CodeMirror/appwrite
1
0
Fork 0
mirror of synced 2024-10-03 19:53:33 +13:00
Code Issues Projects Releases Wiki Activity

refactors checkPermission to throw exception when a change is found in updateDocument

Browse source
This commit is contained in:
prateek banga 2023-07-31 14:03:11 +05:30
parent f7e96282db
commit 409376ef16
1 changed files with 4 additions and 16 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

20
app/controllers/api/databases.php
View file

@ -3289,12 +3289,12 @@ App::patch('/v1/databases/:databaseId/collections/:collectionId/documents/:docum
$data['$permissions'] = $permissions;
$newDocument = new Document($data);
$checkPermissions = (function (Document $collection, Document $document, Document $old, string $permission) use (&$checkPermissions, $dbForProject, $database) {
$checkPermissions = (function (Document $collection, Document $document, Document $old, string $permission, bool $shouldUpdate = false) use (&$checkPermissions, $dbForProject, $database) {
$documentSecurity = $collection->getAttribute('documentSecurity', false);
$validator = new Authorization($permission);
$valid = $validator->isValid($collection->getPermissionsByType($permission));
if (!$documentSecurity && !$valid) {
if (!$documentSecurity && !$valid && $shouldUpdate) {
throw new Exception(Exception::USER_UNAUTHORIZED);
}
@ -3375,13 +3375,7 @@ App::patch('/v1/databases/:databaseId/collections/:collectionId/documents/:docum
}
}
}
if ($shouldUpdate) {
$checkPermissions($relatedCollection, $relation, $relatedDocumentOldVersion, $type);
} else {
Authorization::skip(
fn() => $checkPermissions($relatedCollection, $relation, $relatedDocumentOldVersion, $type)
);
}
$checkPermissions($relatedCollection, $relation, $relatedDocumentOldVersion, $type, $shouldUpdate);
}
}
@ -3408,13 +3402,7 @@ App::patch('/v1/databases/:databaseId/collections/:collectionId/documents/:docum
}
}
if ($shouldUpdate) {
$checkPermissions($collection, $newDocument, $document, Database::PERMISSION_UPDATE);
} else {
Authorization::skip(
fn() => $checkPermissions($collection, $newDocument, $document, Database::PERMISSION_UPDATE)
);
}
$checkPermissions($collection, $newDocument, $document, Database::PERMISSION_UPDATE, $shouldUpdate);
try {
$document = $dbForProject->withRequestTimestamp(