fix: executions permission validation
This commit is contained in:
parent
77fdd1ab35
commit
4eb298e4e0
2 changed files with 5 additions and 4 deletions
|
@ -802,7 +802,7 @@ App::get('/v1/functions/:functionId/executions')
|
||||||
/** @var Appwrite\Utopia\Response $response */
|
/** @var Appwrite\Utopia\Response $response */
|
||||||
/** @var Appwrite\Database\Database $projectDB */
|
/** @var Appwrite\Database\Database $projectDB */
|
||||||
|
|
||||||
$function = $projectDB->getDocument($functionId);
|
$function = $projectDB->getDocument($functionId, true, true, 'execute');
|
||||||
|
|
||||||
if (empty($function->getId()) || Database::SYSTEM_COLLECTION_FUNCTIONS != $function->getCollection()) {
|
if (empty($function->getId()) || Database::SYSTEM_COLLECTION_FUNCTIONS != $function->getCollection()) {
|
||||||
throw new Exception('Function not found', 404);
|
throw new Exception('Function not found', 404);
|
||||||
|
@ -844,7 +844,7 @@ App::get('/v1/functions/:functionId/executions/:executionId')
|
||||||
/** @var Appwrite\Utopia\Response $response */
|
/** @var Appwrite\Utopia\Response $response */
|
||||||
/** @var Appwrite\Database\Database $projectDB */
|
/** @var Appwrite\Database\Database $projectDB */
|
||||||
|
|
||||||
$function = $projectDB->getDocument($functionId);
|
$function = $projectDB->getDocument($functionId, true, true, 'execute');
|
||||||
|
|
||||||
if (empty($function->getId()) || Database::SYSTEM_COLLECTION_FUNCTIONS != $function->getCollection()) {
|
if (empty($function->getId()) || Database::SYSTEM_COLLECTION_FUNCTIONS != $function->getCollection()) {
|
||||||
throw new Exception('Function not found', 404);
|
throw new Exception('Function not found', 404);
|
||||||
|
|
|
@ -196,17 +196,18 @@ class Database
|
||||||
* @param string $id
|
* @param string $id
|
||||||
* @param bool $mock is mocked data allowed?
|
* @param bool $mock is mocked data allowed?
|
||||||
* @param bool $decode enable decoding?
|
* @param bool $decode enable decoding?
|
||||||
|
* @param string $permission permissions to read
|
||||||
*
|
*
|
||||||
* @return Document
|
* @return Document
|
||||||
*/
|
*/
|
||||||
public function getDocument($id, bool $mock = true, bool $decode = true)
|
public function getDocument($id, bool $mock = true, bool $decode = true, string $permission = 'read')
|
||||||
{
|
{
|
||||||
if (\is_null($id)) {
|
if (\is_null($id)) {
|
||||||
return new Document();
|
return new Document();
|
||||||
}
|
}
|
||||||
|
|
||||||
$document = new Document((isset($this->mocks[$id]) && $mock) ? $this->mocks[$id] : $this->adapter->getDocument($id));
|
$document = new Document((isset($this->mocks[$id]) && $mock) ? $this->mocks[$id] : $this->adapter->getDocument($id));
|
||||||
$validator = new Authorization($document, 'read');
|
$validator = new Authorization($document, $permission);
|
||||||
|
|
||||||
if (!$validator->isValid($document->getPermissions())) { // Check if user has read access to this document
|
if (!$validator->isValid($document->getPermissions())) { // Check if user has read access to this document
|
||||||
return new Document();
|
return new Document();
|
||||||
|
|
Loading…
Reference in a new issue