Review fixes
This commit is contained in:
parent
40047a2ed3
commit
6cd0e328d9
|
@ -3197,13 +3197,13 @@ App::patch('/v1/databases/:databaseId/collections/:collectionId/documents/:docum
|
|||
}
|
||||
|
||||
$data = \array_merge($document->getArrayCopy(), $data); // Merge existing data with new data
|
||||
$data['$collection'] = $collection->getId(); // Make sure user doesn't switch collectionID
|
||||
$data['$createdAt'] = $document->getCreatedAt(); // Make sure user doesn't switch createdAt
|
||||
$data['$id'] = $document->getId(); // Make sure user doesn't switch document unique ID
|
||||
$data['$permissions'] = $permissions;
|
||||
$data['$collection'] = $document->getAttribute('$collection'); // Attribute $collection is required for Utopia. Copying it from old version of document
|
||||
$newDocument = new Document($data);
|
||||
|
||||
$setCollection = (function (Document $collection, Document $document) use (&$setCollection, $dbForProject, $database) {
|
||||
$setCollection = function (Document $collection, Document $document) use (&$setCollection, $dbForProject, $database) {
|
||||
$relationships = \array_filter(
|
||||
$collection->getAttribute('attributes', []),
|
||||
fn($attribute) => $attribute->getAttribute('type') === Database::VAR_RELATIONSHIP
|
||||
|
@ -3267,9 +3267,10 @@ App::patch('/v1/databases/:databaseId/collections/:collectionId/documents/:docum
|
|||
$document->setAttribute($relationship->getAttribute('key'), \reset($relations));
|
||||
}
|
||||
}
|
||||
});
|
||||
};
|
||||
|
||||
$setCollection($collection, $newDocument);
|
||||
|
||||
try {
|
||||
$document = $dbForProject->withRequestTimestamp(
|
||||
$requestTimestamp,
|
||||
|
|
|
@ -84,7 +84,7 @@ services:
|
|||
- ./docs:/usr/src/code/docs
|
||||
- ./public:/usr/src/code/public
|
||||
- ./src:/usr/src/code/src
|
||||
- ./dev:/usr/local/dev
|
||||
- ./dev:/usr/src/code/dev
|
||||
depends_on:
|
||||
- mariadb
|
||||
- redis
|
||||
|
|
|
@ -548,6 +548,7 @@ class DatabasesCustomClientTest extends Scope
|
|||
]
|
||||
]
|
||||
]);
|
||||
|
||||
$this->assertEquals(201, $parentDocument['headers']['status-code']);
|
||||
|
||||
// This is the point of this test. We should be allowed to do this action, and it should not fail on permission check
|
||||
|
@ -578,7 +579,24 @@ class DatabasesCustomClientTest extends Scope
|
|||
|
||||
$this->assertEquals(200, $response['headers']['status-code']);
|
||||
$this->assertEquals(11, $response['body'][$collection2['body']['$id']]['collection3']['Rating']);
|
||||
// Update collection 2 document
|
||||
|
||||
// We should not be allowed to update the document as we do not have permission for collection 2.
|
||||
$response = $this->client->call(Client::METHOD_PATCH, '/databases/' . $databaseId . '/collections/' . $collection1['body']['$id'] . '/documents/' . $collection1['body']['$id'], array_merge([
|
||||
'content-type' => 'application/json',
|
||||
'x-appwrite-project' => $this->getProject()['$id'],
|
||||
], $this->getHeaders()), [
|
||||
'data' => [
|
||||
'Title' => 'Captain America',
|
||||
$collection2['body']['$id'] => [
|
||||
'$id' => ID::custom($collection2['body']['$id']),
|
||||
'Rating' => '11',
|
||||
$collection3['body']['$id'] => null,
|
||||
]
|
||||
]
|
||||
]);
|
||||
|
||||
$this->assertEquals(401, $response['headers']['status-code']);
|
||||
|
||||
// We should not be allowed to update the document as we do not have permission for collection 2.
|
||||
$response = $this->client->call(Client::METHOD_PATCH, '/databases/' . $databaseId . '/collections/' . $collection2['body']['$id'] . '/documents/' . $collection2['body']['$id'], array_merge([
|
||||
'content-type' => 'application/json',
|
||||
|
|
Loading…
Reference in a new issue