CodeMirror/appwrite
1
0
Fork 0
mirror of synced 2024-06-29 11:40:45 +12:00
Code Issues Projects Releases Wiki Activity

Lock createdAt

Browse source
This commit is contained in:
Matej Bačo 2022-06-23 08:17:02 +00:00
parent a16aaa8a48
commit 3f8ab486c2
2 changed files with 3 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
app/controllers/api/databases.php
View file

@ -2221,6 +2221,7 @@ App::patch('/v1/databases/:databaseId/collections/:collectionId/documents/:docum
$data = \array_merge($document->getArrayCopy(), $data);
$data['$collection'] = $collection->getId(); // Make sure user don't switch collectionID
$data['$createdAt'] = $collection->getCreatedAt(); // Make sure user don't switch createdAt
$data['$id'] = $document->getId(); // Make sure user don't switch document unique ID
$data['$read'] = (is_null($read)) ? ($document->getRead() ?? []) : $read; // By default inherit read permissions
$data['$write'] = (is_null($write)) ? ($document->getWrite() ?? []) : $write; // By default inherit write permissions

2
tests/e2e/Services/Databases/DatabasesBase.php
View file

@ -1320,6 +1320,7 @@ trait DatabasesBase
'title' => 'Thor: Ragnaroc',
'releaseYear' => 2017,
'actors' => [],
'$createdAt' => 5 // Should be ignored
],
'read' => ['user:' . $this->getUser()['$id']],
'write' => ['user:' . $this->getUser()['$id']],
@ -1330,6 +1331,7 @@ trait DatabasesBase
$this->assertEquals($document['headers']['status-code'], 201);
$this->assertEquals($document['body']['title'], 'Thor: Ragnaroc');
$this->assertEquals($document['body']['releaseYear'], 2017);
$this->assertNotEquals($document['body']['$createdAt'], 5);
$this->assertEquals('user:' . $this->getUser()['$id'], $document['body']['$read'][0]);
$this->assertEquals('user:' . $this->getUser()['$id'], $document['body']['$write'][0]);