CodeMirror/appwrite
1
0
Fork 0
mirror of synced 2024-06-27 02:31:04 +12:00
Code Issues Projects Releases Wiki Activity

fix: executions permission validation

Browse source
This commit is contained in:
Torsten Dittmann 2021-04-27 09:12:59 +02:00
parent 77fdd1ab35
commit 4eb298e4e0
2 changed files with 5 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
app/controllers/api/functions.php
View file

@ -802,7 +802,7 @@ App::get('/v1/functions/:functionId/executions')
/** @var Appwrite\Utopia\Response $response */
/** @var Appwrite\Database\Database $projectDB */
$function = $projectDB->getDocument($functionId);
$function = $projectDB->getDocument($functionId, true, true, 'execute');
if (empty($function->getId()) || Database::SYSTEM_COLLECTION_FUNCTIONS != $function->getCollection()) {
throw new Exception('Function not found', 404);
@ -844,7 +844,7 @@ App::get('/v1/functions/:functionId/executions/:executionId')
/** @var Appwrite\Utopia\Response $response */
/** @var Appwrite\Database\Database $projectDB */
$function = $projectDB->getDocument($functionId);
$function = $projectDB->getDocument($functionId, true, true, 'execute');
if (empty($function->getId()) || Database::SYSTEM_COLLECTION_FUNCTIONS != $function->getCollection()) {
throw new Exception('Function not found', 404);

5
src/Appwrite/Database/Database.php
View file

@ -196,17 +196,18 @@ class Database
* @param string $id
* @param bool $mock is mocked data allowed?
* @param bool $decode enable decoding?
* @param string $permission permissions to read
*
* @return Document
*/
public function getDocument($id, bool $mock = true, bool $decode = true)
public function getDocument($id, bool $mock = true, bool $decode = true, string $permission = 'read')
{
if (\is_null($id)) {
return new Document();
}
$document = new Document((isset($this->mocks[$id]) && $mock) ? $this->mocks[$id] : $this->adapter->getDocument($id));
$validator = new Authorization($document, 'read');
$validator = new Authorization($document, $permission);
if (!$validator->isValid($document->getPermissions())) { // Check if user has read access to this document
return new Document();