Review updates for role helper usage
This commit is contained in:
Jake Barnby
parent
bc9e928187
commit
66539bbe3a
|
|
@ -123,9 +123,9 @@ App::post('/v1/account')
|
|||
throw new Exception(Exception::USER_ALREADY_EXISTS);
|
||||
}
|
||||
|
||||
Authorization::unsetRole(Auth::USER_ROLE_GUESTS);
|
||||
Authorization::setRole('user:' . $user->getId());
|
||||
Authorization::setRole(Auth::USER_ROLE_USERS);
|
||||
Authorization::unsetRole(Role::guests()->toString());
|
||||
Authorization::setRole(Role::user($user->getId())->toString());
|
||||
Authorization::setRole(Role::users()->toString());
|
||||
|
||||
$audits
|
||||
->setResource('user/' . $user->getId())
|
||||
|
|
@ -204,7 +204,7 @@ App::post('/v1/account/sessions/email')
|
|||
$detector->getDevice()
|
||||
));
|
||||
|
||||
Authorization::setRole('user:' . $profile->getId());
|
||||
Authorization::setRole(Role::user($profile->getId())->toString());
|
||||
|
||||
$session = $dbForProject->createDocument('sessions', $session->setAttribute('$permissions', [
|
||||
Permission::read(Role::user($profile->getId())),
|
||||
|
|
@ -553,7 +553,7 @@ App::get('/v1/account/sessions/oauth2/:provider/redirect')
|
|||
->setAttribute('status', true)
|
||||
;
|
||||
|
||||
Authorization::setRole('user:' . $user->getId());
|
||||
Authorization::setRole(Role::user($user->getId())->toString());
|
||||
|
||||
$dbForProject->updateDocument('users', $user->getId(), $user);
|
||||
|
||||
|
|
@ -694,7 +694,7 @@ App::post('/v1/account/sessions/magic-url')
|
|||
'ip' => $request->getIP(),
|
||||
]);
|
||||
|
||||
Authorization::setRole('user:' . $user->getId());
|
||||
Authorization::setRole(Role::user($user->getId())->toString());
|
||||
|
||||
$token = $dbForProject->createDocument('tokens', $token
|
||||
->setAttribute('$permissions', [
|
||||
|
|
@ -803,7 +803,7 @@ App::put('/v1/account/sessions/magic-url')
|
|||
$detector->getDevice()
|
||||
));
|
||||
|
||||
Authorization::setRole('user:' . $user->getId());
|
||||
Authorization::setRole(Role::user($user->getId())->toString());
|
||||
|
||||
$session = $dbForProject->createDocument('sessions', $session
|
||||
->setAttribute('$permissions', [
|
||||
|
|
@ -946,7 +946,7 @@ App::post('/v1/account/sessions/phone')
|
|||
'ip' => $request->getIP(),
|
||||
]);
|
||||
|
||||
Authorization::setRole('user:' . $user->getId());
|
||||
Authorization::setRole(Role::user($user->getId())->toString());
|
||||
|
||||
$token = $dbForProject->createDocument('tokens', $token
|
||||
->setAttribute('$permissions', [
|
||||
|
|
@ -1042,7 +1042,7 @@ App::put('/v1/account/sessions/phone')
|
|||
$detector->getDevice()
|
||||
));
|
||||
|
||||
Authorization::setRole('user:' . $user->getId());
|
||||
Authorization::setRole(Role::user($user->getId())->toString());
|
||||
|
||||
$session = $dbForProject->createDocument('sessions', $session
|
||||
->setAttribute('$permissions', [
|
||||
|
|
@ -1191,7 +1191,7 @@ App::post('/v1/account/sessions/anonymous')
|
|||
$detector->getDevice()
|
||||
));
|
||||
|
||||
Authorization::setRole('user:' . $user->getId());
|
||||
Authorization::setRole(Role::user($user->getId())->toString());
|
||||
|
||||
$session = $dbForProject->createDocument('sessions', $session-> setAttribute('$permissions', [
|
||||
Permission::read(Role::user($user->getId())),
|
||||
|
|
@ -2017,7 +2017,7 @@ App::post('/v1/account/recovery')
|
|||
'ip' => $request->getIP(),
|
||||
]);
|
||||
|
||||
Authorization::setRole('user:' . $profile->getId());
|
||||
Authorization::setRole(Role::user($profile->getId())->toString());
|
||||
|
||||
$recovery = $dbForProject->createDocument('tokens', $recovery
|
||||
->setAttribute('$permissions', [
|
||||
|
|
@ -2103,7 +2103,7 @@ App::put('/v1/account/recovery')
|
|||
throw new Exception(Exception::USER_INVALID_TOKEN);
|
||||
}
|
||||
|
||||
Authorization::setRole('user:' . $profile->getId());
|
||||
Authorization::setRole(Role::user($profile->getId())->toString());
|
||||
|
||||
$profile = $dbForProject->updateDocument('users', $profile->getId(), $profile
|
||||
->setAttribute('password', Auth::passwordHash($password))
|
||||
|
|
@ -2179,7 +2179,7 @@ App::post('/v1/account/verification')
|
|||
'ip' => $request->getIP(),
|
||||
]);
|
||||
|
||||
Authorization::setRole('user:' . $user->getId());
|
||||
Authorization::setRole(Role::user($user->getId())->toString());
|
||||
|
||||
$verification = $dbForProject->createDocument('tokens', $verification
|
||||
->setAttribute('$permissions', [
|
||||
|
|
@ -2259,7 +2259,7 @@ App::put('/v1/account/verification')
|
|||
throw new Exception(Exception::USER_INVALID_TOKEN);
|
||||
}
|
||||
|
||||
Authorization::setRole('user:' . $profile->getId());
|
||||
Authorization::setRole(Role::user($profile->getId())->toString());
|
||||
|
||||
$profile = $dbForProject->updateDocument('users', $profile->getId(), $profile->setAttribute('emailVerification', true));
|
||||
|
||||
|
|
@ -2335,7 +2335,7 @@ App::post('/v1/account/verification/phone')
|
|||
'ip' => $request->getIP(),
|
||||
]);
|
||||
|
||||
Authorization::setRole('user:' . $user->getId());
|
||||
Authorization::setRole(Role::user($user->getId())->toString());
|
||||
|
||||
$verification = $dbForProject->createDocument('tokens', $verification
|
||||
->setAttribute('$permissions', [
|
||||
|
|
@ -2407,7 +2407,7 @@ App::put('/v1/account/verification/phone')
|
|||
throw new Exception(Exception::USER_INVALID_TOKEN);
|
||||
}
|
||||
|
||||
Authorization::setRole('user:' . $profile->getId());
|
||||
Authorization::setRole(Role::user($profile->getId())->toString());
|
||||
|
||||
$profile = $dbForProject->updateDocument('users', $profile->getId(), $profile->setAttribute('phoneVerification', true));
|
||||
|
||||
|
|
|
|||
|
|
@ -1968,7 +1968,10 @@ App::post('/v1/databases/:databaseId/collections/:collectionId/documents')
|
|||
}
|
||||
} else {
|
||||
foreach ($allowedPermissions as $permission) {
|
||||
// If the permission is not set, add it for the current user.
|
||||
/**
|
||||
* If an allowed permission was not passed in the request,
|
||||
* and there is a current user, add it for the current user.
|
||||
*/
|
||||
if (empty(\preg_grep("#^{$permission}\(.+\)$#", $permissions)) && !empty($user->getId())) {
|
||||
$permissions[] = (new Permission($permission, 'user', $user->getId()))->toString();
|
||||
}
|
||||
|
|
|
|||
|
|
@ -412,7 +412,10 @@ App::post('/v1/storage/buckets/:bucketId/files')
|
|||
}
|
||||
} else {
|
||||
foreach ($allowedPermissions as $permission) {
|
||||
// If the permission is not set, add it for the current user
|
||||
/**
|
||||
* If an allowed permission was not passed in the request,
|
||||
* and there is a current user, add it for the current user.
|
||||
*/
|
||||
if (empty(\preg_grep("#^{$permission}\(.+\)$#", $permissions)) && !empty($user->getId())) {
|
||||
$permissions[] = (new Permission($permission, 'user', $user->getId()))->toString();
|
||||
}
|
||||
|
|
|
|||
|
|
@ -727,7 +727,7 @@ App::patch('/v1/teams/:teamId/memberships/:membershipId/status')
|
|||
|
||||
// Log user in
|
||||
|
||||
Authorization::setRole('user:' . $user->getId());
|
||||
Authorization::setRole(Role::user($user->getId())->toString());
|
||||
|
||||
$detector = new Detector($request->getUserAgent('UNKNOWN'));
|
||||
$record = $geodb->get($request->getIP());
|
||||
|
|
@ -755,7 +755,7 @@ App::patch('/v1/teams/:teamId/memberships/:membershipId/status')
|
|||
|
||||
$dbForProject->deleteCachedDocument('users', $user->getId());
|
||||
|
||||
Authorization::setRole('user:' . $userId);
|
||||
Authorization::setRole(Role::user($userId)->toString());
|
||||
|
||||
$membership = $dbForProject->updateDocument('memberships', $membership->getId(), $membership);
|
||||
|
||||
|
|
|
|||
|
|
@ -3,6 +3,7 @@
|
|||
require_once __DIR__ . '/../init.php';
|
||||
|
||||
use Utopia\App;
|
||||
use Utopia\Database\Role;
|
||||
use Utopia\Locale\Locale;
|
||||
use Utopia\Logger\Logger;
|
||||
use Utopia\Logger\Log;
|
||||
|
|
@ -246,7 +247,9 @@ App::init()
|
|||
/*
|
||||
* ACL Check
|
||||
*/
|
||||
$role = ($user->isEmpty()) ? Auth::USER_ROLE_GUESTS : Auth::USER_ROLE_USERS;
|
||||
$role = ($user->isEmpty())
|
||||
? Role::guests()->toString()
|
||||
: Role::users()->toString();
|
||||
|
||||
// Add user roles
|
||||
$memberships = $user->find('teamId', $project->getAttribute('teamId', null), 'memberships');
|
||||
|
|
|
|||
|
|
@ -258,7 +258,7 @@ $http->on('request', function (SwooleRequest $swooleRequest, SwooleResponse $swo
|
|||
|
||||
try {
|
||||
Authorization::cleanRoles();
|
||||
Authorization::setRole('any');
|
||||
Authorization::setRole(Role::any()->toString());
|
||||
|
||||
$app->run($request, $response);
|
||||
} catch (\Throwable $th) {
|
||||
|
|
|
|||
|
|
@ -4,6 +4,7 @@ namespace Appwrite\Auth;
|
|||
|
||||
use Utopia\Database\Document;
|
||||
use Utopia\Database\DateTime;
|
||||
use Utopia\Database\Role;
|
||||
use Utopia\Database\Validator\Authorization;
|
||||
|
||||
class Auth
|
||||
|
|
@ -309,19 +310,19 @@ class Auth
|
|||
|
||||
if (!self::isPrivilegedUser(Authorization::getRoles()) && !self::isAppUser(Authorization::getRoles())) {
|
||||
if ($user->getId()) {
|
||||
$roles[] = 'user:' . $user->getId();
|
||||
$roles[] = Auth::USER_ROLE_USERS;
|
||||
$roles[] = Role::user($user->getId())->toString();
|
||||
$roles[] = Role::users()->toString();
|
||||
} else {
|
||||
return [Auth::USER_ROLE_GUESTS];
|
||||
return [Role::guests()->toString()];
|
||||
}
|
||||
}
|
||||
|
||||
foreach ($user->getAttribute('memberships', []) as $node) {
|
||||
if (isset($node['teamId']) && isset($node['roles'])) {
|
||||
$roles[] = 'team:' . $node['teamId'];
|
||||
$roles[] = Role::team($node['teamId'])->toString();
|
||||
|
||||
foreach ($node['roles'] as $nodeRole) { // Set all team roles
|
||||
$roles[] = 'team:' . $node['teamId'] . '/' . $nodeRole;
|
||||
$roles[] = Role::team($node['teamId'], $nodeRole)->toString();
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -6,6 +6,8 @@ use Utopia\Database\DateTime;
|
|||
use Utopia\Database\Document;
|
||||
use Appwrite\Messaging\Adapter;
|
||||
use Utopia\App;
|
||||
use Utopia\Database\ID;
|
||||
use Utopia\Database\Role;
|
||||
|
||||
class Realtime extends Adapter
|
||||
{
|
||||
|
|
@ -187,7 +189,7 @@ class Realtime extends Adapter
|
|||
*/
|
||||
if (
|
||||
\array_key_exists($channel, $this->subscriptions[$event['project']][$role])
|
||||
&& (\in_array($role, $event['roles']) || \in_array('any', $event['roles']))
|
||||
&& (\in_array($role, $event['roles']) || \in_array(Role::any()->toString(), $event['roles']))
|
||||
) {
|
||||
/**
|
||||
* Saving all connections that are allowed to receive this event.
|
||||
|
|
@ -256,27 +258,25 @@ class Realtime extends Adapter
|
|||
case 'users':
|
||||
$channels[] = 'account';
|
||||
$channels[] = 'account.' . $parts[1];
|
||||
$roles = ['user:' . $parts[1]];
|
||||
|
||||
$roles = [Role::user(ID::custom($parts[1]))->toString()];
|
||||
break;
|
||||
case 'teams':
|
||||
if ($parts[2] === 'memberships') {
|
||||
$permissionsChanged = $parts[4] ?? false;
|
||||
$channels[] = 'memberships';
|
||||
$channels[] = 'memberships.' . $parts[3];
|
||||
$roles = ['team:' . $parts[1]];
|
||||
} else {
|
||||
$permissionsChanged = $parts[2] === 'create';
|
||||
$channels[] = 'teams';
|
||||
$channels[] = 'teams.' . $parts[1];
|
||||
$roles = ['team:' . $parts[1]];
|
||||
}
|
||||
$roles = [Role::team(ID::custom($parts[1]))->toString()];
|
||||
break;
|
||||
case 'databases':
|
||||
if (in_array($parts[4] ?? [], ['attributes', 'indexes'])) {
|
||||
$channels[] = 'console';
|
||||
$projectId = 'console';
|
||||
$roles = ['team:' . $project->getAttribute('teamId')];
|
||||
$roles = [Role::team($project->getAttribute('teamId'))->toString()];
|
||||
} elseif (($parts[4] ?? '') === 'documents') {
|
||||
if ($database->isEmpty()) {
|
||||
throw new \Exception('Database needs to be passed to Realtime for Document events in the Database.');
|
||||
|
|
@ -288,7 +288,8 @@ class Realtime extends Adapter
|
|||
$channels[] = 'documents';
|
||||
$channels[] = 'databases.' . $database->getId() . '.collections.' . $payload->getCollection() . '.documents';
|
||||
$channels[] = 'databases.' . $database->getId() . '.collections.' . $payload->getCollection() . '.documents.' . $payload->getId();
|
||||
$roles = ($collection->getAttribute('documentSecurity', false))
|
||||
|
||||
$roles = $collection->getAttribute('documentSecurity', false)
|
||||
? \array_merge($collection->getRead(), $payload->getRead())
|
||||
: $collection->getRead();
|
||||
}
|
||||
|
|
@ -301,6 +302,7 @@ class Realtime extends Adapter
|
|||
$channels[] = 'files';
|
||||
$channels[] = 'buckets.' . $payload->getAttribute('bucketId') . '.files';
|
||||
$channels[] = 'buckets.' . $payload->getAttribute('bucketId') . '.files.' . $payload->getId();
|
||||
|
||||
$roles = $bucket->getAttribute('fileSecurity', false)
|
||||
? \array_merge($bucket->getRead(), $payload->getRead())
|
||||
: $bucket->getRead();
|
||||
|
|
@ -319,7 +321,8 @@ class Realtime extends Adapter
|
|||
}
|
||||
} elseif ($parts[2] === 'deployments') {
|
||||
$channels[] = 'console';
|
||||
$roles = ['team:' . $project->getAttribute('teamId')];
|
||||
|
||||
$roles = [Role::team($project->getAttribute('teamId'))->toString()];
|
||||
}
|
||||
|
||||
break;
|
||||
|
|
|
|||
|
|
@ -5,6 +5,8 @@ namespace Appwrite\Specification\Format;
|
|||
use Appwrite\Specification\Format;
|
||||
use Appwrite\Template\Template;
|
||||
use Appwrite\Utopia\Response\Model;
|
||||
use Utopia\Database\Permission;
|
||||
use Utopia\Database\Role;
|
||||
use Utopia\Validator;
|
||||
|
||||
class Swagger2 extends Format
|
||||
|
|
@ -317,7 +319,7 @@ class Swagger2 extends Format
|
|||
$node['items'] = [
|
||||
'type' => 'string',
|
||||
];
|
||||
$node['x-example'] = '["read(any)"]';
|
||||
$node['x-example'] = '["' . Permission::read(Role::any()) . '"]';
|
||||
break;
|
||||
case 'Utopia\Database\Validator\Roles':
|
||||
$node['type'] = $validator->getType();
|
||||
|
|
@ -325,7 +327,7 @@ class Swagger2 extends Format
|
|||
$node['items'] = [
|
||||
'type' => 'string',
|
||||
];
|
||||
$node['x-example'] = '["any"]';
|
||||
$node['x-example'] = '["' . Role::any()->toString() . '"]';
|
||||
break;
|
||||
case 'Appwrite\Auth\Validator\Password':
|
||||
$node['type'] = $validator->getType();
|
||||
|
|
|
|||
|
|
@ -4,6 +4,7 @@ namespace Appwrite\Utopia\Response\Model;
|
|||
|
||||
use Appwrite\Utopia\Response;
|
||||
use Appwrite\Utopia\Response\Model;
|
||||
use Utopia\Database\Role;
|
||||
|
||||
class Execution extends Model
|
||||
{
|
||||
|
|
@ -32,7 +33,7 @@ class Execution extends Model
|
|||
'type' => self::TYPE_STRING,
|
||||
'description' => 'Execution roles.',
|
||||
'default' => '',
|
||||
'example' => ['any'],
|
||||
'example' => [Role::any()->toString()],
|
||||
'array' => true,
|
||||
])
|
||||
->addRule('functionId', [
|
||||
|
|
|
|||
|
|
@ -95,10 +95,11 @@ class DatabasesPermissionsGuestTest extends Scope
|
|||
|
||||
foreach ($documents['body']['documents'] as $document) {
|
||||
foreach ($document['$permissions'] as $permission) {
|
||||
if (!\str_starts_with($permission, 'read')) {
|
||||
$permission = Permission::parse($permission);
|
||||
if ($permission->getPermission() != 'read') {
|
||||
continue;
|
||||
}
|
||||
$this->assertTrue(\str_contains($permission, 'any'));
|
||||
$this->assertEquals($permission->getRole(), Role::any()->toString());
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -155,12 +155,17 @@ class DatabasesPermissionsMemberTest extends Scope
|
|||
]);
|
||||
|
||||
foreach ($documents['body']['documents'] as $document) {
|
||||
$hasPermissions = \array_reduce(['any', 'users', 'user:' . $users['user1']['$id']], function (bool $carry, string $role) use ($document) {
|
||||
$hasPermissions = \array_reduce([
|
||||
Role::any()->toString(),
|
||||
Role::users()->toString(),
|
||||
Role::user($users['user1']['$id'])->toString(),
|
||||
], function (bool $carry, string $role) use ($document) {
|
||||
if ($carry) {
|
||||
return true;
|
||||
}
|
||||
foreach ($document['$permissions'] as $permission) {
|
||||
if (\str_starts_with($permission, 'read') && \str_contains($permission, $role)) {
|
||||
$permission = Permission::parse($permission);
|
||||
if ($permission->getPermission() == 'read' && $permission->getRole() == $role) {
|
||||
return true;
|
||||
}
|
||||
}
|
||||
|
|
@ -181,12 +186,17 @@ class DatabasesPermissionsMemberTest extends Scope
|
|||
]);
|
||||
|
||||
foreach ($documents['body']['documents'] as $document) {
|
||||
$hasPermissions = \array_reduce(['any', 'users', 'user:' . $users['user1']['$id']], function (bool $carry, string $role) use ($document) {
|
||||
$hasPermissions = \array_reduce([
|
||||
Role::any()->toString(),
|
||||
Role::users()->toString(),
|
||||
Role::user($users['user1']['$id'])->toString(),
|
||||
], function (bool $carry, string $role) use ($document) {
|
||||
if ($carry) {
|
||||
return true;
|
||||
}
|
||||
foreach ($document['$permissions'] as $permission) {
|
||||
if (\str_starts_with($permission, 'read') && \str_contains($permission, $role)) {
|
||||
$permission = Permission::parse($permission);
|
||||
if ($permission->getPermission() == 'read' && $permission->getRole() == $role) {
|
||||
return true;
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -10,6 +10,7 @@ use Tests\E2E\Scopes\SideClient;
|
|||
use Utopia\CLI\Console;
|
||||
use Utopia\Database\Database;
|
||||
use Utopia\Database\ID;
|
||||
use Utopia\Database\Role;
|
||||
|
||||
class FunctionsCustomClientTest extends Scope
|
||||
{
|
||||
|
|
@ -148,7 +149,7 @@ class FunctionsCustomClientTest extends Scope
|
|||
], [
|
||||
'functionId' => ID::unique(),
|
||||
'name' => 'Test',
|
||||
'execute' => ['any'],
|
||||
'execute' => [Role::any()->toString()],
|
||||
'runtime' => 'php-8.0',
|
||||
'vars' => [
|
||||
'funcKey1' => 'funcValue1',
|
||||
|
|
@ -333,7 +334,7 @@ class FunctionsCustomClientTest extends Scope
|
|||
], [
|
||||
'functionId' => ID::unique(),
|
||||
'name' => 'Test',
|
||||
'execute' => ['any'],
|
||||
'execute' => [Role::any()->toString()],
|
||||
'runtime' => 'php-8.0',
|
||||
'vars' => [
|
||||
'funcKey1' => 'funcValue1',
|
||||
|
|
|
|||
|
|
@ -398,7 +398,7 @@ class WebhooksCustomServerTest extends Scope
|
|||
], $this->getHeaders()), [
|
||||
'functionId' => ID::unique(),
|
||||
'name' => 'Test',
|
||||
'execute' => ['any'],
|
||||
'execute' => [Role::any()->toString()],
|
||||
'runtime' => 'php-8.0',
|
||||
'timeout' => 10,
|
||||
]);
|
||||
|
|
@ -447,7 +447,7 @@ class WebhooksCustomServerTest extends Scope
|
|||
], $this->getHeaders()), [
|
||||
'name' => 'Test',
|
||||
'runtime' => 'php-8.0',
|
||||
'execute' => ['any'],
|
||||
'execute' => [Role::any()->toString()],
|
||||
'vars' => [
|
||||
'key1' => 'value1',
|
||||
]
|
||||
|
|
|
|||
|
|
@ -6,6 +6,7 @@ use Appwrite\Auth\Auth;
|
|||
use Utopia\Database\DateTime;
|
||||
use Utopia\Database\Document;
|
||||
use Utopia\Database\ID;
|
||||
use Utopia\Database\Role;
|
||||
use Utopia\Database\Validator\Authorization;
|
||||
use PHPUnit\Framework\TestCase;
|
||||
use Utopia\Database\Database;
|
||||
|
|
@ -18,7 +19,7 @@ class AuthTest extends TestCase
|
|||
public function tearDown(): void
|
||||
{
|
||||
Authorization::cleanRoles();
|
||||
Authorization::setRole('any');
|
||||
Authorization::setRole(Role::any()->toString());
|
||||
}
|
||||
|
||||
public function testCookieName(): void
|
||||
|
|
@ -171,8 +172,8 @@ class AuthTest extends TestCase
|
|||
public function testIsPrivilegedUser(): void
|
||||
{
|
||||
$this->assertEquals(false, Auth::isPrivilegedUser([]));
|
||||
$this->assertEquals(false, Auth::isPrivilegedUser([Auth::USER_ROLE_GUESTS]));
|
||||
$this->assertEquals(false, Auth::isPrivilegedUser([Auth::USER_ROLE_USERS]));
|
||||
$this->assertEquals(false, Auth::isPrivilegedUser([Role::guests()->toString()]));
|
||||
$this->assertEquals(false, Auth::isPrivilegedUser([Role::users()->toString()]));
|
||||
$this->assertEquals(true, Auth::isPrivilegedUser([Auth::USER_ROLE_ADMIN]));
|
||||
$this->assertEquals(true, Auth::isPrivilegedUser([Auth::USER_ROLE_DEVELOPER]));
|
||||
$this->assertEquals(true, Auth::isPrivilegedUser([Auth::USER_ROLE_OWNER]));
|
||||
|
|
@ -180,16 +181,16 @@ class AuthTest extends TestCase
|
|||
$this->assertEquals(false, Auth::isPrivilegedUser([Auth::USER_ROLE_SYSTEM]));
|
||||
|
||||
$this->assertEquals(false, Auth::isPrivilegedUser([Auth::USER_ROLE_APPS, Auth::USER_ROLE_APPS]));
|
||||
$this->assertEquals(false, Auth::isPrivilegedUser([Auth::USER_ROLE_APPS, Auth::USER_ROLE_GUESTS]));
|
||||
$this->assertEquals(true, Auth::isPrivilegedUser([Auth::USER_ROLE_OWNER, Auth::USER_ROLE_GUESTS]));
|
||||
$this->assertEquals(false, Auth::isPrivilegedUser([Auth::USER_ROLE_APPS, Role::guests()->toString()]));
|
||||
$this->assertEquals(true, Auth::isPrivilegedUser([Auth::USER_ROLE_OWNER, Role::guests()->toString()]));
|
||||
$this->assertEquals(true, Auth::isPrivilegedUser([Auth::USER_ROLE_OWNER, Auth::USER_ROLE_ADMIN, Auth::USER_ROLE_DEVELOPER]));
|
||||
}
|
||||
|
||||
public function testIsAppUser(): void
|
||||
{
|
||||
$this->assertEquals(false, Auth::isAppUser([]));
|
||||
$this->assertEquals(false, Auth::isAppUser([Auth::USER_ROLE_GUESTS]));
|
||||
$this->assertEquals(false, Auth::isAppUser([Auth::USER_ROLE_USERS]));
|
||||
$this->assertEquals(false, Auth::isAppUser([Role::guests()->toString()]));
|
||||
$this->assertEquals(false, Auth::isAppUser([Role::users()->toString()]));
|
||||
$this->assertEquals(false, Auth::isAppUser([Auth::USER_ROLE_ADMIN]));
|
||||
$this->assertEquals(false, Auth::isAppUser([Auth::USER_ROLE_DEVELOPER]));
|
||||
$this->assertEquals(false, Auth::isAppUser([Auth::USER_ROLE_OWNER]));
|
||||
|
|
@ -197,8 +198,8 @@ class AuthTest extends TestCase
|
|||
$this->assertEquals(false, Auth::isAppUser([Auth::USER_ROLE_SYSTEM]));
|
||||
|
||||
$this->assertEquals(true, Auth::isAppUser([Auth::USER_ROLE_APPS, Auth::USER_ROLE_APPS]));
|
||||
$this->assertEquals(true, Auth::isAppUser([Auth::USER_ROLE_APPS, Auth::USER_ROLE_GUESTS]));
|
||||
$this->assertEquals(false, Auth::isAppUser([Auth::USER_ROLE_OWNER, Auth::USER_ROLE_GUESTS]));
|
||||
$this->assertEquals(true, Auth::isAppUser([Auth::USER_ROLE_APPS, Role::guests()->toString()]));
|
||||
$this->assertEquals(false, Auth::isAppUser([Auth::USER_ROLE_OWNER, Role::guests()->toString()]));
|
||||
$this->assertEquals(false, Auth::isAppUser([Auth::USER_ROLE_OWNER, Auth::USER_ROLE_ADMIN, Auth::USER_ROLE_DEVELOPER]));
|
||||
}
|
||||
|
||||
|
|
@ -210,7 +211,7 @@ class AuthTest extends TestCase
|
|||
|
||||
$roles = Auth::getRoles($user);
|
||||
$this->assertCount(1, $roles);
|
||||
$this->assertContains('guests', $roles);
|
||||
$this->assertContains(Role::guests()->toString(), $roles);
|
||||
}
|
||||
|
||||
public function testUserRoles(): void
|
||||
|
|
|
|||
|
|
@ -7,6 +7,7 @@ use Utopia\Database\Document;
|
|||
use Appwrite\Messaging\Adapter\Realtime;
|
||||
use PHPUnit\Framework\TestCase;
|
||||
use Utopia\Database\ID;
|
||||
use Utopia\Database\Role;
|
||||
|
||||
class MessagingChannelsTest extends TestCase
|
||||
{
|
||||
|
|
@ -55,7 +56,9 @@ class MessagingChannelsTest extends TestCase
|
|||
[
|
||||
'teamId' => ID::custom('team' . $i),
|
||||
'roles' => [
|
||||
empty($index % 2) ? 'admin' : 'member'
|
||||
empty($index % 2)
|
||||
? Auth::USER_ROLE_ADMIN
|
||||
: Role::users()->toString(),
|
||||
]
|
||||
]
|
||||
]
|
||||
|
|
@ -154,7 +157,7 @@ class MessagingChannelsTest extends TestCase
|
|||
foreach ($this->allChannels as $index => $channel) {
|
||||
$event = [
|
||||
'project' => '1',
|
||||
'roles' => ['any'],
|
||||
'roles' => [Role::any()->toString()],
|
||||
'data' => [
|
||||
'channels' => [
|
||||
0 => $channel,
|
||||
|
|
@ -180,7 +183,10 @@ class MessagingChannelsTest extends TestCase
|
|||
|
||||
public function testRolePermissions(): void
|
||||
{
|
||||
$roles = ['guests', 'users'];
|
||||
$roles = [
|
||||
Role::guests()->toString(),
|
||||
Role::users()->toString()
|
||||
];
|
||||
foreach ($this->allChannels as $index => $channel) {
|
||||
foreach ($roles as $role) {
|
||||
$permissions = [$role];
|
||||
|
|
@ -217,7 +223,7 @@ class MessagingChannelsTest extends TestCase
|
|||
foreach ($this->allChannels as $index => $channel) {
|
||||
$permissions = [];
|
||||
for ($i = 0; $i < $this->connectionsPerChannel; $i++) {
|
||||
$permissions[] = 'user:user' . (!empty($i) ? $i : '') . $index;
|
||||
$permissions[] = Role::user(ID::custom('user' . (!empty($i) ? $i : '') . $index))->toString();
|
||||
}
|
||||
$event = [
|
||||
'project' => '1',
|
||||
|
|
@ -251,7 +257,7 @@ class MessagingChannelsTest extends TestCase
|
|||
$permissions = [];
|
||||
|
||||
for ($i = 0; $i < $this->connectionsPerChannel; $i++) {
|
||||
$permissions[] = 'team:team' . $i;
|
||||
$permissions[] = Role::team(ID::custom('team' . $i))->toString();
|
||||
}
|
||||
$event = [
|
||||
'project' => '1',
|
||||
|
|
@ -277,7 +283,14 @@ class MessagingChannelsTest extends TestCase
|
|||
$this->assertStringEndsWith($index, $receiver);
|
||||
}
|
||||
|
||||
$permissions = ['team:team' . $index . '/' . (empty($index % 2) ? 'admin' : 'member')];
|
||||
$permissions = [
|
||||
Role::team(
|
||||
ID::custom('team' . $index),
|
||||
(empty($index % 2)
|
||||
? Auth::USER_ROLE_ADMIN
|
||||
: Role::users()->toString())
|
||||
)->toString()
|
||||
];
|
||||
|
||||
$event = [
|
||||
'project' => '1',
|
||||
|
|
|
|||
|
|
@ -4,6 +4,8 @@ namespace Tests\Unit\Messaging;
|
|||
|
||||
use Appwrite\Messaging\Adapter\Realtime;
|
||||
use PHPUnit\Framework\TestCase;
|
||||
use Utopia\Database\ID;
|
||||
use Utopia\Database\Role;
|
||||
|
||||
class MessagingGuestTest extends TestCase
|
||||
{
|
||||
|
|
@ -14,13 +16,13 @@ class MessagingGuestTest extends TestCase
|
|||
$realtime->subscribe(
|
||||
'1',
|
||||
1,
|
||||
['guests'],
|
||||
[Role::guests()->toString()],
|
||||
['files' => 0, 'documents' => 0, 'documents.789' => 0, 'account.123' => 0]
|
||||
);
|
||||
|
||||
$event = [
|
||||
'project' => '1',
|
||||
'roles' => ['any'],
|
||||
'roles' => [Role::any()->toString()],
|
||||
'data' => [
|
||||
'channels' => [
|
||||
0 => 'documents',
|
||||
|
|
@ -34,68 +36,68 @@ class MessagingGuestTest extends TestCase
|
|||
$this->assertCount(1, $receivers);
|
||||
$this->assertEquals(1, $receivers[0]);
|
||||
|
||||
$event['roles'] = ['guests'];
|
||||
$event['roles'] = [Role::guests()->toString()];
|
||||
|
||||
$receivers = $realtime->getSubscribers($event);
|
||||
|
||||
$this->assertCount(1, $receivers);
|
||||
$this->assertEquals(1, $receivers[0]);
|
||||
|
||||
$event['roles'] = ['users'];
|
||||
$event['roles'] = [Role::users()->toString()];
|
||||
|
||||
$receivers = $realtime->getSubscribers($event);
|
||||
|
||||
$this->assertEmpty($receivers);
|
||||
|
||||
$event['roles'] = ['user:123'];
|
||||
$event['roles'] = [Role::user(ID::custom('123'))->toString()];
|
||||
|
||||
$receivers = $realtime->getSubscribers($event);
|
||||
|
||||
$this->assertEmpty($receivers);
|
||||
|
||||
$event['roles'] = ['team:abc'];
|
||||
$event['roles'] = [Role::team(ID::custom('abc'))->toString()];
|
||||
|
||||
$receivers = $realtime->getSubscribers($event);
|
||||
|
||||
$this->assertEmpty($receivers);
|
||||
|
||||
$event['roles'] = ['team:abc/administrator'];
|
||||
$event['roles'] = [Role::team(ID::custom('abc'), 'administrator')->toString()];
|
||||
|
||||
$receivers = $realtime->getSubscribers($event);
|
||||
|
||||
$this->assertEmpty($receivers);
|
||||
|
||||
$event['roles'] = ['team:abc/god'];
|
||||
$event['roles'] = [Role::team(ID::custom('abc'), 'god')->toString()];
|
||||
|
||||
$receivers = $realtime->getSubscribers($event);
|
||||
|
||||
$this->assertEmpty($receivers);
|
||||
|
||||
$event['roles'] = ['team:def'];
|
||||
$event['roles'] = [Role::team(ID::custom('def'))->toString()];
|
||||
|
||||
$receivers = $realtime->getSubscribers($event);
|
||||
|
||||
$this->assertEmpty($receivers);
|
||||
|
||||
$event['roles'] = ['team:def/guest'];
|
||||
$event['roles'] = [Role::team(ID::custom('def'), 'guest')->toString()];
|
||||
|
||||
$receivers = $realtime->getSubscribers($event);
|
||||
|
||||
$this->assertEmpty($receivers);
|
||||
|
||||
$event['roles'] = ['user:456'];
|
||||
$event['roles'] = [Role::user(ID::custom('456'))->toString()];
|
||||
|
||||
$receivers = $realtime->getSubscribers($event);
|
||||
|
||||
$this->assertEmpty($receivers);
|
||||
|
||||
$event['roles'] = ['team:def/member'];
|
||||
$event['roles'] = [Role::team(ID::custom('def'), 'member')->toString()];
|
||||
|
||||
$receivers = $realtime->getSubscribers($event);
|
||||
|
||||
$this->assertEmpty($receivers);
|
||||
|
||||
$event['roles'] = ['any'];
|
||||
$event['roles'] = [Role::any()->toString()];
|
||||
$event['data']['channels'] = ['documents.123'];
|
||||
|
||||
$receivers = $realtime->getSubscribers($event);
|
||||
|
|
|
|||
|
|
@ -26,13 +26,21 @@ class MessagingTest extends TestCase
|
|||
$realtime->subscribe(
|
||||
'1',
|
||||
1,
|
||||
['user:123', 'users', 'team:abc', 'team:abc/administrator', 'team:abc/moderator', 'team:def', 'team:def/guest'],
|
||||
[
|
||||
Role::user(ID::custom('123'))->toString(),
|
||||
Role::users()->toString(),
|
||||
Role::team(ID::custom('abc'))->toString(),
|
||||
Role::team(ID::custom('abc'), 'administrator')->toString(),
|
||||
Role::team(ID::custom('abc'), 'moderator')->toString(),
|
||||
Role::team(ID::custom('def'))->toString(),
|
||||
Role::team(ID::custom('def'), 'guest')->toString(),
|
||||
],
|
||||
['files' => 0, 'documents' => 0, 'documents.789' => 0, 'account.123' => 0]
|
||||
);
|
||||
|
||||
$event = [
|
||||
'project' => '1',
|
||||
'roles' => ['any'],
|
||||
'roles' => [Role::any()->toString()],
|
||||
'data' => [
|
||||
'channels' => [
|
||||
0 => 'account.123',
|
||||
|
|
@ -45,68 +53,68 @@ class MessagingTest extends TestCase
|
|||
$this->assertCount(1, $receivers);
|
||||
$this->assertEquals(1, $receivers[0]);
|
||||
|
||||
$event['roles'] = ['users'];
|
||||
$event['roles'] = [Role::users()->toString()];
|
||||
|
||||
$receivers = $realtime->getSubscribers($event);
|
||||
|
||||
$this->assertCount(1, $receivers);
|
||||
$this->assertEquals(1, $receivers[0]);
|
||||
|
||||
$event['roles'] = ['user:123'];
|
||||
$event['roles'] = [Role::user(ID::custom('123'))->toString()];
|
||||
|
||||
$receivers = $realtime->getSubscribers($event);
|
||||
|
||||
$this->assertCount(1, $receivers);
|
||||
$this->assertEquals(1, $receivers[0]);
|
||||
|
||||
$event['roles'] = ['team:abc'];
|
||||
$event['roles'] = [Role::team(ID::custom('abc'))->toString()];
|
||||
|
||||
$receivers = $realtime->getSubscribers($event);
|
||||
|
||||
$this->assertCount(1, $receivers);
|
||||
$this->assertEquals(1, $receivers[0]);
|
||||
|
||||
$event['roles'] = ['team:abc/administrator'];
|
||||
$event['roles'] = [Role::team(ID::custom('abc'), 'administrator')->toString()];
|
||||
|
||||
$receivers = $realtime->getSubscribers($event);
|
||||
|
||||
$this->assertCount(1, $receivers);
|
||||
$this->assertEquals(1, $receivers[0]);
|
||||
|
||||
$event['roles'] = ['team:abc/moderator'];
|
||||
$event['roles'] = [Role::team(ID::custom('abc'), 'moderator')->toString()];
|
||||
|
||||
$receivers = $realtime->getSubscribers($event);
|
||||
|
||||
$this->assertCount(1, $receivers);
|
||||
$this->assertEquals(1, $receivers[0]);
|
||||
|
||||
$event['roles'] = ['team:def'];
|
||||
$event['roles'] = [Role::team(ID::custom('def'))->toString()];
|
||||
|
||||
$receivers = $realtime->getSubscribers($event);
|
||||
|
||||
$this->assertCount(1, $receivers);
|
||||
$this->assertEquals(1, $receivers[0]);
|
||||
|
||||
$event['roles'] = ['team:def/guest'];
|
||||
$event['roles'] = [Role::team(ID::custom('def'), 'guest')->toString()];
|
||||
|
||||
$receivers = $realtime->getSubscribers($event);
|
||||
|
||||
$this->assertCount(1, $receivers);
|
||||
$this->assertEquals(1, $receivers[0]);
|
||||
|
||||
$event['roles'] = ['user:456'];
|
||||
$event['roles'] = [Role::user(ID::custom('456'))->toString()];
|
||||
|
||||
$receivers = $realtime->getSubscribers($event);
|
||||
|
||||
$this->assertEmpty($receivers);
|
||||
|
||||
$event['roles'] = ['team:def/member'];
|
||||
$event['roles'] = [Role::team(ID::custom('def'), 'member')->toString()];
|
||||
|
||||
$receivers = $realtime->getSubscribers($event);
|
||||
|
||||
$this->assertEmpty($receivers);
|
||||
|
||||
$event['roles'] = ['any'];
|
||||
$event['roles'] = [Role::any()->toString()];
|
||||
$event['data']['channels'] = ['documents.123'];
|
||||
|
||||
$receivers = $realtime->getSubscribers($event);
|
||||
|
|
@ -199,7 +207,7 @@ class MessagingTest extends TestCase
|
|||
$this->assertArrayNotHasKey('account.456', $channels);
|
||||
}
|
||||
|
||||
public function testFromPayloadCollectionLevelPermissions(): void
|
||||
public function testFromPayloadPermissions(): void
|
||||
{
|
||||
/**
|
||||
* Test Collection Level Permissions
|
||||
|
|
@ -210,9 +218,9 @@ class MessagingTest extends TestCase
|
|||
'$id' => ID::custom('test'),
|
||||
'$collection' => ID::custom('collection'),
|
||||
'$permissions' => [
|
||||
'read(admin)',
|
||||
'update(admin)',
|
||||
'delete(admin)',
|
||||
Permission::read(Role::team('123abc')),
|
||||
Permission::update(Role::team('123abc')),
|
||||
Permission::delete(Role::team('123abc')),
|
||||
],
|
||||
]),
|
||||
database: new Document([
|
||||
|
|
@ -228,8 +236,8 @@ class MessagingTest extends TestCase
|
|||
])
|
||||
);
|
||||
|
||||
$this->assertContains('any', $result['roles']);
|
||||
$this->assertNotContains('role:admin', $result['roles']);
|
||||
$this->assertContains(Role::any()->toString(), $result['roles']);
|
||||
$this->assertNotContains(Role::team('123abc')->toString(), $result['roles']);
|
||||
|
||||
/**
|
||||
* Test Document Level Permissions
|
||||
|
|
@ -251,16 +259,16 @@ class MessagingTest extends TestCase
|
|||
collection: new Document([
|
||||
'$id' => ID::custom('collection'),
|
||||
'$permissions' => [
|
||||
'read(admin)',
|
||||
'update(admin)',
|
||||
'delete(admin)',
|
||||
Permission::read(Role::team('123abc')),
|
||||
Permission::update(Role::team('123abc')),
|
||||
Permission::delete(Role::team('123abc')),
|
||||
],
|
||||
'documentSecurity' => true,
|
||||
])
|
||||
);
|
||||
|
||||
$this->assertContains('any', $result['roles']);
|
||||
$this->assertContains('admin', $result['roles']);
|
||||
$this->assertContains(Role::any()->toString(), $result['roles']);
|
||||
$this->assertContains(Role::team('123abc')->toString(), $result['roles']);
|
||||
}
|
||||
|
||||
public function testFromPayloadBucketLevelPermissions(): void
|
||||
|
|
@ -274,9 +282,9 @@ class MessagingTest extends TestCase
|
|||
'$id' => ID::custom('test'),
|
||||
'$collection' => ID::custom('bucket'),
|
||||
'$permissions' => [
|
||||
'read(admin)',
|
||||
'update(admin)',
|
||||
'delete(admin)',
|
||||
Permission::read(Role::team('123abc')),
|
||||
Permission::update(Role::team('123abc')),
|
||||
Permission::delete(Role::team('123abc')),
|
||||
],
|
||||
]),
|
||||
bucket: new Document([
|
||||
|
|
@ -289,8 +297,8 @@ class MessagingTest extends TestCase
|
|||
])
|
||||
);
|
||||
|
||||
$this->assertContains('any', $result['roles']);
|
||||
$this->assertNotContains('admin', $result['roles']);
|
||||
$this->assertContains(Role::any()->toString(), $result['roles']);
|
||||
$this->assertNotContains(Role::team('123abc')->toString(), $result['roles']);
|
||||
|
||||
/**
|
||||
* Test File Level Permissions
|
||||
|
|
@ -309,15 +317,15 @@ class MessagingTest extends TestCase
|
|||
bucket: new Document([
|
||||
'$id' => ID::custom('bucket'),
|
||||
'$permissions' => [
|
||||
'read(admin)',
|
||||
'update(admin)',
|
||||
'delete(admin)',
|
||||
Permission::read(Role::team('123abc')),
|
||||
Permission::update(Role::team('123abc')),
|
||||
Permission::delete(Role::team('123abc')),
|
||||
],
|
||||
'fileSecurity' => true
|
||||
])
|
||||
);
|
||||
|
||||
$this->assertContains('any', $result['roles']);
|
||||
$this->assertContains('admin', $result['roles']);
|
||||
$this->assertContains(Role::any()->toString(), $result['roles']);
|
||||
$this->assertContains(Role::team('123abc')->toString(), $result['roles']);
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -1,6 +1,6 @@
|
|||
<?php
|
||||
|
||||
namespace Tests\Unit\Validator;
|
||||
namespace Tests\Unit\Task\Validator;
|
||||
|
||||
use Appwrite\Task\Validator\Cron;
|
||||
use PHPUnit\Framework\TestCase;
|
||||
|
|
|
|||
Loading…
Reference in a new issue