CodeMirror/appwrite
1
0
Fork 0
mirror of synced 2024-06-27 02:31:04 +12:00
Code Issues Projects Releases Wiki Activity

Update role references

Browse source
This commit is contained in:
Jake Barnby 2022-08-03 21:52:34 +12:00
parent a0add9ec7a
commit 7b9fb32fae
4 changed files with 38 additions and 38 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
app/controllers/api/account.php
View file

@ -118,9 +118,9 @@ App::post('/v1/account')
throw new Exception('Account already exists', 409, Exception::USER_ALREADY_EXISTS);
}
Authorization::unsetRole('role:' . Auth::USER_ROLE_GUEST);
Authorization::unsetRole(Auth::USER_ROLE_GUESTS);
Authorization::setRole('user:' . $user->getId());
Authorization::setRole('role:' . Auth::USER_ROLE_MEMBER);
Authorization::setRole(Auth::USER_ROLE_USERS);
$audits
->setResource('user/' . $user->getId())

6
app/controllers/general.php
View file

@ -236,7 +236,7 @@ App::init(function (App $utopia, Request $request, Response $response, Document
/*
* ACL Check
*/
$role = ($user->isEmpty()) ? Auth::USER_ROLE_GUEST : Auth::USER_ROLE_MEMBER;
$role = ($user->isEmpty()) ? Auth::USER_ROLE_GUESTS : Auth::USER_ROLE_USERS;
// Add user roles
$memberships = $user->find('teamId', $project->getAttribute('teamId', null), 'memberships');
@ -289,12 +289,12 @@ App::init(function (App $utopia, Request $request, Response $response, Document
throw new AppwriteException('Project key expired', 401, AppwriteException:: PROJECT_KEY_EXPIRED);
}
Authorization::setRole('role:' . Auth::USER_ROLE_APP);
Authorization::setRole(Auth::USER_ROLE_APP);
Authorization::setDefaultStatus(false); // Cancel security segmentation for API keys.
}
}
Authorization::setRole('role:' . $role);
Authorization::setRole($role);
foreach (Auth::getRoles($user) as $authRole) {
Authorization::setRole($authRole);

18
src/Appwrite/Auth/Auth.php
View file

@ -10,9 +10,9 @@ class Auth
/**
* User Roles.
*/
public const USER_ROLE_ALL = 'all';
public const USER_ROLE_GUEST = 'guest';
public const USER_ROLE_MEMBER = 'member';
public const USER_ROLE_ANY = 'any';
public const USER_ROLE_GUESTS = 'guests';
public const USER_ROLE_USERS = 'users';
public const USER_ROLE_ADMIN = 'admin';
public const USER_ROLE_DEVELOPER = 'developer';
public const USER_ROLE_OWNER = 'owner';
@ -270,9 +270,9 @@ class Auth
public static function isPrivilegedUser(array $roles): bool
{
if (
in_array('role:' . self::USER_ROLE_OWNER, $roles) ||
in_array('role:' . self::USER_ROLE_DEVELOPER, $roles) ||
in_array('role:' . self::USER_ROLE_ADMIN, $roles)
in_array(self::USER_ROLE_OWNER, $roles) ||
in_array(self::USER_ROLE_DEVELOPER, $roles) ||
in_array(self::USER_ROLE_ADMIN, $roles)
) {
return true;
}
@ -289,7 +289,7 @@ class Auth
*/
public static function isAppUser(array $roles): bool
{
if (in_array('role:' . self::USER_ROLE_APP, $roles)) {
if (in_array(self::USER_ROLE_APP, $roles)) {
return true;
}
@ -309,9 +309,9 @@ class Auth
if (!self::isPrivilegedUser(Authorization::getRoles()) && !self::isAppUser(Authorization::getRoles())) {
if ($user->getId()) {
$roles[] = 'user:' . $user->getId();
$roles[] = 'role:' . Auth::USER_ROLE_MEMBER;
$roles[] = Auth::USER_ROLE_USERS;
} else {
return ['role:' . Auth::USER_ROLE_GUEST];
return [Auth::USER_ROLE_GUESTS];
}
}

48
tests/unit/Auth/AuthTest.php
View file

@ -172,35 +172,35 @@ class AuthTest extends TestCase
public function testIsPrivilegedUser()
{
$this->assertEquals(false, Auth::isPrivilegedUser([]));
$this->assertEquals(false, Auth::isPrivilegedUser(['role:' . Auth::USER_ROLE_GUEST]));
$this->assertEquals(false, Auth::isPrivilegedUser(['role:' . Auth::USER_ROLE_MEMBER]));
$this->assertEquals(true, Auth::isPrivilegedUser(['role:' . Auth::USER_ROLE_ADMIN]));
$this->assertEquals(true, Auth::isPrivilegedUser(['role:' . Auth::USER_ROLE_DEVELOPER]));
$this->assertEquals(true, Auth::isPrivilegedUser(['role:' . Auth::USER_ROLE_OWNER]));
$this->assertEquals(false, Auth::isPrivilegedUser(['role:' . Auth::USER_ROLE_APP]));
$this->assertEquals(false, Auth::isPrivilegedUser(['role:' . Auth::USER_ROLE_SYSTEM]));
$this->assertEquals(false, Auth::isPrivilegedUser([Auth::USER_ROLE_GUESTS]));
$this->assertEquals(false, Auth::isPrivilegedUser([Auth::USER_ROLE_USERS]));
$this->assertEquals(true, Auth::isPrivilegedUser([Auth::USER_ROLE_ADMIN]));
$this->assertEquals(true, Auth::isPrivilegedUser([Auth::USER_ROLE_DEVELOPER]));
$this->assertEquals(true, Auth::isPrivilegedUser([Auth::USER_ROLE_OWNER]));
$this->assertEquals(false, Auth::isPrivilegedUser([Auth::USER_ROLE_APP]));
$this->assertEquals(false, Auth::isPrivilegedUser([Auth::USER_ROLE_SYSTEM]));
$this->assertEquals(false, Auth::isPrivilegedUser(['role:' . Auth::USER_ROLE_APP, 'role:' . Auth::USER_ROLE_APP]));
$this->assertEquals(false, Auth::isPrivilegedUser(['role:' . Auth::USER_ROLE_APP, 'role:' . Auth::USER_ROLE_GUEST]));
$this->assertEquals(true, Auth::isPrivilegedUser(['role:' . Auth::USER_ROLE_OWNER, 'role:' . Auth::USER_ROLE_GUEST]));
$this->assertEquals(true, Auth::isPrivilegedUser(['role:' . Auth::USER_ROLE_OWNER, 'role:' . Auth::USER_ROLE_ADMIN, 'role:' . Auth::USER_ROLE_DEVELOPER]));
$this->assertEquals(false, Auth::isPrivilegedUser([Auth::USER_ROLE_APP, Auth::USER_ROLE_APP]));
$this->assertEquals(false, Auth::isPrivilegedUser([Auth::USER_ROLE_APP, Auth::USER_ROLE_GUESTS]));
$this->assertEquals(true, Auth::isPrivilegedUser([Auth::USER_ROLE_OWNER, Auth::USER_ROLE_GUESTS]));
$this->assertEquals(true, Auth::isPrivilegedUser([Auth::USER_ROLE_OWNER, Auth::USER_ROLE_ADMIN, Auth::USER_ROLE_DEVELOPER]));
}
public function testIsAppUser()
{
$this->assertEquals(false, Auth::isAppUser([]));
$this->assertEquals(false, Auth::isAppUser(['role:' . Auth::USER_ROLE_GUEST]));
$this->assertEquals(false, Auth::isAppUser(['role:' . Auth::USER_ROLE_MEMBER]));
$this->assertEquals(false, Auth::isAppUser(['role:' . Auth::USER_ROLE_ADMIN]));
$this->assertEquals(false, Auth::isAppUser(['role:' . Auth::USER_ROLE_DEVELOPER]));
$this->assertEquals(false, Auth::isAppUser(['role:' . Auth::USER_ROLE_OWNER]));
$this->assertEquals(true, Auth::isAppUser(['role:' . Auth::USER_ROLE_APP]));
$this->assertEquals(false, Auth::isAppUser(['role:' . Auth::USER_ROLE_SYSTEM]));
$this->assertEquals(false, Auth::isAppUser([Auth::USER_ROLE_GUESTS]));
$this->assertEquals(false, Auth::isAppUser([Auth::USER_ROLE_USERS]));
$this->assertEquals(false, Auth::isAppUser([Auth::USER_ROLE_ADMIN]));
$this->assertEquals(false, Auth::isAppUser([Auth::USER_ROLE_DEVELOPER]));
$this->assertEquals(false, Auth::isAppUser([Auth::USER_ROLE_OWNER]));
$this->assertEquals(true, Auth::isAppUser([Auth::USER_ROLE_APP]));
$this->assertEquals(false, Auth::isAppUser([Auth::USER_ROLE_SYSTEM]));
$this->assertEquals(true, Auth::isAppUser(['role:' . Auth::USER_ROLE_APP, 'role:' . Auth::USER_ROLE_APP]));
$this->assertEquals(true, Auth::isAppUser(['role:' . Auth::USER_ROLE_APP, 'role:' . Auth::USER_ROLE_GUEST]));
$this->assertEquals(false, Auth::isAppUser(['role:' . Auth::USER_ROLE_OWNER, 'role:' . Auth::USER_ROLE_GUEST]));
$this->assertEquals(false, Auth::isAppUser(['role:' . Auth::USER_ROLE_OWNER, 'role:' . Auth::USER_ROLE_ADMIN, 'role:' . Auth::USER_ROLE_DEVELOPER]));
$this->assertEquals(true, Auth::isAppUser([Auth::USER_ROLE_APP, Auth::USER_ROLE_APP]));
$this->assertEquals(true, Auth::isAppUser([Auth::USER_ROLE_APP, Auth::USER_ROLE_GUESTS]));
$this->assertEquals(false, Auth::isAppUser([Auth::USER_ROLE_OWNER, Auth::USER_ROLE_GUESTS]));
$this->assertEquals(false, Auth::isAppUser([Auth::USER_ROLE_OWNER, Auth::USER_ROLE_ADMIN, Auth::USER_ROLE_DEVELOPER]));
}
public function testGuestRoles()
@ -249,7 +249,7 @@ class AuthTest extends TestCase
public function testPrivilegedUserRoles()
{
Authorization::setRole('role:' . Auth::USER_ROLE_OWNER);
Authorization::setRole(Auth::USER_ROLE_OWNER);
$user = new Document([
'$id' => '123',
'memberships' => [
@ -283,7 +283,7 @@ class AuthTest extends TestCase
public function testAppUserRoles()
{
Authorization::setRole('role:' . Auth::USER_ROLE_APP);
Authorization::setRole(Auth::USER_ROLE_APP);
$user = new Document([
'$id' => '123',
'memberships' => [