CodeMirror/appwrite
1
0
Fork 0
mirror of synced 2024-06-29 19:50:26 +12:00
Code Issues Projects Releases Wiki Activity

Review fixes

Browse source
This commit is contained in:
Jake Barnby 2022-08-26 15:01:16 +12:00
parent 8307b2148f
commit 593c62116c
1 changed files with 11 additions and 11 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

22
app/controllers/api/storage.php
View file

@ -751,7 +751,7 @@ App::get('/v1/storage/buckets/:bucketId/files/:fileId')
$file = Authorization::skip(fn() => $dbForProject->getDocument('bucket_' . $bucket->getInternalId(), $fileId));
}
if ($file->isEmpty() || $file->getAttribute('bucketId') !== $bucketId) {
if ($file->isEmpty()) {
throw new Exception(Exception::STORAGE_FILE_NOT_FOUND);
}
@ -830,7 +830,7 @@ App::get('/v1/storage/buckets/:bucketId/files/:fileId/preview')
$file = Authorization::skip(fn() => $dbForProject->getDocument('bucket_' . $bucket->getInternalId(), $fileId));
}
if ($file->isEmpty() || $file->getAttribute('bucketId') !== $bucketId) {
if ($file->isEmpty()) {
throw new Exception(Exception::STORAGE_FILE_NOT_FOUND);
}
@ -964,7 +964,7 @@ App::get('/v1/storage/buckets/:bucketId/files/:fileId/download')
$file = Authorization::skip(fn() => $dbForProject->getDocument('bucket_' . $bucket->getInternalId(), $fileId));
}
if ($file->isEmpty() || $file->getAttribute('bucketId') !== $bucketId) {
if ($file->isEmpty()) {
throw new Exception(Exception::STORAGE_FILE_NOT_FOUND);
}
@ -1095,7 +1095,7 @@ App::get('/v1/storage/buckets/:bucketId/files/:fileId/view')
$file = Authorization::skip(fn() => $dbForProject->getDocument('bucket_' . $bucket->getInternalId(), $fileId));
}
if ($file->isEmpty() || $file->getAttribute('bucketId') !== $bucketId) {
if ($file->isEmpty()) {
throw new Exception(Exception::STORAGE_FILE_NOT_FOUND);
}
@ -1237,7 +1237,7 @@ App::put('/v1/storage/buckets/:bucketId/files/:fileId')
// Read permission should not be required for update
$file = Authorization::skip(fn() => $dbForProject->getDocument('bucket_' . $bucket->getInternalId(), $fileId));
if ($file->isEmpty() || $file->getAttribute('bucketId') !== $bucketId) {
if ($file->isEmpty()) {
throw new Exception(Exception::STORAGE_FILE_NOT_FOUND);
}
@ -1248,13 +1248,9 @@ App::put('/v1/storage/buckets/:bucketId/files/:fileId')
Database::PERMISSION_DELETE,
]);
if (\is_null($permissions)) {
$permissions = $file->getPermissions() ?? [];
}
// Users can only manage their own roles, API keys and Admin users can manage any
$roles = Authorization::getRoles();
if (!Auth::isAppUser($roles) && !Auth::isPrivilegedUser($roles)) {
if (!Auth::isAppUser($roles) && !Auth::isPrivilegedUser($roles) && !\is_null($permissions)) {
foreach (Database::PERMISSIONS as $type) {
foreach ($permissions as $permission) {
$permission = Permission::parse($permission);
@ -1273,6 +1269,10 @@ App::put('/v1/storage/buckets/:bucketId/files/:fileId')
}
}
if (\is_null($permissions)) {
$permissions = $file->getPermissions() ?? [];
}
$file->setAttribute('$permissions', $permissions);
if ($fileSecurity && !$valid) {
@ -1334,7 +1334,7 @@ App::delete('/v1/storage/buckets/:bucketId/files/:fileId')
// Read permission should not be required for delete
$file = Authorization::skip(fn() => $dbForProject->getDocument('bucket_' . $bucket->getInternalId(), $fileId));
if ($file->isEmpty() || $file->getAttribute('bucketId') !== $bucketId) {
if ($file->isEmpty()) {
throw new Exception(Exception::STORAGE_FILE_NOT_FOUND);
}