Review fixes
This commit is contained in:
parent
40047a2ed3
commit
6cd0e328d9
|
@ -3197,13 +3197,13 @@ App::patch('/v1/databases/:databaseId/collections/:collectionId/documents/:docum
|
||||||
}
|
}
|
||||||
|
|
||||||
$data = \array_merge($document->getArrayCopy(), $data); // Merge existing data with new data
|
$data = \array_merge($document->getArrayCopy(), $data); // Merge existing data with new data
|
||||||
|
$data['$collection'] = $collection->getId(); // Make sure user doesn't switch collectionID
|
||||||
$data['$createdAt'] = $document->getCreatedAt(); // Make sure user doesn't switch createdAt
|
$data['$createdAt'] = $document->getCreatedAt(); // Make sure user doesn't switch createdAt
|
||||||
$data['$id'] = $document->getId(); // Make sure user doesn't switch document unique ID
|
$data['$id'] = $document->getId(); // Make sure user doesn't switch document unique ID
|
||||||
$data['$permissions'] = $permissions;
|
$data['$permissions'] = $permissions;
|
||||||
$data['$collection'] = $document->getAttribute('$collection'); // Attribute $collection is required for Utopia. Copying it from old version of document
|
|
||||||
$newDocument = new Document($data);
|
$newDocument = new Document($data);
|
||||||
|
|
||||||
$setCollection = (function (Document $collection, Document $document) use (&$setCollection, $dbForProject, $database) {
|
$setCollection = function (Document $collection, Document $document) use (&$setCollection, $dbForProject, $database) {
|
||||||
$relationships = \array_filter(
|
$relationships = \array_filter(
|
||||||
$collection->getAttribute('attributes', []),
|
$collection->getAttribute('attributes', []),
|
||||||
fn($attribute) => $attribute->getAttribute('type') === Database::VAR_RELATIONSHIP
|
fn($attribute) => $attribute->getAttribute('type') === Database::VAR_RELATIONSHIP
|
||||||
|
@ -3267,9 +3267,10 @@ App::patch('/v1/databases/:databaseId/collections/:collectionId/documents/:docum
|
||||||
$document->setAttribute($relationship->getAttribute('key'), \reset($relations));
|
$document->setAttribute($relationship->getAttribute('key'), \reset($relations));
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
});
|
};
|
||||||
|
|
||||||
$setCollection($collection, $newDocument);
|
$setCollection($collection, $newDocument);
|
||||||
|
|
||||||
try {
|
try {
|
||||||
$document = $dbForProject->withRequestTimestamp(
|
$document = $dbForProject->withRequestTimestamp(
|
||||||
$requestTimestamp,
|
$requestTimestamp,
|
||||||
|
|
|
@ -84,7 +84,7 @@ services:
|
||||||
- ./docs:/usr/src/code/docs
|
- ./docs:/usr/src/code/docs
|
||||||
- ./public:/usr/src/code/public
|
- ./public:/usr/src/code/public
|
||||||
- ./src:/usr/src/code/src
|
- ./src:/usr/src/code/src
|
||||||
- ./dev:/usr/local/dev
|
- ./dev:/usr/src/code/dev
|
||||||
depends_on:
|
depends_on:
|
||||||
- mariadb
|
- mariadb
|
||||||
- redis
|
- redis
|
||||||
|
|
|
@ -548,6 +548,7 @@ class DatabasesCustomClientTest extends Scope
|
||||||
]
|
]
|
||||||
]
|
]
|
||||||
]);
|
]);
|
||||||
|
|
||||||
$this->assertEquals(201, $parentDocument['headers']['status-code']);
|
$this->assertEquals(201, $parentDocument['headers']['status-code']);
|
||||||
|
|
||||||
// This is the point of this test. We should be allowed to do this action, and it should not fail on permission check
|
// This is the point of this test. We should be allowed to do this action, and it should not fail on permission check
|
||||||
|
@ -578,7 +579,24 @@ class DatabasesCustomClientTest extends Scope
|
||||||
|
|
||||||
$this->assertEquals(200, $response['headers']['status-code']);
|
$this->assertEquals(200, $response['headers']['status-code']);
|
||||||
$this->assertEquals(11, $response['body'][$collection2['body']['$id']]['collection3']['Rating']);
|
$this->assertEquals(11, $response['body'][$collection2['body']['$id']]['collection3']['Rating']);
|
||||||
// Update collection 2 document
|
|
||||||
|
// We should not be allowed to update the document as we do not have permission for collection 2.
|
||||||
|
$response = $this->client->call(Client::METHOD_PATCH, '/databases/' . $databaseId . '/collections/' . $collection1['body']['$id'] . '/documents/' . $collection1['body']['$id'], array_merge([
|
||||||
|
'content-type' => 'application/json',
|
||||||
|
'x-appwrite-project' => $this->getProject()['$id'],
|
||||||
|
], $this->getHeaders()), [
|
||||||
|
'data' => [
|
||||||
|
'Title' => 'Captain America',
|
||||||
|
$collection2['body']['$id'] => [
|
||||||
|
'$id' => ID::custom($collection2['body']['$id']),
|
||||||
|
'Rating' => '11',
|
||||||
|
$collection3['body']['$id'] => null,
|
||||||
|
]
|
||||||
|
]
|
||||||
|
]);
|
||||||
|
|
||||||
|
$this->assertEquals(401, $response['headers']['status-code']);
|
||||||
|
|
||||||
// We should not be allowed to update the document as we do not have permission for collection 2.
|
// We should not be allowed to update the document as we do not have permission for collection 2.
|
||||||
$response = $this->client->call(Client::METHOD_PATCH, '/databases/' . $databaseId . '/collections/' . $collection2['body']['$id'] . '/documents/' . $collection2['body']['$id'], array_merge([
|
$response = $this->client->call(Client::METHOD_PATCH, '/databases/' . $databaseId . '/collections/' . $collection2['body']['$id'] . '/documents/' . $collection2['body']['$id'], array_merge([
|
||||||
'content-type' => 'application/json',
|
'content-type' => 'application/json',
|
||||||
|
|
Loading…
Reference in a new issue