CodeMirror/appwrite
1
0
Fork 0
mirror of synced 2024-06-29 19:50:26 +12:00
Code Issues Projects Releases Wiki Activity

fix: executions permission validation

Browse source
This commit is contained in:
Torsten Dittmann 2021-04-27 09:12:59 +02:00
parent 77fdd1ab35
commit 4eb298e4e0
2 changed files with 5 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
app/controllers/api/functions.php
View file

@ -802,7 +802,7 @@ App::get('/v1/functions/:functionId/executions')
/** @var Appwrite\Utopia\Response $response */ /** @var Appwrite\Utopia\Response $response */
/** @var Appwrite\Database\Database $projectDB */ /** @var Appwrite\Database\Database $projectDB */
$function = $projectDB->getDocument($functionId); $function = $projectDB->getDocument($functionId, true, true, 'execute');
if (empty($function->getId()) || Database::SYSTEM_COLLECTION_FUNCTIONS != $function->getCollection()) { if (empty($function->getId()) || Database::SYSTEM_COLLECTION_FUNCTIONS != $function->getCollection()) {
throw new Exception('Function not found', 404); throw new Exception('Function not found', 404);
@ -844,7 +844,7 @@ App::get('/v1/functions/:functionId/executions/:executionId')
/** @var Appwrite\Utopia\Response $response */ /** @var Appwrite\Utopia\Response $response */
/** @var Appwrite\Database\Database $projectDB */ /** @var Appwrite\Database\Database $projectDB */
$function = $projectDB->getDocument($functionId); $function = $projectDB->getDocument($functionId, true, true, 'execute');
if (empty($function->getId()) || Database::SYSTEM_COLLECTION_FUNCTIONS != $function->getCollection()) { if (empty($function->getId()) || Database::SYSTEM_COLLECTION_FUNCTIONS != $function->getCollection()) {
throw new Exception('Function not found', 404); throw new Exception('Function not found', 404);

5
src/Appwrite/Database/Database.php
View file

@ -196,17 +196,18 @@ class Database
* @param string $id * @param string $id
* @param bool $mock is mocked data allowed? * @param bool $mock is mocked data allowed?
* @param bool $decode enable decoding? * @param bool $decode enable decoding?
* @param string $permission permissions to read
* *
* @return Document * @return Document
*/ */
public function getDocument($id, bool $mock = true, bool $decode = true) public function getDocument($id, bool $mock = true, bool $decode = true, string $permission = 'read')
{ {
if (\is_null($id)) { if (\is_null($id)) {
return new Document(); return new Document();
} }
$document = new Document((isset($this->mocks[$id]) && $mock) ? $this->mocks[$id] : $this->adapter->getDocument($id)); $document = new Document((isset($this->mocks[$id]) && $mock) ? $this->mocks[$id] : $this->adapter->getDocument($id));
$validator = new Authorization($document, 'read'); $validator = new Authorization($document, $permission);
if (!$validator->isValid($document->getPermissions())) { // Check if user has read access to this document if (!$validator->isValid($document->getPermissions())) { // Check if user has read access to this document
return new Document(); return new Document();