Add permission allowed for user type check function

2024-09-30 01:08:13 +13:00 · 2022-08-08 22:26:07 +12:00 · 2022-08-08 22:26:07 +12:00 · 686c42ae07
commit 686c42ae07
parent ac11617655
1 changed files with 27 additions and 0 deletions
--- a/src/Appwrite/Permissions/PermissionsProcessor.php
+++ b/src/Appwrite/Permissions/PermissionsProcessor.php
@ -53,4 +53,31 @@ class PermissionsProcessor
        }
        return $permissions;
    }
+
+    public static function allowedForUserType(?array $permissions): bool
+    {
+        if (\is_null($permissions)) {
+            return false;
+        }
+
+        // Users can only manage their own roles, API keys and Admin users can manage any
+        $roles = Authorization::getRoles();
+
+        if (!Auth::isAppUser($roles) && !Auth::isPrivilegedUser($roles)) {
+            foreach (Database::PERMISSIONS as $type) {
+                foreach ($permissions as $permission) {
+                    if (!\str_starts_with($permission, $type)) {
+                        continue;
+                    }
+                    $matches = \explode(',', \str_replace([$type, '(', ')', ' '], '', $permission));
+                    foreach ($matches as $role) {
+                        if (!Authorization::isRole($role)) {
+                            return false;
+                        }
+                    }
+                }
+            }
+        }
+        return true;
+    }
 }