diff --git a/CHANGES.md b/CHANGES.md index 5ea9c2759..2ae482c9e 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -2,16 +2,25 @@ - Anonymous login +# Version 0.7.2 (Not Released Yet) + +## Features + +- When creating new resources from the client API, the current user gets both read & write permissions by default. (#1007) +- Added timestamp to errors logs on the HTTP API container (#1002) +- Added verbose tests output on the terminal and CI (#1006) + ## Upgrades - Upgraded ClamAV to version 1.3.0 - Upgraded utopia-php/abuse to version 0.4.0 -# Version 0.7.2 (Not Released Yet) - ## Bugs -- Fixed certificates worker error on successful operations +- Fixed certificates worker error on successful operations (#1010) +- Fixed head requests not responding (#998) +- Fixed bug when using auth credential for the Redis container (#993) +- Fixed server warning logs on 3** redirect endpoints (#1013) # Version 0.7.1 diff --git a/app/controllers/api/database.php b/app/controllers/api/database.php index c386749ca..2c32ae981 100644 --- a/app/controllers/api/database.php +++ b/app/controllers/api/database.php @@ -169,8 +169,8 @@ App::put('/v1/database/collections/:collectionId') ->label('sdk.response.model', Response::MODEL_COLLECTION) ->param('collectionId', '', new UID(), 'Collection unique ID.') ->param('name', null, new Text(128), 'Collection name. Max length: 128 chars.') - ->param('read', [], new ArrayList(new Text(64)), 'An array of strings with read permissions. By default no user is granted with any read permissions. [learn more about permissions(/docs/permissions) and get a full list of available permissions.') - ->param('write', [], new ArrayList(new Text(64)), 'An array of strings with write permissions. By default no user is granted with any write permissions. [learn more about permissions](/docs/permissions) and get a full list of available permissions.') + ->param('read', null, new ArrayList(new Text(64)), 'An array of strings with read permissions. By default inherits the existing read permissions. [learn more about permissions](/docs/permissions) and get a full list of available permissions.', true) + ->param('write', null, new ArrayList(new Text(64)), 'An array of strings with write permissions. By default inherits the existing write permissions. [learn more about permissions](/docs/permissions) and get a full list of available permissions.', true) ->param('rules', [], function ($projectDB) { return new ArrayList(new Collection($projectDB, [Database::SYSTEM_COLLECTION_RULES], ['$collection' => Database::SYSTEM_COLLECTION_RULES, '$permissions' => ['read' => [], 'write' => []]])); }, 'Array of [rule objects](/docs/rules). Each rule define a collection field name, data type and validation.', true, ['projectDB']) ->inject('response') ->inject('projectDB') @@ -187,6 +187,8 @@ App::put('/v1/database/collections/:collectionId') } $parsedRules = []; + $read = (is_null($read)) ? ($collection->getPermissions()['read'] ?? []) : $read; // By default inherit read permissions + $write = (is_null($write)) ? ($collection->getPermissions()['write'] ?? []) : $write; // By default inherit write permissions foreach ($rules as &$rule) { $parsedRules[] = \array_merge([ @@ -295,17 +297,19 @@ App::post('/v1/database/collections/:collectionId/documents') ->label('sdk.response.model', Response::MODEL_ANY) ->param('collectionId', null, new UID(), 'Collection unique ID. You can create a new collection with validation rules using the Database service [server integration](/docs/server/database#createCollection).') ->param('data', [], new JSON(), 'Document data as JSON object.') - ->param('read', [], new ArrayList(new Text(64)), 'An array of strings with read permissions. By default no user is granted with any read permissions. [learn more about permissions](/docs/permissions) and get a full list of available permissions.') - ->param('write', [], new ArrayList(new Text(64)), 'An array of strings with write permissions. By default no user is granted with any write permissions. [learn more about permissions](/docs/permissions) and get a full list of available permissions.') + ->param('read', null, new ArrayList(new Text(64)), 'An array of strings with read permissions. By default only the current user is granted with read permissions. [learn more about permissions](/docs/permissions) and get a full list of available permissions.', true) + ->param('write', null, new ArrayList(new Text(64)), 'An array of strings with write permissions. By default only the current user is granted with write permissions. [learn more about permissions](/docs/permissions) and get a full list of available permissions.', true) ->param('parentDocument', '', new UID(), 'Parent document unique ID. Use when you want your new document to be a child of a parent document.', true) ->param('parentProperty', '', new Key(), 'Parent document property name. Use when you want your new document to be a child of a parent document.', true) ->param('parentPropertyType', Document::SET_TYPE_ASSIGN, new WhiteList([Document::SET_TYPE_ASSIGN, Document::SET_TYPE_APPEND, Document::SET_TYPE_PREPEND], true), 'Parent document property connection type. You can set this value to **assign**, **append** or **prepend**, default value is assign. Use when you want your new document to be a child of a parent document.', true) ->inject('response') ->inject('projectDB') + ->inject('user') ->inject('audits') - ->action(function ($collectionId, $data, $read, $write, $parentDocument, $parentProperty, $parentPropertyType, $response, $projectDB, $audits) { + ->action(function ($collectionId, $data, $read, $write, $parentDocument, $parentProperty, $parentPropertyType, $response, $projectDB, $user, $audits) { /** @var Appwrite\Utopia\Response $response */ /** @var Appwrite\Database\Database $projectDB */ + /** @var Appwrite\Database\Document $user */ /** @var Appwrite\Event\Event $audits */ $data = (\is_string($data)) ? \json_decode($data, true) : $data; // Cast to JSON array @@ -326,8 +330,8 @@ App::post('/v1/database/collections/:collectionId/documents') $data['$collection'] = $collectionId; // Adding this param to make API easier for developers $data['$permissions'] = [ - 'read' => $read, - 'write' => $write, + 'read' => (is_null($read) && !$user->isEmpty()) ? ['user:'.$user->getId()] : $read ?? [], // By default set read permissions for user + 'write' => (is_null($write) && !$user->isEmpty()) ? ['user:'.$user->getId()] : $write ?? [], // By default set write permissions for user ]; // Read parent document + validate not 404 + validate read / write permission like patch method @@ -508,8 +512,8 @@ App::patch('/v1/database/collections/:collectionId/documents/:documentId') ->param('collectionId', null, new UID(), 'Collection unique ID. You can create a new collection with validation rules using the Database service [server integration](/docs/server/database#createCollection).') ->param('documentId', null, new UID(), 'Document unique ID.') ->param('data', [], new JSON(), 'Document data as JSON object.') - ->param('read', [], new ArrayList(new Text(64)), 'An array of strings with read permissions. By default no user is granted with any read permissions. [learn more about permissions](/docs/permissions) and get a full list of available permissions.') - ->param('write', [], new ArrayList(new Text(64)), 'An array of strings with write permissions. By default no user is granted with any write permissions. [learn more about permissions](/docs/permissions) and get a full list of available permissions.') + ->param('read', null, new ArrayList(new Text(64)), 'An array of strings with read permissions. By default inherits the existing read permissions. [learn more about permissions](/docs/permissions) and get a full list of available permissions.', true) + ->param('write', null, new ArrayList(new Text(64)), 'An array of strings with write permissions. By default inherits the existing write permissions. [learn more about permissions](/docs/permissions) and get a full list of available permissions.', true) ->inject('response') ->inject('projectDB') ->inject('audits') @@ -522,7 +526,7 @@ App::patch('/v1/database/collections/:collectionId/documents/:documentId') $document = $projectDB->getDocument($documentId, false); $data = (\is_string($data)) ? \json_decode($data, true) : $data; // Cast to JSON array - + if (!\is_array($data)) { throw new Exception('Data param should be a valid JSON object', 400); } @@ -539,8 +543,8 @@ App::patch('/v1/database/collections/:collectionId/documents/:documentId') $data['$collection'] = $collection->getId(); // Make sure user don't switch collectionID $data['$id'] = $document->getId(); // Make sure user don't switch document unique ID - $data['$permissions']['read'] = $read; - $data['$permissions']['write'] = $write; + $data['$permissions']['read'] = (is_null($read)) ? ($document->getPermissions()['read'] ?? []) : $read; // By default inherit read permissions + $data['$permissions']['write'] = (is_null($write)) ? ($document->getPermissions()['write'] ?? []) : $write; // By default inherit write permissions if (empty($data)) { throw new Exception('Missing payload', 400); diff --git a/app/controllers/api/storage.php b/app/controllers/api/storage.php index d4500e95a..f0ce2e405 100644 --- a/app/controllers/api/storage.php +++ b/app/controllers/api/storage.php @@ -38,17 +38,19 @@ App::post('/v1/storage/files') ->label('sdk.response.type', Response::CONTENT_TYPE_JSON) ->label('sdk.response.model', Response::MODEL_FILE) ->param('file', [], new File(), 'Binary file.', false) - ->param('read', [], new ArrayList(new Text(64)), 'An array of strings with read permissions. By default no user is granted with any read permissions. [learn more about permissions](/docs/permissions) and get a full list of available permissions.') - ->param('write', [], new ArrayList(new Text(64)), 'An array of strings with write permissions. By default no user is granted with any write permissions. [learn more about permissions](/docs/permissions) and get a full list of available permissions.') + ->param('read', null, new ArrayList(new Text(64)), 'An array of strings with read permissions. By default only the current user is granted with read permissions. [learn more about permissions](/docs/permissions) and get a full list of available permissions.', true) + ->param('write', null, new ArrayList(new Text(64)), 'An array of strings with write permissions. By default only the current user is granted with write permissions. [learn more about permissions](/docs/permissions) and get a full list of available permissions.', true) ->inject('request') ->inject('response') ->inject('projectDB') + ->inject('user') ->inject('audits') ->inject('usage') - ->action(function ($file, $read, $write, $request, $response, $projectDB, $audits, $usage) { + ->action(function ($file, $read, $write, $request, $response, $projectDB, $user, $audits, $usage) { /** @var Utopia\Swoole\Request $request */ /** @var Appwrite\Utopia\Response $response */ /** @var Appwrite\Database\Database $projectDB */ + /** @var Appwrite\Database\Document $user */ /** @var Appwrite\Event\Event $audits */ /** @var Appwrite\Event\Event $usage */ @@ -122,8 +124,8 @@ App::post('/v1/storage/files') $file = $projectDB->createDocument([ '$collection' => Database::SYSTEM_COLLECTION_FILES, '$permissions' => [ - 'read' => $read, - 'write' => $write, + 'read' => (is_null($read) && !$user->isEmpty()) ? ['user:'.$user->getId()] : $read ?? [], // By default set read permissions for user + 'write' => (is_null($write) && !$user->isEmpty()) ? ['user:'.$user->getId()] : $write ?? [], // By default set write permissions for user ], 'dateCreated' => \time(), 'folderId' => '', diff --git a/bin/schedule b/bin/schedule index 857ec9f6f..6300d97ed 100644 --- a/bin/schedule +++ b/bin/schedule @@ -1,6 +1,6 @@ #!/bin/sh -if [ -z "$_APP_REDIS_USER" ] || [ -z "$_APP_REDIS_PASS" ] +if [ -z "$_APP_REDIS_USER" ] && [ -z "$_APP_REDIS_PASS" ] then REDIS_BACKEND="${_APP_REDIS_HOST}:${_APP_REDIS_PORT}" else diff --git a/bin/worker-audits b/bin/worker-audits index e411aa386..8e99481d2 100644 --- a/bin/worker-audits +++ b/bin/worker-audits @@ -1,6 +1,6 @@ #!/bin/sh -if [ -z "$_APP_REDIS_USER" ] || [ -z "$_APP_REDIS_PASS" ] +if [ -z "$_APP_REDIS_USER" ] && [ -z "$_APP_REDIS_PASS" ] then REDIS_BACKEND="${_APP_REDIS_HOST}:${_APP_REDIS_PORT}" else diff --git a/bin/worker-certificates b/bin/worker-certificates index 7d474e1ea..9214af513 100755 --- a/bin/worker-certificates +++ b/bin/worker-certificates @@ -1,6 +1,6 @@ #!/bin/sh -if [ -z "$_APP_REDIS_USER" ] || [ -z "$_APP_REDIS_PASS" ] +if [ -z "$_APP_REDIS_USER" ] && [ -z "$_APP_REDIS_PASS" ] then REDIS_BACKEND="${_APP_REDIS_HOST}:${_APP_REDIS_PORT}" else diff --git a/bin/worker-deletes b/bin/worker-deletes index 9c2fb3118..517f75530 100644 --- a/bin/worker-deletes +++ b/bin/worker-deletes @@ -1,6 +1,6 @@ #!/bin/sh -if [ -z "$_APP_REDIS_USER" ] || [ -z "$_APP_REDIS_PASS" ] +if [ -z "$_APP_REDIS_USER" ] && [ -z "$_APP_REDIS_PASS" ] then REDIS_BACKEND="${_APP_REDIS_HOST}:${_APP_REDIS_PORT}" else diff --git a/bin/worker-functions b/bin/worker-functions index b41c01994..29cd4b85c 100644 --- a/bin/worker-functions +++ b/bin/worker-functions @@ -1,6 +1,6 @@ #!/bin/sh -if [ -z "$_APP_REDIS_USER" ] || [ -z "$_APP_REDIS_PASS" ] +if [ -z "$_APP_REDIS_USER" ] && [ -z "$_APP_REDIS_PASS" ] then REDIS_BACKEND="${_APP_REDIS_HOST}:${_APP_REDIS_PORT}" else diff --git a/bin/worker-mails b/bin/worker-mails index 64d10f609..a66394262 100644 --- a/bin/worker-mails +++ b/bin/worker-mails @@ -1,6 +1,6 @@ #!/bin/sh -if [ -z "$_APP_REDIS_USER" ] || [ -z "$_APP_REDIS_PASS" ] +if [ -z "$_APP_REDIS_USER" ] && [ -z "$_APP_REDIS_PASS" ] then REDIS_BACKEND="${_APP_REDIS_HOST}:${_APP_REDIS_PORT}" else diff --git a/bin/worker-tasks b/bin/worker-tasks index fc395b34a..bac1f54a8 100644 --- a/bin/worker-tasks +++ b/bin/worker-tasks @@ -1,6 +1,6 @@ #!/bin/sh -if [ -z "$_APP_REDIS_USER" ] || [ -z "$_APP_REDIS_PASS" ] +if [ -z "$_APP_REDIS_USER" ] && [ -z "$_APP_REDIS_PASS" ] then REDIS_BACKEND="${_APP_REDIS_HOST}:${_APP_REDIS_PORT}" else diff --git a/bin/worker-usage b/bin/worker-usage index 4176f54b8..9cb9b5ed8 100644 --- a/bin/worker-usage +++ b/bin/worker-usage @@ -1,6 +1,6 @@ #!/bin/sh -if [ -z "$_APP_REDIS_USER" ] || [ -z "$_APP_REDIS_PASS" ] +if [ -z "$_APP_REDIS_USER" ] && [ -z "$_APP_REDIS_PASS" ] then REDIS_BACKEND="${_APP_REDIS_HOST}:${_APP_REDIS_PORT}" else diff --git a/bin/worker-webhooks b/bin/worker-webhooks index 13029ecbd..4ae2fadaa 100644 --- a/bin/worker-webhooks +++ b/bin/worker-webhooks @@ -1,6 +1,6 @@ #!/bin/sh -if [ -z "$_APP_REDIS_USER" ] || [ -z "$_APP_REDIS_PASS" ] +if [ -z "$_APP_REDIS_USER" ] && [ -z "$_APP_REDIS_PASS" ] then REDIS_BACKEND="${_APP_REDIS_HOST}:${_APP_REDIS_PORT}" else diff --git a/docs/sdks/ruby/GETTING_STARTED.md b/docs/sdks/ruby/GETTING_STARTED.md new file mode 100644 index 000000000..d353ee196 --- /dev/null +++ b/docs/sdks/ruby/GETTING_STARTED.md @@ -0,0 +1,49 @@ +## Getting Started + +### Init your SDK +Initialize your SDK code with your project ID which can be found in your project settings page and your new API secret Key from project's API keys section. + +```ruby +require 'appwrite' + +client = Appwrite::Client.new() + +client + .set_endpoint(ENV["APPWRITE_ENDPOINT"]) # Your API Endpoint + .set_project(ENV["APPWRITE_PROJECT"]) # Your project ID + .set_key(ENV["APPWRITE_SECRET"]) # Your secret API key +; +``` + +### Make Your First Request +Once your SDK object is set, create any of the Appwrite service objects and choose any request to send. Full documentation for any service method you would like to use can be found in your SDK documentation or in the API References section. + +```ruby +users = Appwrite::Users.new(client); + +result = users.create(email: 'email@example.com', password: 'password'); +``` + +### Full Example +```ruby +require 'appwrite' + +client = Appwrite::Client.new() + +client + .set_endpoint(ENV["APPWRITE_ENDPOINT"]) # Your API Endpoint + .set_project(ENV["APPWRITE_PROJECT"]) # Your project ID + .set_key(ENV["APPWRITE_SECRET"]) # Your secret API key +; + +users = Appwrite::Users.new(client); + +result = users.create(email: 'email@example.com', password: 'password'); +``` + +### Learn more +You can use followng resources to learn more and get help +- 🚀 [Getting Started Tutorial](https://appwrite.io/docs/getting-started-for-server) +- 📜 [Appwrite Docs](https://appwrite.io/docs) +- 💬 [Discord Community](https://appwrite.io/discord) +- 🚂 [Appwrite Ruby Playground](https://github.com/appwrite/playground-for-ruby) diff --git a/tests/e2e/Services/Database/DatabaseBase.php b/tests/e2e/Services/Database/DatabaseBase.php index 2b93485f1..eedd312fe 100644 --- a/tests/e2e/Services/Database/DatabaseBase.php +++ b/tests/e2e/Services/Database/DatabaseBase.php @@ -501,6 +501,133 @@ trait DatabaseBase $this->assertEquals($document['headers']['status-code'], 404); - return []; + return $data; + } + + /** + * @depends testDeleteDocument + */ + public function testDefaultPermissions(array $data):array + { + $document = $this->client->call(Client::METHOD_POST, '/database/collections/' . $data['moviesId'] . '/documents', array_merge([ + 'content-type' => 'application/json', + 'x-appwrite-project' => $this->getProject()['$id'], + ], $this->getHeaders()), [ + 'data' => [ + 'name' => 'Captain America', + 'releaseYear' => 1944, + 'actors' => [], + ], + ]); + + $id = $document['body']['$id']; + + $this->assertEquals($document['headers']['status-code'], 201); + $this->assertEquals($document['body']['$collection'], $data['moviesId']); + $this->assertEquals($document['body']['name'], 'Captain America'); + $this->assertEquals($document['body']['releaseYear'], 1944); + $this->assertIsArray($document['body']['$permissions']); + $this->assertIsArray($document['body']['$permissions']['read']); + $this->assertIsArray($document['body']['$permissions']['write']); + + if($this->getSide() == 'client') { + $this->assertCount(1, $document['body']['$permissions']['read']); + $this->assertCount(1, $document['body']['$permissions']['write']); + $this->assertEquals(['user:'.$this->getUser()['$id']], $document['body']['$permissions']['read']); + $this->assertEquals(['user:'.$this->getUser()['$id']], $document['body']['$permissions']['write']); + } + + if($this->getSide() == 'server') { + $this->assertCount(0, $document['body']['$permissions']['read']); + $this->assertCount(0, $document['body']['$permissions']['write']); + $this->assertEquals([], $document['body']['$permissions']['read']); + $this->assertEquals([], $document['body']['$permissions']['write']); + } + + // Updated and Inherit Permissions + + $document = $this->client->call(Client::METHOD_PATCH, '/database/collections/' . $data['moviesId'] . '/documents/' . $id, array_merge([ + 'content-type' => 'application/json', + 'x-appwrite-project' => $this->getProject()['$id'], + ], $this->getHeaders()), [ + 'data' => [ + 'name' => 'Captain America 2', + 'releaseYear' => 1945, + 'actors' => [], + ], + 'read' => ['*'], + ]); + + $this->assertEquals($document['headers']['status-code'], 200); + $this->assertEquals($document['body']['name'], 'Captain America 2'); + $this->assertEquals($document['body']['releaseYear'], 1945); + + if($this->getSide() == 'client') { + $this->assertCount(1, $document['body']['$permissions']['read']); + $this->assertCount(1, $document['body']['$permissions']['write']); + $this->assertEquals(['*'], $document['body']['$permissions']['read']); + $this->assertEquals(['user:'.$this->getUser()['$id']], $document['body']['$permissions']['write']); + } + + if($this->getSide() == 'server') { + $this->assertCount(1, $document['body']['$permissions']['read']); + $this->assertCount(0, $document['body']['$permissions']['write']); + $this->assertEquals(['*'], $document['body']['$permissions']['read']); + $this->assertEquals([], $document['body']['$permissions']['write']); + } + + $document = $this->client->call(Client::METHOD_GET, '/database/collections/' . $data['moviesId'] . '/documents/' . $id, array_merge([ + 'content-type' => 'application/json', + 'x-appwrite-project' => $this->getProject()['$id'], + ], $this->getHeaders())); + + $this->assertEquals($document['headers']['status-code'], 200); + $this->assertEquals($document['body']['name'], 'Captain America 2'); + $this->assertEquals($document['body']['releaseYear'], 1945); + + if($this->getSide() == 'client') { + $this->assertCount(1, $document['body']['$permissions']['read']); + $this->assertCount(1, $document['body']['$permissions']['write']); + $this->assertEquals(['*'], $document['body']['$permissions']['read']); + $this->assertEquals(['user:'.$this->getUser()['$id']], $document['body']['$permissions']['write']); + } + + if($this->getSide() == 'server') { + $this->assertCount(1, $document['body']['$permissions']['read']); + $this->assertCount(0, $document['body']['$permissions']['write']); + $this->assertEquals(['*'], $document['body']['$permissions']['read']); + $this->assertEquals([], $document['body']['$permissions']['write']); + } + + // Reset Permissions + + $document = $this->client->call(Client::METHOD_PATCH, '/database/collections/' . $data['moviesId'] . '/documents/' . $id, array_merge([ + 'content-type' => 'application/json', + 'x-appwrite-project' => $this->getProject()['$id'], + ], $this->getHeaders()), [ + 'data' => [ + 'name' => 'Captain America 3', + 'releaseYear' => 1946, + 'actors' => [], + ], + 'read' => [], + 'write' => [], + ]); + + if($this->getSide() == 'client') { + $this->assertEquals($document['headers']['status-code'], 401); + } + + if($this->getSide() == 'server') { + $this->assertEquals($document['headers']['status-code'], 200); + $this->assertEquals($document['body']['name'], 'Captain America 3'); + $this->assertEquals($document['body']['releaseYear'], 1946); + $this->assertCount(0, $document['body']['$permissions']['read']); + $this->assertCount(0, $document['body']['$permissions']['write']); + $this->assertEquals([], $document['body']['$permissions']['read']); + $this->assertEquals([], $document['body']['$permissions']['write']); + } + + return $data; } } \ No newline at end of file