From 51ceb5d74a504f74a1d946056568fcfd4b241434 Mon Sep 17 00:00:00 2001 From: prateek banga Date: Wed, 9 Aug 2023 00:12:53 +0530 Subject: [PATCH] prohibit select queries in list attributes and remove static method --- app/controllers/api/databases.php | 33 ++----------------- .../Database/Validator/Queries/Attributes.php | 8 ++++- .../Database/Validator/Queries/Base.php | 11 ++++++- src/Appwrite/Utopia/Response.php | 27 --------------- 4 files changed, 20 insertions(+), 59 deletions(-) diff --git a/app/controllers/api/databases.php b/app/controllers/api/databases.php index 424d162f6f..baad060c19 100644 --- a/app/controllers/api/databases.php +++ b/app/controllers/api/databases.php @@ -1678,22 +1678,6 @@ App::get('/v1/databases/:databaseId/collections/:collectionId/attributes') $queries = Query::parseQueries($queries); - // Add type property in query if select query exists and type property doesn't exist as type is required for response model - $hasSelect = false; - $hasTypeAttribute = false; - foreach ($queries as $query) { - if ($query->getMethod() === Query::TYPE_SELECT) { - $hasSelect = true; - } - if (\array_search('type', $query->getValues())) { - $hasTypeAttribute = true; - } - } - - if ($hasSelect && !$hasTypeAttribute) { - \array_push($queries, Query::select(['type'])); - } - \array_push($queries, Query::equal('collectionId', [$collectionId]), Query::equal('databaseId', [$databaseId])); // Get cursor document if there was a cursor query @@ -1714,23 +1698,12 @@ App::get('/v1/databases/:databaseId/collections/:collectionId/attributes') $cursor->setValue($cursorDocument[0]); } - $attributes = $dbForProject->find('attributes', $queries); $filterQueries = Query::groupByType($queries)['filters']; - $total = $dbForProject->count('attributes', $filterQueries, APP_LIMIT_COUNT); - $output = $response->output(new Document([ - 'total' => $total, - 'attributes' => $attributes, + $response->dynamic(new Document([ + 'total' => $dbForProject->count('attributes', $filterQueries, APP_LIMIT_COUNT), + 'attributes' => $dbForProject->find('attributes', $queries), ]), Response::MODEL_ATTRIBUTE_LIST); - - // If type Attribute didn't exist in select query we need to remove type attribute from attribute list - if ($hasSelect && !$hasTypeAttribute) { - foreach ($output['attributes'] as &$attribute) { - unset($attribute['type']); - } - } - - $response->static($output); }); App::get('/v1/databases/:databaseId/collections/:collectionId/attributes/:key') diff --git a/src/Appwrite/Utopia/Database/Validator/Queries/Attributes.php b/src/Appwrite/Utopia/Database/Validator/Queries/Attributes.php index 4a35c82b73..8a1a95b7f7 100644 --- a/src/Appwrite/Utopia/Database/Validator/Queries/Attributes.php +++ b/src/Appwrite/Utopia/Database/Validator/Queries/Attributes.php @@ -2,6 +2,8 @@ namespace Appwrite\Utopia\Database\Validator\Queries; +use Utopia\Database\Validator\Query\Select; + class Attributes extends Base { public const ALLOWED_ATTRIBUTES = [ @@ -14,12 +16,16 @@ class Attributes extends Base 'error' ]; + public const PROHIBITED_QUERIES = [ + Select::class + ]; + /** * Expression constructor * */ public function __construct() { - parent::__construct('attributes', self::ALLOWED_ATTRIBUTES); + parent::__construct('attributes', self::ALLOWED_ATTRIBUTES, self::PROHIBITED_QUERIES); } } diff --git a/src/Appwrite/Utopia/Database/Validator/Queries/Base.php b/src/Appwrite/Utopia/Database/Validator/Queries/Base.php index 587862fa65..2425954c1e 100644 --- a/src/Appwrite/Utopia/Database/Validator/Queries/Base.php +++ b/src/Appwrite/Utopia/Database/Validator/Queries/Base.php @@ -2,6 +2,7 @@ namespace Appwrite\Utopia\Database\Validator\Queries; +use Appwrite\Extend\Exception; use Utopia\Database\Validator\Queries; use Utopia\Database\Validator\Query\Limit; use Utopia\Database\Validator\Query\Offset; @@ -22,7 +23,7 @@ class Base extends Queries * @param string[] $allowedAttributes * @throws \Exception */ - public function __construct(string $collection, array $allowedAttributes) + public function __construct(string $collection, array $allowedAttributes, ?array $prohibitedQueries = []) { $collection = Config::getParam('collections', [])[$collection]; // array for constant lookup time @@ -69,6 +70,14 @@ class Base extends Queries new Order($attributes), new Select($attributes), ]; + // Remove prohibited validators from the $validators array + foreach ($prohibitedQueries as $prohibitedQuery) { + foreach ($validators as $key => $validator) { + if ($validator instanceof $prohibitedQuery) { + unset($validators[$key]); + } + } + } parent::__construct($validators); } diff --git a/src/Appwrite/Utopia/Response.php b/src/Appwrite/Utopia/Response.php index 964d93ae1e..bae5b3cca9 100644 --- a/src/Appwrite/Utopia/Response.php +++ b/src/Appwrite/Utopia/Response.php @@ -458,33 +458,6 @@ class Response extends SwooleResponse } } - /** - * Sends the response based on content type - * - * @param array $ouput - * - * return void - * @throws Exception - */ - public function static(array $output): void - { - switch ($this->getContentType()) { - case self::CONTENT_TYPE_JSON: - $this->json(!empty($output) ? $output : new \stdClass()); - break; - - case self::CONTENT_TYPE_YAML: - $this->yaml(!empty($output) ? $output : new \stdClass()); - break; - - case self::CONTENT_TYPE_NULL: - break; - - default: - $this->json(!empty($output) ? $output : new \stdClass()); - } - } - /** * Generate valid response object from document data *