7 +202,7 @@ $server->onWorkerStart(function (int $workerId) use ($server, $register, $stats,
         /**
          * Sending current connections to project channels on the console project every 5 seconds.
          */
-        if ($realtime->hasSubscriber('console', 'role:member', 'project')) {
+        if ($realtime->hasSubscriber('console', 'users', 'project')) {
             [$database, $returnDatabase] = getDatabase($register, '_console');
 
             $payload = [];
@@ -253,12 +253,12 @@ $server->onWorkerStart(function (int $workerId) use ($server, $register, $stats,
         /**
          * Sending test message for SDK E2E tests every 5 seconds.
          */
-        if ($realtime->hasSubscriber('console', 'role:guest', 'tests')) {
+        if ($realtime->hasSubscriber('console', 'guests', 'tests')) {
             $payload = ['response' => 'WS:/v1/realtime:passed'];
 
             $event = [
                 'project' => 'console',
-                'roles' => ['role:guest'],
+                'roles' => ['guests'],
                 'data' => [
                     'events' => ['test.event'],
                     'channels' => ['tests'],
diff --git a/app/views/console/databases/collection.phtml b/app/views/console/databases/collection.phtml
index 2428e3066..a77979c58 100644
--- a/app/views/console/databases/collection.phtml
+++ b/app/views/console/databases/collection.phtml
@@ -553,11 +553,11 @@ $logs = $this->getParam('logs', null);
                                         <div data-ls-if="{{project-collection.permission}} === 'collection'">
                                             <label for="collection-read">Read Access <span class="text-size-small">(<a data-ls-attrs="href={{env.HOME}}/docs/permissions" target="_blank" rel="noopener">Learn more</a>)</span></label>
                                             <input type="hidden" id="collection-read" name="read" data-forms-tags data-cast-to="json" data-ls-bind="{{project-collection.$read}}" placeholder="User ID, Team ID or Role" />
-                                            <div class="text-fade text-size-xs margin-top-negative-small margin-bottom">Add 'role:all' for wildcard access</div>
+                                            <div class="text-fade text-size-xs margin-top-negative-small margin-bottom">Add 'any' for wildcard access</div>
 
                                             <label for="collection-write">Write Access <span class="text-size-small">(<a data-ls-attrs="href={{env.HOME}}/docs/permissions" target="_blank" rel="noopener">Learn more</a>)</label>
                                             <input type="hidden" id="collection-write" name="write" data-forms-tags data-cast-to="json" data-ls-bind="{{project-collection.$write}}" placeholder="User ID, Team ID or Role" />
-                                            <div class="text-fade text-size-xs margin-top-negative-small margin-bottom">Add 'role:all' for wildcard access</div>
+                                            <div class="text-fade text-size-xs margin-top-negative-small margin-bottom">Add 'any' for wildcard access</div>
                                         </div>
                                     </div>
                                 </div>
diff --git a/app/views/console/databases/document.phtml b/app/views/console/databases/document.phtml
index 17dc35f22..e6f71a1e1 100644
--- a/app/views/console/databases/document.phtml
+++ b/app/views/console/databases/document.phtml
@@ -321,11 +321,11 @@ $logs = $this->getParam('logs', null);
 
                                         <label for="collection-read">Read Access <span class="text-size-small">(<a data-ls-attrs="href={{env.HOME}}/docs/permissions" target="_blank" rel="noopener">Learn more</a>)</span></label>
                                         <input type="hidden" id="collection-read" name="read" data-forms-tags data-cast-to="json" data-ls-bind="{{project-document.$read}}" placeholder="User ID, Team ID or Role" />
-                                        <div class="text-fade text-size-xs margin-top-negative-small margin-bottom">Add 'role:all' for wildcard access</div>
+                                        <div class="text-fade text-size-xs margin-top-negative-small margin-bottom">Add 'any' for wildcard access</div>
 
                                         <label for="collection-write">Write Access <span class="text-size-small">(<a data-ls-attrs="href={{env.HOME}}/docs/permissions" target="_blank" rel="noopener">Learn more</a>)</label>
                                         <input type="hidden" id="collection-write" name="write" data-forms-tags data-cast-to="json" data-ls-bind="{{project-document.$write}}" placeholder="User ID, Team ID or Role" />
-                                        <div class="text-fade text-size-xs margin-top-negative-small margin-bottom">Add 'role:all' for wildcard access</div>
+                                        <div class="text-fade text-size-xs margin-top-negative-small margin-bottom">Add 'any' for wildcard access</div>
                                     </div>
 
                                     <button data-ls-if="({{project-document.$id}})">Update</button>
diff --git a/app/views/console/functions/function.phtml b/app/views/console/functions/function.phtml
index 5d5cc20b9..ca32ad75a 100644
--- a/app/views/console/functions/function.phtml
+++ b/app/views/console/functions/function.phtml
@@ -537,7 +537,7 @@ sort($patterns);
 
                                     <label for="execute">Execute Access <span class="tooltip small" data-tooltip="Choose who can execute this function using the client API."><i class="icon-info-circled"></i></span> <span class="text-size-small">(<a data-ls-attrs="href={{env.HOME}}/docs/permissions" target="_blank" rel="noopener">Learn more</a>)</span></label>
                                     <input type="hidden" id="execute" name="execute" data-forms-tags data-cast-to="json" data-ls-bind="{{project-function.execute}}" placeholder="User ID, Team ID or Role" />
-                                    <div class="text-fade text-size-xs margin-top-negative-small margin-bottom">Add 'role:all' for wildcard access</div>
+                                    <div class="text-fade text-size-xs margin-top-negative-small margin-bottom">Add 'any' for wildcard access</div>
 
                                     <label for="timeout">Timeout (seconds) <span class="tooltip small" data-tooltip="Limit the execution time of your function."><i class="icon-info-circled"></i></span></label>
                                     <input name="timeout" id="function-timeout" type="number" autocomplete="off" data-ls-bind="{{project-function.timeout}}" min="1" max="<?php echo $this->escape($timeout); ?>" data-cast-to="integer" />
diff --git a/app/views/console/settings/index.phtml b/app/views/console/settings/index.phtml
index aed016b17..9b355a7e6 100644
--- a/app/views/console/settings/index.phtml
+++ b/app/views/console/settings/index.phtml
@@ -57,7 +57,7 @@ $smtpEnabled = $this->getParam('smtpEnabled', false);
                                 <label for="logo">Project Logo</label>
 
                                 <div class="text-align-center clear">
-                                    <input type="hidden" name="logo" data-ls-bind="{{console-project.logo}}" data-read="<?php echo $this->escape(json_encode(['role:all'])); ?>" data-write="<?php echo $this->escape(json_encode(['team:{{console-project.teamId}}'])); ?>" data-accept="image/*" data-forms-upload="" data-label-button="Upload" data-preview-alt="Project Logo" data-scope="console" data-default="">
+                                    <input type="hidden" name="logo" data-ls-bind="{{console-project.logo}}" data-read="<?php echo $this->escape(json_encode(['any'])); ?>" data-write="<?php echo $this->escape(json_encode(['team:{{console-project.teamId}}'])); ?>" data-accept="image/*" data-forms-upload="" data-label-button="Upload" data-preview-alt="Project Logo" data-scope="console" data-default="">
                                 </div>
 
                                 <hr />
diff --git a/app/views/console/storage/bucket.phtml b/app/views/console/storage/bucket.phtml
index 81af5c81b..232e69c93 100644
--- a/app/views/console/storage/bucket.phtml
+++ b/app/views/console/storage/bucket.phtml
@@ -133,11 +133,11 @@ $fileLimitHuman = $this->getParam('fileLimitHuman', 0);
 
                                                                 <label for="file-read">Read Access (<a data-ls-attrs="href={{env.HOME}}/docs/permissions" target="_blank" rel="noopener">Learn more</a>)</label>
                                                                 <input type="hidden" data-ls-attrs="id=file-read-{{file.$id}}" name="read" data-forms-tags data-cast-to="json" data-ls-bind="{{file.$permissions}}" placeholder="User ID, Team ID or Role" />
-                                                                <div class="text-fade text-size-xs margin-top-negative-small margin-bottom">Add 'role:all' for wildcard access</div>
+                                                                <div class="text-fade text-size-xs margin-top-negative-small margin-bottom">Add 'any' for wildcard access</div>
 
                                                                 <label for="file-write">Write Access (<a data-ls-attrs="href={{env.HOME}}/docs/permissions" target="_blank" rel="noopener">Learn more</a>)</label>
                                                                 <input type="hidden" data-ls-attrs="id=file-write-{{file.$id}}" name="write" data-forms-tags data-cast-to="json" data-ls-bind="{{file.$permissions}}" placeholder="User ID, Team ID or Role" />
-                                                                <div class="text-fade text-size-xs margin-top-negative-small margin-bottom">Add 'role:all' for wildcard access</div>
+                                                                <div class="text-fade text-size-xs margin-top-negative-small margin-bottom">Add 'any' for wildcard access</div>
                                                             </form>
 
                                                             <form class="strip"
@@ -291,12 +291,12 @@ $fileLimitHuman = $this->getParam('fileLimitHuman', 0);
                             <div class="text-fade text-size-xs margin-top-negative-small margin-bottom">(Max file size allowed: <?php echo $fileLimitHuman; ?>)</div>
 
                             <label for="file-read">Read Access (<a data-ls-attrs="href={{env.HOME}}/docs/permissions" target="_blank" rel="noopener">Learn more</a>)</label>
-                            <input type="hidden" id="file-read" name="read" data-forms-tags data-cast-to="json" value="<?php echo htmlentities(json_encode(['role:all'])); ?>" placeholder="User ID, Team ID or Role" />
-                            <div class="text-fade text-size-xs margin-top-negative-small margin-bottom">Add 'role:all' for wildcard access</div>
+                            <input type="hidden" id="file-read" name="read" data-forms-tags data-cast-to="json" value="<?php echo htmlentities(json_encode(['any'])); ?>" placeholder="User ID, Team ID or Role" />
+                            <div class="text-fade text-size-xs margin-top-negative-small margin-bottom">Add 'any' for wildcard access</div>
 
                             <label for="file-write">Write Access (<a data-ls-attrs="href={{env.HOME}}/docs/permissions" target="_blank" rel="noopener">Learn more</a>)</label>
                             <input type="hidden" id="file-write" name="write" data-forms-tags data-cast-to="json" value="" placeholder="User ID, Team ID or Role" />
-                            <div class="text-fade text-size-xs margin-top-negative-small margin-bottom">Add 'role:all' for wildcard access</div>
+                            <div class="text-fade text-size-xs margin-top-negative-small margin-bottom">Add 'any' for wildcard access</div>
 
                             <footer>
                                 <button type="submit">Create</button> &nbsp; <button data-ui-modal-close="" type="button" class="reverse">Cancel</button>
@@ -440,11 +440,11 @@ $fileLimitHuman = $this->getParam('fileLimitHuman', 0);
 
                                             <label for="bucket-read">Read Access <span class="text-size-small">(<a data-ls-attrs="href={{env.HOME}}/docs/permissions" target="_blank" rel="noopener">Learn more</a>)</span></label>
                                             <input type="hidden" id="bucket-read" name="read" data-forms-tags data-cast-to="json" data-ls-bind="{{project-bucket.$permissions}}" placeholder="User ID, Team ID or Role" />
-                                            <div class="text-fade text-size-xs margin-top-negative-small margin-bottom">Add 'role:all' for wildcard access</div>
+                                            <div class="text-fade text-size-xs margin-top-negative-small margin-bottom">Add 'any' for wildcard access</div>
 
                                             <label for="bucket-write">Write Access <span class="text-size-small">(<a data-ls-attrs="href={{env.HOME}}/docs/permissions" target="_blank" rel="noopener">Learn more</a>)</label>
                                             <input type="hidden" id="bucket-write" name="write" data-forms-tags data-cast-to="json" data-ls-bind="{{project-bucket.$permissions}}" placeholder="User ID, Team ID or Role" />
-                                            <div class="text-fade text-size-xs margin-top-negative-small margin-bottom">Add 'role:all' for wildcard access</div>
+                                            <div class="text-fade text-size-xs margin-top-negative-small margin-bottom">Add 'any' for wildcard access</div>
                                         </div>
                                     </div>
                                 </div>
diff --git a/docs/specs/authentication.drawio.svg b/docs/specs/authentication.drawio.svg
index f8f88baa7..4cb3e5f2c 100644
--- a/docs/specs/authentication.drawio.svg
+++ b/docs/specs/authentication.drawio.svg
@@ -342,7 +342,7 @@
                             <div style="display: inline-block; font-size: 12px; font-family: Helvetica; color: rgb(0, 0, 0); line-height: 1.2; pointer-events: all; white-space: normal; overflow-wrap: normal;">
                                 Guset
                                 <br/>
-                                role:guest
+                                guests
                             </div>
                         </div>
                     </div>
@@ -363,7 +363,7 @@
                             <div style="display: inline-block; font-size: 12px; font-family: Helvetica; color: rgb(0, 0, 0); line-height: 1.2; pointer-events: all; white-space: normal; overflow-wrap: normal;">
                                 Member
                                 <br/>
-                                role:member
+                                users
                             </div>
                         </div>
                     </div>
diff --git a/src/Appwrite/Messaging/Adapter/Realtime.php b/src/Appwrite/Messaging/Adapter/Realtime.php
index 60e2fdbbb..3e903a544 100644
--- a/src/Appwrite/Messaging/Adapter/Realtime.php
+++ b/src/Appwrite/Messaging/Adapter/Realtime.php
@@ -288,13 +288,15 @@ class Realtime extends Adapter
                     $channels[] = 'databases.' . $database->getId() .  '.collections.' . $payload->getCollection() . '.documents';
                     $channels[] = 'databases.' . $database->getId() . '.collections.' . $payload->getCollection() . '.documents.' . $payload->getId();
 
-                    $roles = ($collection->getAttribute('permission') === 'collection') ? $collection->getRead() : $payload->getRead();
+                    $roles = ($collection->getAttribute('documentSecurity', false))
+                        ? \array_merge($collection->getRead(), $payload->getRead())
+                        : $collection->getRead();
                 }
                 break;
             case 'buckets':
                 if ($parts[2] === 'files') {
                     if ($bucket->isEmpty()) {
-                        throw new \Exception('Bucket needs to be pased to Realtime for File events in the Storage.');
+                        throw new \Exception('Bucket needs to be passed to Realtime for File events in the Storage.');
                     }
                     $channels[] = 'files';
                     $channels[] = 'buckets.' . $payload->getAttribute('bucketId') . '.files';
diff --git a/src/Appwrite/Specification/Format/Swagger2.php b/src/Appwrite/Specification/Format/Swagger2.php
index aac805fd3..5cd5e1991 100644
--- a/src/Appwrite/Specification/Format/Swagger2.php
+++ b/src/Appwrite/Specification/Format/Swagger2.php
@@ -312,7 +312,7 @@ class Swagger2 extends Format
                         $node['items'] = [
                             'type' => 'string',
                         ];
-                        $node['x-example'] = '["role:all"]';
+                        $node['x-example'] = '["read(any)"]';
                         break;
                     case 'Appwrite\Auth\Validator\Password':
                         $node['type'] = $validator->getType();
diff --git a/src/Appwrite/Utopia/Response/Model/Execution.php b/src/Appwrite/Utopia/Response/Model/Execution.php
index cb4ce9c20..6bc91c9a2 100644
--- a/src/Appwrite/Utopia/Response/Model/Execution.php
+++ b/src/Appwrite/Utopia/Response/Model/Execution.php
@@ -32,7 +32,7 @@ class Execution extends Model
                 'type' => self::TYPE_STRING,
                 'description' => 'Execution permissions.',
                 'default' => '',
-                'example' => 'role:all',
+                'example' => 'any',
                 'array' => true,
             ])
             ->addRule('functionId', [
diff --git a/src/Appwrite/Utopia/Response/Model/File.php b/src/Appwrite/Utopia/Response/Model/File.php
index b64297922..e873628ac 100644
--- a/src/Appwrite/Utopia/Response/Model/File.php
+++ b/src/Appwrite/Utopia/Response/Model/File.php
@@ -38,7 +38,7 @@ class File extends Model
                 'type' => self::TYPE_STRING,
                 'description' => 'File permissions.',
                 'default' => [],
-                'example' => 'read(role:all)',
+                'example' => 'read(any)',
                 'array' => true,
             ])
             ->addRule('name', [
diff --git a/src/Appwrite/Utopia/Response/Model/Func.php b/src/Appwrite/Utopia/Response/Model/Func.php
index 716b67eec..796974da0 100644
--- a/src/Appwrite/Utopia/Response/Model/Func.php
+++ b/src/Appwrite/Utopia/Response/Model/Func.php
@@ -34,7 +34,7 @@ class Func extends Model
                 'type' => self::TYPE_STRING,
                 'description' => 'Execution permissions.',
                 'default' => [],
-                'example' => 'role:member',
+                'example' => 'users',
                 'array' => true,
             ])
             ->addRule('name', [
diff --git a/tests/e2e/Services/Databases/DatabasesBase.php b/tests/e2e/Services/Databases/DatabasesBase.php
index 04680ce4d..24caddb7d 100644
--- a/tests/e2e/Services/Databases/DatabasesBase.php
+++ b/tests/e2e/Services/Databases/DatabasesBase.php
@@ -44,9 +44,8 @@ trait DatabasesBase
         ]), [
             'collectionId' => 'unique()',
             'name' => 'Movies',
-            'read' => [],
-            'write' => [],
-            'permission' => 'document',
+            'permissions' => [],
+            'documentSecurity' => true,
         ]);
 
         $this->assertEquals($movies['headers']['status-code'], 201);
@@ -71,7 +70,7 @@ trait DatabasesBase
         ]), [
             'name' => 'Movies',
             'enabled' => false,
-            'permission' => 'document',
+            'documentSecurity' => true,
         ]);
 
         $this->assertEquals($response['headers']['status-code'], 200);
@@ -86,8 +85,10 @@ trait DatabasesBase
                 'data' => [
                     'title' => 'Captain America',
                 ],
-                'read' => ['user:' . $this->getUser()['$id']],
-                'write' => ['user:' . $this->getUser()['$id']],
+                'permissions' => [
+                    'read(user:' . $this->getUser()['$id'] . ')',
+                    'write(user:' . $this->getUser()['$id'] . ')',
+                ],
             ]);
 
             $responseListDocument = $this->client->call(Client::METHOD_GET, '/databases/' . $databaseId . '/collections/' . $data['moviesId'] . '/documents', array_merge([
@@ -112,7 +113,7 @@ trait DatabasesBase
         ]), [
             'name' => 'Movies',
             'enabled' => true,
-            'permission' => 'document',
+            'documentSecurity' => true,
         ]);
 
         $this->assertEquals($response['headers']['status-code'], 200);
@@ -220,9 +221,8 @@ trait DatabasesBase
         ]), [
             'collectionId' => 'unique()',
             'name' => 'Response Models',
-            'read' => [],
-            'write' => [],
-            'permission' => 'document',
+            'permissions' => [],
+            'documentSecurity' => true,
         ]);
 
         $this->assertEquals($collection['headers']['status-code'], 201);
@@ -785,8 +785,10 @@ trait DatabasesBase
                     'Samuel Jackson',
                 ]
             ],
-            'read' => ['user:' . $this->getUser()['$id']],
-            'write' => ['user:' . $this->getUser()['$id']],
+            'permissions' => [
+                'read(user: ' . $this->getUser()['$id'] . ')',
+                'write(user: ' . $this->getUser()['$id'] . ')',
+            ]
         ]);
 
         $document2 = $this->client->call(Client::METHOD_POST, '/databases/' . $databaseId . '/collections/' . $data['moviesId'] . '/documents', array_merge([
@@ -803,8 +805,10 @@ trait DatabasesBase
                     'Samuel Jackson',
                 ]
             ],
-            'read' => ['user:' . $this->getUser()['$id']],
-            'write' => ['user:' . $this->getUser()['$id']],
+            'permissions' => [
+                'read(user: ' . $this->getUser()['$id'] . ')',
+                'write(user: ' . $this->getUser()['$id'] . ')',
+            ]
         ]);
 
         $document3 = $this->client->call(Client::METHOD_POST, '/databases/' . $databaseId . '/collections/' . $data['moviesId'] . '/documents', array_merge([
@@ -821,8 +825,10 @@ trait DatabasesBase
                     'Zendaya Maree Stoermer',
                 ],
             ],
-            'read' => ['user:' . $this->getUser()['$id']],
-            'write' => ['user:' . $this->getUser()['$id']],
+            'permissions' => [
+                'read(user: ' . $this->getUser()['$id'] . ')',
+                'write(user: ' . $this->getUser()['$id'] . ')',
+            ]
         ]);
 
         $document4 = $this->client->call(Client::METHOD_POST, '/databases/' . $databaseId . '/collections/' . $data['moviesId'] . '/documents', array_merge([
@@ -833,8 +839,10 @@ trait DatabasesBase
             'data' => [
                 'releaseYear' => 2020, // Missing title, expect an 400 error
             ],
-            'read' => ['user:' . $this->getUser()['$id']],
-            'write' => ['user:' . $this->getUser()['$id']],
+            'permissions' => [
+                'read(user: ' . $this->getUser()['$id'] . ')',
+                'write(user: ' . $this->getUser()['$id'] . ')',
+            ]
         ]);
 
         $this->assertEquals($document1['headers']['status-code'], 201);
@@ -942,9 +950,8 @@ trait DatabasesBase
         ]), [
             'collectionId' => 'unique()',
             'name' => 'Movies',
-            'read' => [],
-            'write' => [],
-            'permission' => 'document',
+            'permissions' => [],
+            'documentSecurity' => true,
         ]);
 
         $this->assertEquals($movies['headers']['status-code'], 201);
@@ -1476,8 +1483,10 @@ trait DatabasesBase
                 'releaseYear' => 2017,
                 'actors' => [],
             ],
-            'read' => ['user:' . $this->getUser()['$id']],
-            'write' => ['user:' . $this->getUser()['$id']],
+            'permissions' => [
+                'read(user: ' . $this->getUser()['$id'] . ')',
+                'write(user: ' . $this->getUser()['$id'] . ')',
+            ]
         ]);
 
         $id = $document['body']['$id'];
@@ -1529,9 +1538,8 @@ trait DatabasesBase
         ]), [
             'collectionId' => 'unique()',
             'name' => 'invalidDocumentStructure',
-            'read' => [],
-            'write' => [],
-            'permission' => 'document',
+            'permissions' => [],
+            'documentSecurity' => true,
         ]);
 
         $this->assertEquals(201, $collection['headers']['status-code']);
@@ -1726,8 +1734,10 @@ trait DatabasesBase
             'data' => [
                 'email' => 'user@example.com',
             ],
-            'read' => ['user:' . $this->getUser()['$id']],
-            'write' => ['user:' . $this->getUser()['$id']],
+            'permissions' => [
+                'read(user: ' . $this->getUser()['$id'] . ')',
+                'write(user: ' . $this->getUser()['$id'] . ')',
+            ]
         ]);
 
         $goodEnum = $this->client->call(Client::METHOD_POST, '/databases/' . $databaseId . '/collections/' . $collectionId . '/documents', array_merge([
@@ -1738,8 +1748,10 @@ trait DatabasesBase
             'data' => [
                 'enum' => 'yes',
             ],
-            'read' => ['user:' . $this->getUser()['$id']],
-            'write' => ['user:' . $this->getUser()['$id']],
+            'permissions' => [
+                'read(user: ' . $this->getUser()['$id'] . ')',
+                'write(user: ' . $this->getUser()['$id'] . ')',
+            ]
         ]);
 
         $goodIp = $this->client->call(Client::METHOD_POST, '/databases/' . $databaseId . '/collections/' . $collectionId . '/documents', array_merge([
@@ -1750,8 +1762,10 @@ trait DatabasesBase
             'data' => [
                 'ip' => '1.1.1.1',
             ],
-            'read' => ['user:' . $this->getUser()['$id']],
-            'write' => ['user:' . $this->getUser()['$id']],
+            'permissions' => [
+                'read(user: ' . $this->getUser()['$id'] . ')',
+                'write(user: ' . $this->getUser()['$id'] . ')',
+            ]
         ]);
 
         $goodUrl = $this->client->call(Client::METHOD_POST, '/databases/' . $databaseId . '/collections/' . $collectionId . '/documents', array_merge([
@@ -1762,8 +1776,10 @@ trait DatabasesBase
             'data' => [
                 'url' => 'http://www.example.com',
             ],
-            'read' => ['user:' . $this->getUser()['$id']],
-            'write' => ['user:' . $this->getUser()['$id']],
+            'permissions' => [
+                'read(user: ' . $this->getUser()['$id'] . ')',
+                'write(user: ' . $this->getUser()['$id'] . ')',
+            ]
         ]);
 
         $goodRange = $this->client->call(Client::METHOD_POST, '/databases/' . $databaseId . '/collections/' . $collectionId . '/documents', array_merge([
@@ -1774,8 +1790,10 @@ trait DatabasesBase
             'data' => [
                 'range' => 3,
             ],
-            'read' => ['user:' . $this->getUser()['$id']],
-            'write' => ['user:' . $this->getUser()['$id']],
+            'permissions' => [
+                'read(user: ' . $this->getUser()['$id'] . ')',
+                'write(user: ' . $this->getUser()['$id'] . ')',
+            ]
         ]);
 
         $goodFloatRange = $this->client->call(Client::METHOD_POST, '/databases/' . $databaseId . '/collections/' . $collectionId . '/documents', array_merge([
@@ -1786,8 +1804,10 @@ trait DatabasesBase
             'data' => [
                 'floatRange' => 1.4,
             ],
-            'read' => ['user:' . $this->getUser()['$id']],
-            'write' => ['user:' . $this->getUser()['$id']],
+            'permissions' => [
+                'read(user: ' . $this->getUser()['$id'] . ')',
+                'write(user: ' . $this->getUser()['$id'] . ')',
+            ]
         ]);
 
         $goodProbability = $this->client->call(Client::METHOD_POST, '/databases/' . $databaseId . '/collections/' . $collectionId . '/documents', array_merge([
@@ -1798,8 +1818,10 @@ trait DatabasesBase
             'data' => [
                 'probability' => 0.99999,
             ],
-            'read' => ['user:' . $this->getUser()['$id']],
-            'write' => ['user:' . $this->getUser()['$id']],
+            'permissions' => [
+                'read(user: ' . $this->getUser()['$id'] . ')',
+                'write(user: ' . $this->getUser()['$id'] . ')',
+            ]
         ]);
 
         $notTooHigh = $this->client->call(Client::METHOD_POST, '/databases/' . $databaseId . '/collections/' . $collectionId . '/documents', array_merge([
@@ -1810,8 +1832,10 @@ trait DatabasesBase
             'data' => [
                 'upperBound' => 8,
             ],
-            'read' => ['user:' . $this->getUser()['$id']],
-            'write' => ['user:' . $this->getUser()['$id']],
+            'permissions' => [
+                'read(user: ' . $this->getUser()['$id'] . ')',
+                'write(user: ' . $this->getUser()['$id'] . ')',
+            ]
         ]);
 
         $notTooLow = $this->client->call(Client::METHOD_POST, '/databases/' . $databaseId . '/collections/' . $collectionId . '/documents', array_merge([
@@ -1822,8 +1846,10 @@ trait DatabasesBase
             'data' => [
                 'lowerBound' => 8,
             ],
-            'read' => ['user:' . $this->getUser()['$id']],
-            'write' => ['user:' . $this->getUser()['$id']],
+            'permissions' => [
+                'read(user: ' . $this->getUser()['$id'] . ')',
+                'write(user: ' . $this->getUser()['$id'] . ')',
+            ]
         ]);
 
         $this->assertEquals(201, $goodEmail['headers']['status-code']);
@@ -1848,8 +1874,10 @@ trait DatabasesBase
             'data' => [
                 'email' => 'user@@example.com',
             ],
-            'read' => ['user:' . $this->getUser()['$id']],
-            'write' => ['user:' . $this->getUser()['$id']],
+            'permissions' => [
+                'read(user: ' . $this->getUser()['$id'] . ')',
+                'write(user: ' . $this->getUser()['$id'] . ')',
+            ]
         ]);
 
         $badEnum = $this->client->call(Client::METHOD_POST, '/databases/' . $databaseId . '/collections/' . $collectionId . '/documents', array_merge([
@@ -1860,8 +1888,10 @@ trait DatabasesBase
             'data' => [
                 'enum' => 'badEnum',
             ],
-            'read' => ['user:' . $this->getUser()['$id']],
-            'write' => ['user:' . $this->getUser()['$id']],
+            'permissions' => [
+                'read(user: ' . $this->getUser()['$id'] . ')',
+                'write(user: ' . $this->getUser()['$id'] . ')',
+            ]
         ]);
 
         $badIp = $this->client->call(Client::METHOD_POST, '/databases/' . $databaseId . '/collections/' . $collectionId . '/documents', array_merge([
@@ -1872,8 +1902,10 @@ trait DatabasesBase
             'data' => [
                 'ip' => '1.1.1.1.1',
             ],
-            'read' => ['user:' . $this->getUser()['$id']],
-            'write' => ['user:' . $this->getUser()['$id']],
+            'permissions' => [
+                'read(user: ' . $this->getUser()['$id'] . ')',
+                'write(user: ' . $this->getUser()['$id'] . ')',
+            ]
         ]);
 
         $badUrl = $this->client->call(Client::METHOD_POST, '/databases/' . $databaseId . '/collections/' . $collectionId . '/documents', array_merge([
@@ -1884,8 +1916,10 @@ trait DatabasesBase
             'data' => [
                 'url' => 'example...com',
             ],
-            'read' => ['user:' . $this->getUser()['$id']],
-            'write' => ['user:' . $this->getUser()['$id']],
+            'permissions' => [
+                'read(user: ' . $this->getUser()['$id'] . ')',
+                'write(user: ' . $this->getUser()['$id'] . ')',
+            ]
         ]);
 
         $badRange = $this->client->call(Client::METHOD_POST, '/databases/' . $databaseId . '/collections/' . $collectionId . '/documents', array_merge([
@@ -1896,8 +1930,10 @@ trait DatabasesBase
             'data' => [
                 'range' => 11,
             ],
-            'read' => ['user:' . $this->getUser()['$id']],
-            'write' => ['user:' . $this->getUser()['$id']],
+            'permissions' => [
+                'read(user: ' . $this->getUser()['$id'] . ')',
+                'write(user: ' . $this->getUser()['$id'] . ')',
+            ]
         ]);
 
         $badFloatRange = $this->client->call(Client::METHOD_POST, '/databases/' . $databaseId . '/collections/' . $collectionId . '/documents', array_merge([
@@ -1908,8 +1944,10 @@ trait DatabasesBase
             'data' => [
                 'floatRange' => 2.5,
             ],
-            'read' => ['user:' . $this->getUser()['$id']],
-            'write' => ['user:' . $this->getUser()['$id']],
+            'permissions' => [
+                'read(user: ' . $this->getUser()['$id'] . ')',
+                'write(user: ' . $this->getUser()['$id'] . ')',
+            ]
         ]);
 
         $badProbability = $this->client->call(Client::METHOD_POST, '/databases/' . $databaseId . '/collections/' . $collectionId . '/documents', array_merge([
@@ -1920,8 +1958,10 @@ trait DatabasesBase
             'data' => [
                 'probability' => 1.1,
             ],
-            'read' => ['user:' . $this->getUser()['$id']],
-            'write' => ['user:' . $this->getUser()['$id']],
+            'permissions' => [
+                'read(user: ' . $this->getUser()['$id'] . ')',
+                'write(user: ' . $this->getUser()['$id'] . ')',
+            ]
         ]);
 
         $tooHigh = $this->client->call(Client::METHOD_POST, '/databases/' . $databaseId . '/collections/' . $collectionId . '/documents', array_merge([
@@ -1932,8 +1972,10 @@ trait DatabasesBase
             'data' => [
                 'upperBound' => 11,
             ],
-            'read' => ['user:' . $this->getUser()['$id']],
-            'write' => ['user:' . $this->getUser()['$id']],
+            'permissions' => [
+                'read(user: ' . $this->getUser()['$id'] . ')',
+                'write(user: ' . $this->getUser()['$id'] . ')',
+            ]
         ]);
 
         $tooLow = $this->client->call(Client::METHOD_POST, '/databases/' . $databaseId . '/collections/' . $collectionId . '/documents', array_merge([
@@ -1944,8 +1986,10 @@ trait DatabasesBase
             'data' => [
                 'lowerBound' => 3,
             ],
-            'read' => ['user:' . $this->getUser()['$id']],
-            'write' => ['user:' . $this->getUser()['$id']],
+            'permissions' => [
+                'read(user: ' . $this->getUser()['$id'] . ')',
+                'write(user: ' . $this->getUser()['$id'] . ')',
+            ]
         ]);
 
         $this->assertEquals(400, $badEmail['headers']['status-code']);
@@ -2066,8 +2110,7 @@ trait DatabasesBase
                 'releaseYear' => 1946,
                 'actors' => [],
             ],
-            'read' => [],
-            'write' => [],
+            'permissions' => [],
         ]);
 
         if ($this->getSide() == 'client') {
@@ -2108,9 +2151,10 @@ trait DatabasesBase
         ]), [
             'collectionId' => 'unique()',
             'name' => 'enforceCollectionPermissions',
-            'permission' => 'collection',
-            'read' => [$user],
-            'write' => [$user]
+            'permissions' => [
+                'read(' . $user . ')',
+                'write(' . $user . ')',
+            ],
         ]);
 
         $this->assertEquals($collection['headers']['status-code'], 201);
@@ -2161,8 +2205,10 @@ trait DatabasesBase
             'data' => [
                 'attribute' => 'one',
             ],
-            'read' => [$user],
-            'write' => [$user],
+            'permissions' => [
+                'read(' . $user . ')',
+                'write(' . $user . ')',
+            ]
         ]);
 
         $this->assertEquals(201, $document1['headers']['status-code']);
@@ -2175,8 +2221,9 @@ trait DatabasesBase
             'data' => [
                 'attribute' => 'one',
             ],
-            'read' => [],
-            'write' => [$user],
+            'permissions' => [
+                'write(' . $user . ')',
+            ]
         ]);
 
         $this->assertEquals(201, $document2['headers']['status-code']);
@@ -2189,8 +2236,7 @@ trait DatabasesBase
             'data' => [
                 'attribute' => 'one',
             ],
-            'read' => [],
-            'write' => [],
+            'permissions' => [],
         ]);
 
         $this->assertEquals(201, $document3['headers']['status-code']);
@@ -2214,9 +2260,9 @@ trait DatabasesBase
             'x-appwrite-key' => $this->getProject()['apiKey']
         ]), [
             'name' => 'enforceCollectionPermissions',
-            'permission' => 'collection',
-            'read' => [$user],
-            'write' => []
+            'permissions' => [
+                'read(' . $user . ')'
+            ],
         ]);
 
         $this->assertEquals(200, $collection['headers']['status-code']);
@@ -2229,8 +2275,10 @@ trait DatabasesBase
             'data' => [
                 'attribute' => 'bad',
             ],
-            'read' => [$user],
-            'write' => [$user],
+            'permissions' => [
+                'read(' . $user . ')',
+                'write(' . $user . ')',
+            ],
         ]);
 
         if ($this->getSide() == 'client') {
@@ -2248,9 +2296,7 @@ trait DatabasesBase
             'x-appwrite-key' => $this->getProject()['apiKey']
         ]), [
             'name' => 'enforceCollectionPermissions',
-            'permission' => 'collection',
-            'read' => [],
-            'write' => []
+            'permissions' => [],
         ]);
 
         $this->assertEquals(200, $collection['headers']['status-code']);
@@ -2297,8 +2343,10 @@ trait DatabasesBase
                     'Samuel Jackson',
                 ]
             ],
-            'read' => ['user:' . $this->getUser()['$id']],
-            'write' => ['user:' . $this->getUser()['$id']],
+            'permissions' => [
+                'read(user: ' . $this->getUser()['$id'] . ')',
+                'write(user: ' . $this->getUser()['$id'] . ')',
+            ]
         ]);
 
         $this->assertEquals(409, $duplicate['headers']['status-code']);
@@ -2317,8 +2365,10 @@ trait DatabasesBase
                     'Samuel Jackson',
                 ]
             ],
-            'read' => ['user:' . $this->getUser()['$id']],
-            'write' => ['user:' . $this->getUser()['$id']],
+            'permissions' => [
+                'read(user: ' . $this->getUser()['$id'] . ')',
+                'write(user: ' . $this->getUser()['$id'] . ')',
+            ]
         ]);
 
         $this->assertEquals(201, $document['headers']['status-code']);
@@ -2337,8 +2387,10 @@ trait DatabasesBase
                     'Samuel Jackson',
                 ]
             ],
-            'read' => ['user:' . $this->getUser()['$id']],
-            'write' => ['user:' . $this->getUser()['$id']],
+            'permissions' => [
+                'read(user: ' . $this->getUser()['$id'] . ')',
+                'write(user: ' . $this->getUser()['$id'] . ')',
+            ]
         ]);
 
         $this->assertEquals(409, $duplicate['headers']['status-code']);
@@ -2430,9 +2482,8 @@ trait DatabasesBase
         ]), [
             'collectionId' => 'unique()',
             'name' => 'Movies',
-            'read' => [],
-            'write' => [],
-            'permission' => 'document',
+            'permissions' => [],
+            'documentSecurity' => true,
         ]);
 
         $this->assertEquals($movies['headers']['status-code'], 201);
diff --git a/tests/e2e/Services/Databases/DatabasesConsoleClientTest.php b/tests/e2e/Services/Databases/DatabasesConsoleClientTest.php
index c150c84be..240c552e3 100644
--- a/tests/e2e/Services/Databases/DatabasesConsoleClientTest.php
+++ b/tests/e2e/Services/Databases/DatabasesConsoleClientTest.php
@@ -35,9 +35,11 @@ class DatabasesConsoleClientTest extends Scope
         ], $this->getHeaders()), [
             'collectionId' => 'unique()',
             'name' => 'Movies',
-            'read' => ['role:all'],
-            'write' => ['role:all'],
-            'permission' => 'document',
+            'permissions' => [
+                'read(any)',
+                'write(any)',
+            ],
+            'documentSecurity' => true,
         ]);
 
         $this->assertEquals($movies['headers']['status-code'], 201);
diff --git a/tests/e2e/Services/Databases/DatabasesCustomClientTest.php b/tests/e2e/Services/Databases/DatabasesCustomClientTest.php
index 93316cb39..6b0c5d38f 100644
--- a/tests/e2e/Services/Databases/DatabasesCustomClientTest.php
+++ b/tests/e2e/Services/Databases/DatabasesCustomClientTest.php
@@ -47,9 +47,8 @@ class DatabasesCustomClientTest extends Scope
         ]), [
             'collectionId' => 'permissionCheck',
             'name' => 'permissionCheck',
-            'read' => [],
-            'write' => [],
-            'permission' => 'document'
+            'permissions' => [],
+            'documentSecurity' => true,
         ]);
         $this->assertEquals(201, $response['headers']['status-code']);
 
@@ -78,8 +77,10 @@ class DatabasesCustomClientTest extends Scope
             'data' => [
                 'name' => 'AppwriteBeginner',
             ],
-            'read' => ['user:' . $userId, 'user:user2'],
-            'write' => ['user:' . $userId],
+            'permissions' => [
+                'read(user:' . $userId . ', user:user2)',
+                'write(user:' . $userId . ')',
+            ],
         ]);
         $this->assertEquals(201, $response['headers']['status-code']);
 
diff --git a/tests/e2e/Services/Databases/DatabasesCustomServerTest.php b/tests/e2e/Services/Databases/DatabasesCustomServerTest.php
index f88feea3e..383736689 100644
--- a/tests/e2e/Services/Databases/DatabasesCustomServerTest.php
+++ b/tests/e2e/Services/Databases/DatabasesCustomServerTest.php
@@ -250,9 +250,11 @@ class DatabasesCustomServerTest extends Scope
         ]), [
             'name' => 'Test 1',
             'collectionId' => 'first',
-            'read' => ['role:all'],
-            'write' => ['role:all'],
-            'permission' => 'document'
+            'permissions' => [
+                'read(any)',
+                'write(any)',
+            ],
+            'documentSecurity' => true,
         ]);
 
         $test2 = $this->client->call(Client::METHOD_POST, '/databases/' . $databaseId . '/collections', array_merge([
@@ -262,9 +264,11 @@ class DatabasesCustomServerTest extends Scope
         ]), [
             'name' => 'Test 2',
             'collectionId' => 'second',
-            'read' => ['role:all'],
-            'write' => ['role:all'],
-            'permission' => 'document'
+            'permissions' => [
+                'read(any)',
+                'write(any)',
+            ],
+            'documentSecurity' => true,
         ]);
 
         $collections = $this->client->call(Client::METHOD_GET, '/databases/' . $databaseId . '/collections', array_merge([
@@ -402,9 +406,11 @@ class DatabasesCustomServerTest extends Scope
         ]), [
             'name' => 'Test 1',
             'collectionId' => 'first',
-            'read' => ['role:all'],
-            'write' => ['role:all'],
-            'permission' => 'document'
+            'permissions' => [
+                'read(any)',
+                'write(any)',
+            ],
+            'documentSecurity' => true,
         ]);
 
         $this->assertEquals($response['headers']['status-code'], 409);
@@ -436,9 +442,11 @@ class DatabasesCustomServerTest extends Scope
         ]), [
             'collectionId' => 'unique()',
             'name' => 'Actors',
-            'read' => ['role:all'],
-            'write' => ['role:all'],
-            'permission' => 'document'
+            'permissions' => [
+                'read(any)',
+                'write(any)',
+            ],
+            'documentSecurity' => true,
         ]);
 
         $this->assertEquals($actors['headers']['status-code'], 201);
@@ -489,8 +497,10 @@ class DatabasesCustomServerTest extends Scope
                 'lastName' => 'ipsum',
                 'unneeded' =>  'dolor'
             ],
-            'read' => ['role:all'],
-            'write' => ['role:all'],
+            'permissions' => [
+                'read(any)',
+                'write(any)',
+            ],
         ]);
 
         $index = $this->client->call(Client::METHOD_POST, '/databases/' . $databaseId . '/collections/' . $actors['body']['$id'] . '/indexes', array_merge([
@@ -712,9 +722,11 @@ class DatabasesCustomServerTest extends Scope
         ]), [
             'collectionId' => 'unique()',
             'name' => 'TestCleanupDuplicateIndexOnDeleteAttribute',
-            'read' => ['role:all'],
-            'write' => ['role:all'],
-            'permission' => 'document',
+            'permissions' => [
+                'read(any)',
+                'write(any)',
+            ],
+            'documentSecurity' => true,
         ]);
 
         $this->assertEquals(201, $collection['headers']['status-code']);
@@ -831,8 +843,10 @@ class DatabasesCustomServerTest extends Scope
                 'firstName' => 'Tom',
                 'lastName' => 'Holland',
             ],
-            'read' => ['user:' . $this->getUser()['$id']],
-            'write' => ['user:' . $this->getUser()['$id']],
+            'permissions' => [
+                'read(user: ' . $this->getUser()['$id'] . ')',
+                'write(user: ' . $this->getUser()['$id'] . ')',
+            ],
         ]);
 
         $document2 = $this->client->call(Client::METHOD_POST, '/databases/' . $databaseId . '/collections/' . $collectionId . '/documents', array_merge([
@@ -844,8 +858,10 @@ class DatabasesCustomServerTest extends Scope
                 'firstName' => 'Samuel',
                 'lastName' => 'Jackson',
             ],
-            'read' => ['user:' . $this->getUser()['$id']],
-            'write' => ['user:' . $this->getUser()['$id']],
+            'permissions' => [
+                'read(user: ' . $this->getUser()['$id'] . ')',
+                'write(user: ' . $this->getUser()['$id'] . ')',
+            ],
         ]);
 
         $this->assertEquals($document1['headers']['status-code'], 201);
@@ -897,9 +913,9 @@ class DatabasesCustomServerTest extends Scope
     //     ]), [
     //         'collectionId' => 'unique()',
     //         'name' => 'attributeCountLimit',
-    //         'read' => ['role:all'],
-    //         'write' => ['role:all'],
-    //         'permission' => 'document',
+    //         'read' => ['any'],
+    //         'write' => ['any'],
+    //         'documentSecurity' => true,
     //     ]);
 
     //     $collectionId = $collection['body']['$id'];
@@ -954,9 +970,11 @@ class DatabasesCustomServerTest extends Scope
         ]), [
             'collectionId' => 'attributeRowWidthLimit',
             'name' => 'attributeRowWidthLimit',
-            'read' => ['role:all'],
-            'write' => ['role:all'],
-            'permission' => 'document',
+            'permissions' => [
+                'read(any)',
+                'write(any)',
+            ],
+            'documentSecurity' => true,
         ]);
 
         $this->assertEquals($collection['headers']['status-code'], 201);
@@ -1016,9 +1034,11 @@ class DatabasesCustomServerTest extends Scope
         ]), [
             'collectionId' => 'testLimitException',
             'name' => 'testLimitException',
-            'read' => ['role:all'],
-            'write' => ['role:all'],
-            'permission' => 'document',
+            'permissions' => [
+                'read(any)',
+                'write(any)',
+            ],
+            'documentSecurity' => true,
         ]);
 
         $this->assertEquals($collection['headers']['status-code'], 201);
diff --git a/tests/e2e/Services/Databases/DatabasesPermissionsGuestTest.php b/tests/e2e/Services/Databases/DatabasesPermissionsGuestTest.php
index b5d6a8a39..e6da7ede8 100644
--- a/tests/e2e/Services/Databases/DatabasesPermissionsGuestTest.php
+++ b/tests/e2e/Services/Databases/DatabasesPermissionsGuestTest.php
@@ -30,9 +30,11 @@ class DatabasesPermissionsGuestTest extends Scope
         $movies = $this->client->call(Client::METHOD_POST, '/databases/' . $databaseId . '/collections', $this->getServerHeader(), [
             'collectionId' => 'unique()',
             'name' => 'Movies',
-            'read' => ['role:all'],
-            'write' => ['role:all'],
-            'permission' => 'document',
+            'permissions' => [
+                'read(any)',
+                'write(any)',
+            ],
+            'documentSecurity' => true,
         ]);
 
         $collection = ['id' => $movies['body']['$id']];
@@ -54,12 +56,12 @@ class DatabasesPermissionsGuestTest extends Scope
     public function readDocumentsProvider()
     {
         return [
-            [['role:all'], []],
-            [['role:member'], []],
-            [[] ,['role:all']],
-            [['role:all'], ['role:all']],
-            [['role:member'], ['role:member']],
-            [['role:all'], ['role:member']],
+            [['any'], []],
+            [['users'], []],
+            [[] ,['any']],
+            [['any'], ['any']],
+            [['users'], ['users']],
+            [['any'], ['users']],
         ];
     }
 
@@ -86,7 +88,7 @@ class DatabasesPermissionsGuestTest extends Scope
         ]);
 
         foreach ($documents['body']['documents'] as $document) {
-            $this->assertContains('role:all', $document['$permissions']);
+            $this->assertContains('any', $document['$permissions']);
         }
     }
 }
diff --git a/tests/e2e/Services/Databases/DatabasesPermissionsMemberTest.php b/tests/e2e/Services/Databases/DatabasesPermissionsMemberTest.php
index 6c857b172..193808fc1 100644
--- a/tests/e2e/Services/Databases/DatabasesPermissionsMemberTest.php
+++ b/tests/e2e/Services/Databases/DatabasesPermissionsMemberTest.php
@@ -29,16 +29,16 @@ class DatabasesPermissionsMemberTest extends Scope
     public function readDocumentsProvider()
     {
         return [
-            [['role:all'], []],
-            [['role:member'], []],
+            [['any'], []],
+            [['users'], []],
             [['user:random'], []],
             [['user:lorem'] ,['user:lorem']],
             [['user:dolor'] ,['user:dolor']],
             [['user:dolor', 'user:lorem'] ,['user:dolor']],
-            [[], ['role:all']],
-            [['role:all'], ['role:all']],
-            [['role:member'], ['role:member']],
-            [['role:all'], ['role:member']],
+            [[], ['any']],
+            [['any'], ['any']],
+            [['users'], ['users']],
+            [['any'], ['users']],
         ];
     }
 
@@ -64,9 +64,11 @@ class DatabasesPermissionsMemberTest extends Scope
         $public = $this->client->call(Client::METHOD_POST, '/databases/' . $databaseId . '/collections', $this->getServerHeader(), [
             'collectionId' => 'unique()',
             'name' => 'Movies',
-            'read' => ['role:all'],
-            'write' => ['role:all'],
-            'permission' => 'document',
+            'permissions' => [
+                'read(any)',
+                'write(any)',
+            ],
+            'documentSecurity' => true,
         ]);
         $this->assertEquals(201, $public['headers']['status-code']);
 
@@ -82,9 +84,11 @@ class DatabasesPermissionsMemberTest extends Scope
         $private = $this->client->call(Client::METHOD_POST, '/databases/' . $databaseId . '/collections', $this->getServerHeader(), [
             'collectionId' => 'unique()',
             'name' => 'Private Movies',
-            'read' => ['role:member'],
-            'write' => ['role:member'],
-            'permission' => 'document',
+            'permissions' => [
+                'read(users)',
+                'write(users)',
+            ],
+            'documentSecurity' => true,
         ]);
         $this->assertEquals(201, $private['headers']['status-code']);
 
@@ -122,8 +126,10 @@ class DatabasesPermissionsMemberTest extends Scope
             'data' => [
                 'title' => 'Lorem',
             ],
-            'read' => $read,
-            'write' => $write,
+            'permissions' => [
+                'read(' . $read . ')',
+                'write(' . $write . ')',
+            ],
         ]);
         $this->assertEquals(201, $response['headers']['status-code']);
 
@@ -132,8 +138,10 @@ class DatabasesPermissionsMemberTest extends Scope
             'data' => [
                 'title' => 'Lorem',
             ],
-            'read' => $read,
-            'write' => $write,
+            'permissions' => [
+                'read(' . $read . ')',
+                'write(' . $write . ')',
+            ],
         ]);
         $this->assertEquals(201, $response['headers']['status-code']);
 
@@ -149,8 +157,16 @@ class DatabasesPermissionsMemberTest extends Scope
 
         foreach ($documents['body']['documents'] as $document) {
             $hasPermissions = \array_reduce(['any', 'users', 'user:' . $users['user1']['$id']], function ($carry, $item) use ($document) {
-                // TODO: Fix this
-                return $carry ? true : \in_array($item, $document['$permissions']);
+                if ($carry) {
+                    return $carry;
+                }
+                foreach ($document['$permissions'] as $permission) {
+                    if (\stripos($permission, $item) !== false 
+                        && \str_starts_with('read', $permission)) {
+                        return true;
+                    }
+                }
+                return false;
             }, false);
             $this->assertTrue($hasPermissions);
         }
@@ -167,8 +183,16 @@ class DatabasesPermissionsMemberTest extends Scope
 
         foreach ($documents['body']['documents'] as $document) {
             $hasPermissions = \array_reduce(['any', 'users', 'user:' . $users['user1']['$id']], function ($carry, $item) use ($document) {
-                // TODO: Fix this
-                return $carry ? true : \in_array($item, $document['$permissions']);
+                if ($carry) {
+                    return $carry;
+                }
+                foreach ($document['$permissions'] as $permission) {
+                    if (\stripos($permission, $item) !== false
+                        && \str_starts_with('read', $permission)) {
+                        return true;
+                    }
+                }
+                return false;
             }, false);
             $this->assertTrue($hasPermissions);
         }
diff --git a/tests/e2e/Services/Databases/DatabasesPermissionsTeamTest.php b/tests/e2e/Services/Databases/DatabasesPermissionsTeamTest.php
index b67ccfa46..cf391042c 100644
--- a/tests/e2e/Services/Databases/DatabasesPermissionsTeamTest.php
+++ b/tests/e2e/Services/Databases/DatabasesPermissionsTeamTest.php
@@ -44,9 +44,10 @@ class DatabasesPermissionsTeamTest extends Scope
         $collection1 = $this->client->call(Client::METHOD_POST, '/databases/' . $this->databaseId . '/collections', $this->getServerHeader(), [
             'collectionId' => 'collection1',
             'name' => 'Collection 1',
-            'read' => ['team:' . $teams['team1']['$id']],
-            'write' => ['team:' . $teams['team1']['$id'] . '/admin'],
-            'permission' => 'collection',
+            'permissions' => [
+                'read(team: ' . $teams['team1']['$id'] . ')',
+                'write(team: ' . $teams['team1']['$id'] . '/admin)',
+            ],
         ]);
 
         $this->collections['collection1'] = $collection1['body']['$id'];
@@ -60,9 +61,10 @@ class DatabasesPermissionsTeamTest extends Scope
         $collection2 = $this->client->call(Client::METHOD_POST, '/databases/' . $this->databaseId . '/collections', $this->getServerHeader(), [
             'collectionId' => 'collection2',
             'name' => 'Collection 2',
-            'read' => ['team:' . $teams['team2']['$id']],
-            'write' => ['team:' . $teams['team2']['$id'] . '/owner'],
-            'permission' => 'collection',
+            'permissions' => [
+                'read(team: ' . $teams['team2']['$id'] . ')',
+                'write(team: ' . $teams['team2']['$id'] . '/owner)',
+            ]
         ]);
 
         $this->collections['collection2'] = $collection2['body']['$id'];
diff --git a/tests/e2e/Services/Realtime/RealtimeConsoleClientTest.php b/tests/e2e/Services/Realtime/RealtimeConsoleClientTest.php
index 8217f4653..804674c0c 100644
--- a/tests/e2e/Services/Realtime/RealtimeConsoleClientTest.php
+++ b/tests/e2e/Services/Realtime/RealtimeConsoleClientTest.php
@@ -159,9 +159,10 @@ class RealtimeConsoleClientTest extends Scope
         ], $this->getHeaders()), [
             'collectionId' => 'unique()',
             'name' => 'Actors',
-            'read' => ['role:all'],
-            'write' => ['role:all'],
-            'permission' => 'collection'
+            'permissions' => [
+                'read(any)',
+                'write(any)',
+            ],
         ]);
 
         $actorsId = $actors['body']['$id'];
diff --git a/tests/e2e/Services/Realtime/RealtimeCustomClientTest.php b/tests/e2e/Services/Realtime/RealtimeCustomClientTest.php
index d1091e535..941357fa4 100644
--- a/tests/e2e/Services/Realtime/RealtimeCustomClientTest.php
+++ b/tests/e2e/Services/Realtime/RealtimeCustomClientTest.php
@@ -644,9 +644,8 @@ class RealtimeCustomClientTest extends Scope
         ]), [
             'collectionId' => 'unique()',
             'name' => 'Actors',
-            'read' => [],
-            'write' => [],
-            'permission' => 'document'
+            'permissions' => [],
+            'documentSecurity' => true,
         ]);
 
         $actorsId = $actors['body']['$id'];
@@ -680,8 +679,10 @@ class RealtimeCustomClientTest extends Scope
             'data' => [
                 'name' => 'Chris Evans'
             ],
-            'read' => ['role:all'],
-            'write' => ['role:all'],
+            'permissions' => [
+                'read(any)',
+                'write(any)',
+            ],
         ]);
 
         $response = json_decode($client->receive(), true);
@@ -723,8 +724,10 @@ class RealtimeCustomClientTest extends Scope
             'data' => [
                 'name' => 'Chris Evans 2'
             ],
-            'read' => ['role:all'],
-            'write' => ['role:all'],
+            'permissions' => [
+                'read(any)',
+                'write(any)',
+            ],
         ]);
 
         $response = json_decode($client->receive(), true);
@@ -765,8 +768,10 @@ class RealtimeCustomClientTest extends Scope
             'data' => [
                 'name' => 'Bradley Cooper'
             ],
-            'read' => ['role:all'],
-            'write' => ['role:all'],
+            'permissions' => [
+                'read(any)',
+                'write(any)',
+            ],
         ]);
 
         $client->receive();
@@ -854,9 +859,10 @@ class RealtimeCustomClientTest extends Scope
         ]), [
             'collectionId' => 'unique()',
             'name' => 'Actors',
-            'read' => ['role:all'],
-            'write' => ['role:all'],
-            'permission' => 'collection'
+            'permissions' => [
+                'read(any)',
+                'write(any)',
+            ]
         ]);
 
         $actorsId = $actors['body']['$id'];
@@ -890,8 +896,7 @@ class RealtimeCustomClientTest extends Scope
             'data' => [
                 'name' => 'Chris Evans'
             ],
-            'read' => [],
-            'write' => [],
+            'permissions' => [],
         ]);
 
         $documentId = $document['body']['$id'];
@@ -932,8 +937,7 @@ class RealtimeCustomClientTest extends Scope
             'data' => [
                 'name' => 'Chris Evans 2'
             ],
-            'read' => [],
-            'write' => [],
+            'permissions' => [],
         ]);
 
         $response = json_decode($client->receive(), true);
@@ -974,8 +978,7 @@ class RealtimeCustomClientTest extends Scope
             'data' => [
                 'name' => 'Bradley Cooper'
             ],
-            'read' => [],
-            'write' => [],
+            'permissions' => [],
         ]);
 
         $documentId = $document['body']['$id'];
@@ -1047,9 +1050,10 @@ class RealtimeCustomClientTest extends Scope
         ]), [
             'bucketId' => 'unique()',
             'name' => 'Bucket 1',
-            'read' => ['role:all'],
-            'write' => ['role:all'],
-            'permission' => 'bucket'
+            'permissions' => [
+                'read(any)',
+                'write(any)'
+            ]
         ]);
 
         $bucketId = $bucket1['body']['$id'];
@@ -1063,8 +1067,10 @@ class RealtimeCustomClientTest extends Scope
         ], $this->getHeaders()), [
             'fileId' => 'unique()',
             'file' => new CURLFile(realpath(__DIR__ . '/../../../resources/logo.png'), 'image/png', 'logo.png'),
-            'read' => ['role:all'],
-            'write' => ['role:all'],
+            'permissions' => [
+                'read(any)',
+                'write(any)',
+            ],
         ]);
 
         $fileId = $file['body']['$id'];
@@ -1101,8 +1107,10 @@ class RealtimeCustomClientTest extends Scope
             'content-type' => 'application/json',
             'x-appwrite-project' => $this->getProject()['$id'],
         ], $this->getHeaders()), [
-            'read' => ['role:all'],
-            'write' => ['role:all'],
+            'permissions' => [
+                'read(any)',
+                'write(any)',
+            ],
         ]);
 
         $response = json_decode($client->receive(), true);
@@ -1194,7 +1202,7 @@ class RealtimeCustomClientTest extends Scope
         ], [
             'functionId' => 'unique()',
             'name' => 'Test',
-            'execute' => ['role:member'],
+            'execute' => ['users'],
             'runtime' => 'php-8.0',
             'timeout' => 10,
         ]);
diff --git a/tests/e2e/Services/Storage/StorageBase.php b/tests/e2e/Services/Storage/StorageBase.php
index 8ade45175..165036921 100644
--- a/tests/e2e/Services/Storage/StorageBase.php
+++ b/tests/e2e/Services/Storage/StorageBase.php
@@ -19,11 +19,13 @@ trait StorageBase
         ], [
             'bucketId' => 'unique()',
             'name' => 'Test Bucket',
-            'permission' => 'file',
+            'fileSecurity' => true,
             'maximumFileSize' => 2000000, //2MB
             'allowedFileExtensions' => ["jpg", "png"],
-            'read' => ['role:all'],
-            'write' => ['role:all'],
+            'permissions' => [
+                'read(any)',
+                'write(any)',
+            ],
         ]);
         $this->assertEquals(201, $bucket['headers']['status-code']);
         $this->assertNotEmpty($bucket['body']['$id']);
@@ -36,8 +38,10 @@ trait StorageBase
         ], $this->getHeaders()), [
             'fileId' => 'unique()',
             'file' => new CURLFile(realpath(__DIR__ . '/../../../resources/logo.png'), 'image/png', 'logo.png'),
-            'read' => ['role:all'],
-            'write' => ['role:all'],
+            'permissions' => [
+                'read(any)',
+                'write(any)',
+            ],
         ]);
         $this->assertEquals(201, $file['headers']['status-code']);
         $this->assertNotEmpty($file['body']['$id']);
@@ -59,9 +63,11 @@ trait StorageBase
         ], [
             'bucketId' => 'unique()',
             'name' => 'Test Bucket 2',
-            'permission' => 'file',
-            'read' => ['role:all'],
-            'write' => ['role:all'],
+            'fileSecurity' => true,
+            'permissions' => [
+                'read(any)',
+                'write(any)',
+            ],
         ]);
         $this->assertEquals(201, $bucket2['headers']['status-code']);
         $this->assertNotEmpty($bucket2['body']['$id']);
@@ -92,8 +98,10 @@ trait StorageBase
             $largeFile = $this->client->call(Client::METHOD_POST, '/storage/buckets/' . $bucket2['body']['$id'] . '/files', array_merge($headers, $this->getHeaders()), [
                 'fileId' => $fileId,
                 'file' => $curlFile,
-                'read' => ['role:all'],
-                'write' => ['role:all'],
+                'permissions' => [
+                    'read(any)',
+                    'write(any)',
+                ],
             ]);
             $counter++;
             $id = $largeFile['body']['$id'];
@@ -130,8 +138,10 @@ trait StorageBase
         $res = $this->client->call(Client::METHOD_POST, '/storage/buckets/' . $bucket2['body']['$id'] . '/files', $this->getHeaders(), [
             'fileId' => $fileId,
             'file' => $curlFile,
-            'read' => ['role:all'],
-            'write' => ['role:all'],
+            'permissions' => [
+                'read(any)',
+                'write(any)',
+            ],
         ]);
         @fclose($handle);
 
@@ -148,8 +158,10 @@ trait StorageBase
         ], $this->getHeaders()), [
             'fileId' => 'unique()',
             'file' => new CURLFile(realpath(__DIR__ . '/../../../resources/logo.png'), 'image/png', 'logo.png'),
-            'read' => ['role:all'],
-            'write' => ['role:all'],
+            'permissions' => [
+                'read(any)',
+                'write(any)',
+            ],
         ]);
         $this->assertEquals(404, $res['headers']['status-code']);
 
@@ -163,8 +175,10 @@ trait StorageBase
         ], $this->getHeaders()), [
             'fileId' => 'unique()',
             'file' => new CURLFile(realpath(__DIR__ . '/../../../resources/disk-b/kitten-1.png'), 'image/png', 'kitten-1.png'),
-            'read' => ['role:all'],
-            'write' => ['role:all'],
+            'permissions' => [
+                'read(any)',
+                'write(any)',
+            ],
         ]);
 
         $this->assertEquals(400, $res['headers']['status-code']);
@@ -180,8 +194,10 @@ trait StorageBase
         ], $this->getHeaders()), [
             'fileId' => 'unique()',
             'file' => new CURLFile(realpath(__DIR__ . '/../../../resources/disk-a/kitten-3.gif'), 'image/gif', 'kitten-3.gif'),
-            'read' => ['role:all'],
-            'write' => ['role:all'],
+            'permissions' => [
+                'read(any)',
+                'write(any)',
+            ],
         ]);
 
         $this->assertEquals(400, $res['headers']['status-code']);
@@ -199,11 +215,13 @@ trait StorageBase
         ], [
             'bucketId' => 'unique()',
             'name' => 'Test Bucket 2',
-            'permission' => 'file',
+            'fileSecurity' => true,
             'maximumFileSize' => 200000000, //200MB
             'allowedFileExtensions' => ["jpg", "png"],
-            'read' => ['role:all'],
-            'write' => ['role:all'],
+            'permissions' => [
+                'read(any)',
+                'write(any)',
+            ],
         ]);
         $this->assertEquals(400, $failedBucket['headers']['status-code']);
     }
@@ -453,8 +471,10 @@ trait StorageBase
         ], $this->getHeaders()), [
             'fileId' => 'testcache',
             'file' => new CURLFile(realpath(__DIR__ . '/../../../resources/logo.png'), 'image/png', 'logo.png'),
-            'read' => ['role:all'],
-            'write' => ['role:all'],
+            'permissions' => [
+                'read(any)',
+                'write(any)',
+            ],
         ]);
         $this->assertEquals(201, $file['headers']['status-code']);
         $this->assertNotEmpty($file['body']['$id']);
@@ -496,8 +516,10 @@ trait StorageBase
         ], $this->getHeaders()), [
             'fileId' => 'testcache',
             'file' => new CURLFile(realpath(__DIR__ . '/../../../resources/disk-b/kitten-2.png'), 'image/png', 'logo.png'),
-            'read' => ['role:all'],
-            'write' => ['role:all'],
+            'permissions' => [
+                'read(any)',
+                'write(any)',
+            ],
         ]);
         $this->assertEquals(201, $file['headers']['status-code']);
         $this->assertNotEmpty($file['body']['$id']);
@@ -539,8 +561,10 @@ trait StorageBase
             'content-type' => 'application/json',
             'x-appwrite-project' => $this->getProject()['$id'],
         ], $this->getHeaders()), [
-            'read' => ['user:' . $this->getUser()['$id']],
-            'write' => ['user:' . $this->getUser()['$id']],
+            'permissions' => [
+                'read(user: ' . $this->getUser()['$id'] . ')',
+                'write(user: ' . $this->getUser()['$id'] . ')',
+            ]
         ]);
 
         $this->assertEquals(200, $file['headers']['status-code']);
@@ -566,8 +590,10 @@ trait StorageBase
             'content-type' => 'application/json',
             'x-appwrite-project' => $this->getProject()['$id'],
         ], $this->getHeaders()), [
-            'read' => ['user:' . $this->getUser()['$id']],
-            'write' => ['user:' . $this->getUser()['$id']],
+            'permissions' => [
+                'read(user: ' . $this->getUser()['$id'] . ')',
+                'write(user: ' . $this->getUser()['$id'] . ')',
+            ]
         ]);
 
         $this->assertEquals(404, $file['headers']['status-code']);
diff --git a/tests/e2e/Services/Storage/StorageCustomClientTest.php b/tests/e2e/Services/Storage/StorageCustomClientTest.php
index 6859436b7..726b0842e 100644
--- a/tests/e2e/Services/Storage/StorageCustomClientTest.php
+++ b/tests/e2e/Services/Storage/StorageCustomClientTest.php
@@ -29,9 +29,10 @@ class StorageCustomClientTest extends Scope
         ], [
             'bucketId' => 'unique()',
             'name' => 'Test Bucket',
-            'permission' => 'bucket',
-            'read' => ['role:all'],
-            'write' => ['role:member'],
+            'permissions' => [
+                'read(any)',
+                'write(users)',
+            ],
         ]);
 
         $bucketId = $bucket['body']['$id'];
@@ -162,13 +163,15 @@ class StorageCustomClientTest extends Scope
             'fileId' => 'unique()',
             'file' => new CURLFile(realpath(__DIR__ . '/../../../resources/logo.png'), 'image/png', 'permissions.png'),
             'folderId' => 'xyz',
-            'read' => ['user:notme']
+            'permissions' => [
+                'read(user:notme)',
+            ],
         ]);
 
         $this->assertEquals(400, $file['headers']['status-code']);
         $this->assertStringStartsWith('Read permissions must be one of:', $file['body']['message']);
-        $this->assertStringContainsString('role:all', $file['body']['message']);
-        $this->assertStringContainsString('role:member', $file['body']['message']);
+        $this->assertStringContainsString('any', $file['body']['message']);
+        $this->assertStringContainsString('users', $file['body']['message']);
         $this->assertStringContainsString('user:' . $this->getUser()['$id'], $file['body']['message']);
 
         $file = $this->client->call(Client::METHOD_POST, '/storage/buckets/' . $data['bucketId'] . '/files', array_merge([
@@ -183,8 +186,8 @@ class StorageCustomClientTest extends Scope
 
         $this->assertEquals($file['headers']['status-code'], 400);
         $this->assertStringStartsWith('Write permissions must be one of:', $file['body']['message']);
-        $this->assertStringContainsString('role:all', $file['body']['message']);
-        $this->assertStringContainsString('role:member', $file['body']['message']);
+        $this->assertStringContainsString('any', $file['body']['message']);
+        $this->assertStringContainsString('users', $file['body']['message']);
         $this->assertStringContainsString('user:' . $this->getUser()['$id'], $file['body']['message']);
 
         $file = $this->client->call(Client::METHOD_POST, '/storage/buckets/' . $data['bucketId'] . '/files', array_merge([
@@ -194,14 +197,16 @@ class StorageCustomClientTest extends Scope
             'fileId' => 'unique()',
             'file' => new CURLFile(realpath(__DIR__ . '/../../../resources/logo.png'), 'image/png', 'permissions.png'),
             'folderId' => 'xyz',
-            'read' => ['user:notme'],
-            'write' => ['user:notme']
+            'permissions' => [
+                'read(user:notme)',
+                'write(user:notme)',
+            ],
         ]);
 
         $this->assertEquals($file['headers']['status-code'], 400);
         $this->assertStringStartsWith('Read permissions must be one of:', $file['body']['message']);
-        $this->assertStringContainsString('role:all', $file['body']['message']);
-        $this->assertStringContainsString('role:member', $file['body']['message']);
+        $this->assertStringContainsString('any', $file['body']['message']);
+        $this->assertStringContainsString('users', $file['body']['message']);
         $this->assertStringContainsString('user:' . $this->getUser()['$id'], $file['body']['message']);
     }
 
@@ -217,13 +222,15 @@ class StorageCustomClientTest extends Scope
             'content-type' => 'application/json',
             'x-appwrite-project' => $this->getProject()['$id'],
         ], $this->getHeaders()), [
-            'read' => ['user:notme']
+                        'permissions' => [
+        'read(user:notme)',
+                        ],
         ]);
 
         $this->assertEquals($file['headers']['status-code'], 400);
         $this->assertStringStartsWith('Read permissions must be one of:', $file['body']['message']);
-        $this->assertStringContainsString('role:all', $file['body']['message']);
-        $this->assertStringContainsString('role:member', $file['body']['message']);
+        $this->assertStringContainsString('any', $file['body']['message']);
+        $this->assertStringContainsString('users', $file['body']['message']);
         $this->assertStringContainsString('user:' . $this->getUser()['$id'], $file['body']['message']);
 
         $file = $this->client->call(Client::METHOD_PUT, '/storage/buckets/' . $data['bucketId'] . '/files/' . $data['fileId'], array_merge([
@@ -235,22 +242,24 @@ class StorageCustomClientTest extends Scope
 
         $this->assertEquals($file['headers']['status-code'], 400);
         $this->assertStringStartsWith('Write permissions must be one of:', $file['body']['message']);
-        $this->assertStringContainsString('role:all', $file['body']['message']);
-        $this->assertStringContainsString('role:member', $file['body']['message']);
+        $this->assertStringContainsString('any', $file['body']['message']);
+        $this->assertStringContainsString('users', $file['body']['message']);
         $this->assertStringContainsString('user:' . $this->getUser()['$id'], $file['body']['message']);
 
         $file = $this->client->call(Client::METHOD_PUT, '/storage/buckets/' . $data['bucketId'] . '/files/' . $data['fileId'], array_merge([
             'content-type' => 'application/json',
             'x-appwrite-project' => $this->getProject()['$id'],
         ], $this->getHeaders()), [
-            'read' => ['user:notme'],
-            'write' => ['user:notme']
+            'permissions' => [
+                'read(user:notme)',
+                'write(user:notme)',
+            ],
         ]);
 
         $this->assertEquals($file['headers']['status-code'], 400);
         $this->assertStringStartsWith('Read permissions must be one of:', $file['body']['message']);
-        $this->assertStringContainsString('role:all', $file['body']['message']);
-        $this->assertStringContainsString('role:member', $file['body']['message']);
+        $this->assertStringContainsString('any', $file['body']['message']);
+        $this->assertStringContainsString('users', $file['body']['message']);
         $this->assertStringContainsString('user:' . $this->getUser()['$id'], $file['body']['message']);
     }
 }
diff --git a/tests/e2e/Services/Storage/StorageCustomServerTest.php b/tests/e2e/Services/Storage/StorageCustomServerTest.php
index e53d456db..09bb5caed 100644
--- a/tests/e2e/Services/Storage/StorageCustomServerTest.php
+++ b/tests/e2e/Services/Storage/StorageCustomServerTest.php
@@ -24,7 +24,7 @@ class StorageCustomServerTest extends Scope
         ], $this->getHeaders()), [
             'bucketId' => 'unique()',
             'name' => 'Test Bucket',
-            'permission' => 'file',
+            'fileSecurity' => true,
         ]);
         $this->assertEquals(201, $bucket['headers']['status-code']);
         $this->assertNotEmpty($bucket['body']['$id']);
@@ -46,7 +46,7 @@ class StorageCustomServerTest extends Scope
         ], $this->getHeaders()), [
             'bucketId' => 'bucket1',
             'name' => 'Test Bucket',
-            'permission' => 'file',
+            'fileSecurity' => true,
         ]);
         $this->assertEquals(201, $bucket['headers']['status-code']);
         $this->assertEquals('bucket1', $bucket['body']['$id']);
@@ -60,7 +60,7 @@ class StorageCustomServerTest extends Scope
         ], $this->getHeaders()), [
             'bucketId' => 'unique()',
             'name' => '',
-            'permission' => 'file',
+            'fileSecurity' => true,
         ]);
         $this->assertEquals(400, $bucket['headers']['status-code']);
 
@@ -182,13 +182,13 @@ class StorageCustomServerTest extends Scope
             'bucketId' => 'unique()',
             'name' => 'Test Bucket Updated',
             'enabled' => false,
-            'permission' => 'file',
+            'fileSecurity' => true,
         ]);
         $this->assertEquals(200, $bucket['headers']['status-code']);
         $this->assertNotEmpty($bucket['body']['$id']);
         $this->assertIsInt($bucket['body']['$createdAt']);
         $this->assertIsArray($bucket['body']['$permissions']);
-        
+
         $this->assertIsArray($bucket['body']['allowedFileExtensions']);
         $this->assertEquals('Test Bucket Updated', $bucket['body']['name']);
         $this->assertEquals(false, $bucket['body']['enabled']);
diff --git a/tests/e2e/Services/Webhooks/WebhooksBase.php b/tests/e2e/Services/Webhooks/WebhooksBase.php
index bb958791c..9a9e67b87 100644
--- a/tests/e2e/Services/Webhooks/WebhooksBase.php
+++ b/tests/e2e/Services/Webhooks/WebhooksBase.php
@@ -41,9 +41,11 @@ trait WebhooksBase
         ]), [
             'collectionId' => 'unique()',
             'name' => 'Actors',
-            'read' => ['role:all'],
-            'write' => ['role:all'],
-            'permission' => 'document',
+            'permissions' => [
+                'read(any)',
+                'write(any)',
+            ],
+            'documentSecurity' => true,
         ]);
 
         $actorsId = $actors['body']['$id'];
@@ -190,8 +192,10 @@ trait WebhooksBase
                 'firstName' => 'Chris',
                 'lastName' => 'Evans',
             ],
-            'read' => ['role:all'],
-            'write' => ['role:all'],
+            'permissions' => [
+                'read(any)',
+                'write(any)',
+            ],
         ]);
 
         $documentId = $document['body']['$id'];
@@ -249,8 +253,10 @@ trait WebhooksBase
                 'firstName' => 'Chris1',
                 'lastName' => 'Evans2',
             ],
-            'read' => ['role:all'],
-            'write' => ['role:all'],
+            'permissions' => [
+                'read(any)',
+                'write(any)',
+            ],
         ]);
 
         $documentId = $document['body']['$id'];
@@ -308,8 +314,10 @@ trait WebhooksBase
                 'lastName' => 'Cooper',
 
             ],
-            'read' => ['role:all'],
-            'write' => ['role:all'],
+            'permissions' => [
+                'read(any)',
+                'write(any)',
+            ],
         ]);
 
         $documentId = $document['body']['$id'];
@@ -366,9 +374,10 @@ trait WebhooksBase
         ]), [
             'bucketId' => 'unique()',
             'name' => 'Test Bucket',
-            'permission' => 'bucket',
-            'read' => ['role:all'],
-            'write' => ['role:all']
+            'permissions' => [
+                'read(any)',
+                'write(any)',
+            ],
         ]);
 
         $bucketId = $bucket['body']['$id'];
@@ -414,7 +423,7 @@ trait WebhooksBase
             'x-appwrite-key' => $this->getProject()['apiKey']
         ]), [
             'name' => 'Test Bucket Updated',
-            'permission' => 'file',
+            'fileSecurity' => true,
             'enabled' => false,
         ]);
 
@@ -457,7 +466,7 @@ trait WebhooksBase
             'x-appwrite-key' => $this->getProject()['apiKey']
         ]), [
             'name' => 'Test Bucket Updated',
-            'permission' => 'file',
+            'fileSecurity' => true,
             'enabled' => true,
         ]);
 
@@ -471,8 +480,10 @@ trait WebhooksBase
         ], $this->getHeaders()), [
             'fileId' => 'unique()',
             'file' => new CURLFile(realpath(__DIR__ . '/../../../resources/logo.png'), 'image/png', 'logo.png'),
-            'read' => ['role:all'],
-            'write' => ['role:all'],
+            'permissions' => [
+                'read(any)',
+                'write(any)',
+            ],
             'folderId' => 'xyz',
         ]);
 
@@ -529,8 +540,10 @@ trait WebhooksBase
             'content-type' => 'application/json',
             'x-appwrite-project' => $this->getProject()['$id'],
         ], $this->getHeaders()), [
-            'read' => ['role:all'],
-            'write' => ['role:all'],
+            'permissions' => [
+                'read(any)',
+                'write(any)',
+            ],
         ]);
 
         $this->assertEquals($file['headers']['status-code'], 200);
diff --git a/tests/e2e/Services/Webhooks/WebhooksCustomServerTest.php b/tests/e2e/Services/Webhooks/WebhooksCustomServerTest.php
index 503e216f8..ffa995f15 100644
--- a/tests/e2e/Services/Webhooks/WebhooksCustomServerTest.php
+++ b/tests/e2e/Services/Webhooks/WebhooksCustomServerTest.php
@@ -32,7 +32,7 @@ class WebhooksCustomServerTest extends Scope
             'x-appwrite-key' => $this->getProject()['apiKey']
         ]), [
             'name' => 'Actors1',
-            'permission' => 'document',
+            'documentSecurity' => true,
         ]);
 
         $this->assertEquals($actors['headers']['status-code'], 200);
@@ -157,9 +157,11 @@ class WebhooksCustomServerTest extends Scope
         ]), [
             'collectionId' => 'unique()',
             'name' => 'Demo',
-            'read' => ['role:all'],
-            'write' => ['role:all'],
-            'permission' => 'document'
+            'permissions' => [
+                'read(any)',
+                'write(any)',
+            ],
+            'documentSecurity' => true,
         ]);
 
         $id = $actors['body']['$id'];
diff --git a/tests/extensions/TestHook.php b/tests/extensions/TestHook.php
index 81cde164a..c23f258a0 100644
--- a/tests/extensions/TestHook.php
+++ b/tests/extensions/TestHook.php
@@ -9,9 +9,9 @@ class TestHook implements AfterTestHook
     public function executeAfterTest(string $test, float $time): void
     {
         printf(
-            "%s ended in %s seconds\n",
+            "%s ended in %s milliseconds\n",
             $test,
-            $time
+            $time * 1000
         );
     }
 }
diff --git a/tests/unit/Auth/AuthTest.php b/tests/unit/Auth/AuthTest.php
index fd917d613..a344947e6 100644
--- a/tests/unit/Auth/AuthTest.php
+++ b/tests/unit/Auth/AuthTest.php
@@ -211,7 +211,7 @@ class AuthTest extends TestCase
 
         $roles = Auth::getRoles($user);
         $this->assertCount(1, $roles);
-        $this->assertContains('role:guest', $roles);
+        $this->assertContains('guests', $roles);
     }
 
     public function testUserRoles()
@@ -238,7 +238,7 @@ class AuthTest extends TestCase
         $roles = Auth::getRoles($user);
 
         $this->assertCount(7, $roles);
-        $this->assertContains('role:member', $roles);
+        $this->assertContains('users', $roles);
         $this->assertContains('user:123', $roles);
         $this->assertContains('team:abc', $roles);
         $this->assertContains('team:abc/administrator', $roles);
@@ -272,7 +272,7 @@ class AuthTest extends TestCase
         $roles = Auth::getRoles($user);
 
         $this->assertCount(5, $roles);
-        $this->assertNotContains('role:member', $roles);
+        $this->assertNotContains('users', $roles);
         $this->assertNotContains('user:123', $roles);
         $this->assertContains('team:abc', $roles);
         $this->assertContains('team:abc/administrator', $roles);
@@ -306,7 +306,7 @@ class AuthTest extends TestCase
         $roles = Auth::getRoles($user);
 
         $this->assertCount(5, $roles);
-        $this->assertNotContains('role:member', $roles);
+        $this->assertNotContains('users', $roles);
         $this->assertNotContains('user:123', $roles);
         $this->assertContains('team:abc', $roles);
         $this->assertContains('team:abc/administrator', $roles);
diff --git a/tests/unit/Messaging/MessagingChannelsTest.php b/tests/unit/Messaging/MessagingChannelsTest.php
index e62c273cc..cb8be7e17 100644
--- a/tests/unit/Messaging/MessagingChannelsTest.php
+++ b/tests/unit/Messaging/MessagingChannelsTest.php
@@ -118,8 +118,8 @@ class MessagingChannelsTest extends TestCase
          *  - XXX users
          *  - XXX teams
          *  - XXX team roles (2 roles per team)
-         *  - 1 role:guest
-         *  - 1 role:member
+         *  - 1 guests
+         *  - 1 users
          */
         $this->assertCount(($this->connectionsAuthenticated + (3 * $this->connectionsPerChannel) + 2), $this->realtime->subscriptions['1']);
 
@@ -179,7 +179,7 @@ class MessagingChannelsTest extends TestCase
 
     public function testRolePermissions()
     {
-        $roles = ['role:guest', 'role:member'];
+        $roles = ['guests', 'users'];
         foreach ($this->allChannels as $index => $channel) {
             foreach ($roles as $role) {
                 $permissions = [$role];
diff --git a/tests/unit/Messaging/MessagingGuestTest.php b/tests/unit/Messaging/MessagingGuestTest.php
index f6b5e22cd..cff6ad071 100644
--- a/tests/unit/Messaging/MessagingGuestTest.php
+++ b/tests/unit/Messaging/MessagingGuestTest.php
@@ -14,7 +14,7 @@ class MessagingGuestTest extends TestCase
         $realtime->subscribe(
             '1',
             1,
-            ['role:guest'],
+            ['guests'],
             ['files' => 0, 'documents' => 0, 'documents.789' => 0, 'account.123' => 0]
         );
 
@@ -34,14 +34,14 @@ class MessagingGuestTest extends TestCase
         $this->assertCount(1, $receivers);
         $this->assertEquals(1, $receivers[0]);
 
-        $event['roles'] = ['role:guest'];
+        $event['roles'] = ['guests'];
 
         $receivers = $realtime->getSubscribers($event);
 
         $this->assertCount(1, $receivers);
         $this->assertEquals(1, $receivers[0]);
 
-        $event['roles'] = ['role:member'];
+        $event['roles'] = ['users'];
 
         $receivers = $realtime->getSubscribers($event);
 
diff --git a/tests/unit/Messaging/MessagingTest.php b/tests/unit/Messaging/MessagingTest.php
index 18be4bb1f..b4a7f102b 100644
--- a/tests/unit/Messaging/MessagingTest.php
+++ b/tests/unit/Messaging/MessagingTest.php
@@ -23,13 +23,13 @@ class MessagingTest extends TestCase
         $realtime->subscribe(
             '1',
             1,
-            ['user:123', 'role:member', 'team:abc', 'team:abc/administrator', 'team:abc/moderator', 'team:def', 'team:def/guest'],
+            ['user:123', 'users', 'team:abc', 'team:abc/administrator', 'team:abc/moderator', 'team:def', 'team:def/guest'],
             ['files' => 0, 'documents' => 0, 'documents.789' => 0, 'account.123' => 0]
         );
 
         $event = [
             'project' => '1',
-            'roles' => ['role:all'],
+            'roles' => ['any'],
             'data' => [
                 'channels' => [
                     0 => 'account.123',
@@ -42,7 +42,7 @@ class MessagingTest extends TestCase
         $this->assertCount(1, $receivers);
         $this->assertEquals(1, $receivers[0]);
 
-        $event['roles'] = ['role:member'];
+        $event['roles'] = ['users'];
 
         $receivers = $realtime->getSubscribers($event);
 
@@ -103,7 +103,7 @@ class MessagingTest extends TestCase
 
         $this->assertEmpty($receivers);
 
-        $event['roles'] = ['role:all'];
+        $event['roles'] = ['any'];
         $event['data']['channels'] = ['documents.123'];
 
         $receivers = $realtime->getSubscribers($event);
@@ -223,7 +223,9 @@ class MessagingTest extends TestCase
             ])
         );
 
-        $this->assertContains('role:all', $result['roles']);
+        \var_dump($result);
+
+        $this->assertContains('any', $result['roles']);
         $this->assertNotContains('role:admin', $result['roles']);
 
         /**
@@ -252,7 +254,7 @@ class MessagingTest extends TestCase
             ])
         );
 
-        $this->assertContains('role:all', $result['roles']);
+        $this->assertContains('any', $result['roles']);
         $this->assertNotContains('role:admin', $result['roles']);
     }
 
@@ -280,7 +282,7 @@ class MessagingTest extends TestCase
             ])
         );
 
-        $this->assertContains('role:all', $result['roles']);
+        $this->assertContains('any', $result['roles']);
         $this->assertNotContains('role:admin', $result['roles']);
 
         /**
@@ -302,11 +304,11 @@ class MessagingTest extends TestCase
                     'read(admin)',
                     'write(admin)',
                 ],
-                'documentSecurity' => 'true'
+                'documentSecurity' => true
             ])
         );
 
-        $this->assertContains('role:all', $result['roles']);
+        $this->assertContains('any', $result['roles']);
         $this->assertNotContains('role:admin', $result['roles']);
     }
 }