From 7b9fb32fae587ea37500415cd1727f44e402f15c Mon Sep 17 00:00:00 2001
From: Jake Barnby <jakeb994@gmail.com>
Date: Wed, 3 Aug 2022 21:52:34 +1200
Subject: [PATCH] Update role references

---
 app/controllers/api/account.php |  4 +--
 app/controllers/general.php     |  6 ++---
 src/Appwrite/Auth/Auth.php      | 18 ++++++-------
 tests/unit/Auth/AuthTest.php    | 48 ++++++++++++++++-----------------
 4 files changed, 38 insertions(+), 38 deletions(-)

diff --git a/app/controllers/api/account.php b/app/controllers/api/account.php
index 1ad6101aef..f21a1413a9 100644
--- a/app/controllers/api/account.php
+++ b/app/controllers/api/account.php
@@ -118,9 +118,9 @@ App::post('/v1/account')
             throw new Exception('Account already exists', 409, Exception::USER_ALREADY_EXISTS);
         }
 
-        Authorization::unsetRole('role:' . Auth::USER_ROLE_GUEST);
+        Authorization::unsetRole(Auth::USER_ROLE_GUESTS);
         Authorization::setRole('user:' . $user->getId());
-        Authorization::setRole('role:' . Auth::USER_ROLE_MEMBER);
+        Authorization::setRole(Auth::USER_ROLE_USERS);
 
         $audits
             ->setResource('user/' . $user->getId())
diff --git a/app/controllers/general.php b/app/controllers/general.php
index 620f16f1c1..e5f94baefc 100644
--- a/app/controllers/general.php
+++ b/app/controllers/general.php
@@ -236,7 +236,7 @@ App::init(function (App $utopia, Request $request, Response $response, Document
     /*
      * ACL Check
      */
-    $role = ($user->isEmpty()) ? Auth::USER_ROLE_GUEST : Auth::USER_ROLE_MEMBER;
+    $role = ($user->isEmpty()) ? Auth::USER_ROLE_GUESTS : Auth::USER_ROLE_USERS;
 
     // Add user roles
     $memberships = $user->find('teamId', $project->getAttribute('teamId', null), 'memberships');
@@ -289,12 +289,12 @@ App::init(function (App $utopia, Request $request, Response $response, Document
                 throw new AppwriteException('Project key expired', 401, AppwriteException:: PROJECT_KEY_EXPIRED);
             }
 
-            Authorization::setRole('role:' . Auth::USER_ROLE_APP);
+            Authorization::setRole(Auth::USER_ROLE_APP);
             Authorization::setDefaultStatus(false);  // Cancel security segmentation for API keys.
         }
     }
 
-    Authorization::setRole('role:' . $role);
+    Authorization::setRole($role);
 
     foreach (Auth::getRoles($user) as $authRole) {
         Authorization::setRole($authRole);
diff --git a/src/Appwrite/Auth/Auth.php b/src/Appwrite/Auth/Auth.php
index a8005be704..1d22b699fb 100644
--- a/src/Appwrite/Auth/Auth.php
+++ b/src/Appwrite/Auth/Auth.php
@@ -10,9 +10,9 @@ class Auth
     /**
      * User Roles.
      */
-    public const USER_ROLE_ALL = 'all';
-    public const USER_ROLE_GUEST = 'guest';
-    public const USER_ROLE_MEMBER = 'member';
+    public const USER_ROLE_ANY = 'any';
+    public const USER_ROLE_GUESTS = 'guests';
+    public const USER_ROLE_USERS = 'users';
     public const USER_ROLE_ADMIN = 'admin';
     public const USER_ROLE_DEVELOPER = 'developer';
     public const USER_ROLE_OWNER = 'owner';
@@ -270,9 +270,9 @@ class Auth
     public static function isPrivilegedUser(array $roles): bool
     {
         if (
-            in_array('role:' . self::USER_ROLE_OWNER, $roles) ||
-            in_array('role:' . self::USER_ROLE_DEVELOPER, $roles) ||
-            in_array('role:' . self::USER_ROLE_ADMIN, $roles)
+            in_array(self::USER_ROLE_OWNER, $roles) ||
+            in_array(self::USER_ROLE_DEVELOPER, $roles) ||
+            in_array(self::USER_ROLE_ADMIN, $roles)
         ) {
             return true;
         }
@@ -289,7 +289,7 @@ class Auth
      */
     public static function isAppUser(array $roles): bool
     {
-        if (in_array('role:' . self::USER_ROLE_APP, $roles)) {
+        if (in_array(self::USER_ROLE_APP, $roles)) {
             return true;
         }
 
@@ -309,9 +309,9 @@ class Auth
         if (!self::isPrivilegedUser(Authorization::getRoles()) && !self::isAppUser(Authorization::getRoles())) {
             if ($user->getId()) {
                 $roles[] = 'user:' . $user->getId();
-                $roles[] = 'role:' . Auth::USER_ROLE_MEMBER;
+                $roles[] = Auth::USER_ROLE_USERS;
             } else {
-                return ['role:' . Auth::USER_ROLE_GUEST];
+                return [Auth::USER_ROLE_GUESTS];
             }
         }
 
diff --git a/tests/unit/Auth/AuthTest.php b/tests/unit/Auth/AuthTest.php
index a344947e63..07155b41f8 100644
--- a/tests/unit/Auth/AuthTest.php
+++ b/tests/unit/Auth/AuthTest.php
@@ -172,35 +172,35 @@ class AuthTest extends TestCase
     public function testIsPrivilegedUser()
     {
         $this->assertEquals(false, Auth::isPrivilegedUser([]));
-        $this->assertEquals(false, Auth::isPrivilegedUser(['role:' . Auth::USER_ROLE_GUEST]));
-        $this->assertEquals(false, Auth::isPrivilegedUser(['role:' . Auth::USER_ROLE_MEMBER]));
-        $this->assertEquals(true, Auth::isPrivilegedUser(['role:' . Auth::USER_ROLE_ADMIN]));
-        $this->assertEquals(true, Auth::isPrivilegedUser(['role:' . Auth::USER_ROLE_DEVELOPER]));
-        $this->assertEquals(true, Auth::isPrivilegedUser(['role:' . Auth::USER_ROLE_OWNER]));
-        $this->assertEquals(false, Auth::isPrivilegedUser(['role:' . Auth::USER_ROLE_APP]));
-        $this->assertEquals(false, Auth::isPrivilegedUser(['role:' . Auth::USER_ROLE_SYSTEM]));
+        $this->assertEquals(false, Auth::isPrivilegedUser([Auth::USER_ROLE_GUESTS]));
+        $this->assertEquals(false, Auth::isPrivilegedUser([Auth::USER_ROLE_USERS]));
+        $this->assertEquals(true, Auth::isPrivilegedUser([Auth::USER_ROLE_ADMIN]));
+        $this->assertEquals(true, Auth::isPrivilegedUser([Auth::USER_ROLE_DEVELOPER]));
+        $this->assertEquals(true, Auth::isPrivilegedUser([Auth::USER_ROLE_OWNER]));
+        $this->assertEquals(false, Auth::isPrivilegedUser([Auth::USER_ROLE_APP]));
+        $this->assertEquals(false, Auth::isPrivilegedUser([Auth::USER_ROLE_SYSTEM]));
 
-        $this->assertEquals(false, Auth::isPrivilegedUser(['role:' . Auth::USER_ROLE_APP, 'role:' . Auth::USER_ROLE_APP]));
-        $this->assertEquals(false, Auth::isPrivilegedUser(['role:' . Auth::USER_ROLE_APP, 'role:' . Auth::USER_ROLE_GUEST]));
-        $this->assertEquals(true, Auth::isPrivilegedUser(['role:' . Auth::USER_ROLE_OWNER, 'role:' . Auth::USER_ROLE_GUEST]));
-        $this->assertEquals(true, Auth::isPrivilegedUser(['role:' . Auth::USER_ROLE_OWNER, 'role:' . Auth::USER_ROLE_ADMIN, 'role:' . Auth::USER_ROLE_DEVELOPER]));
+        $this->assertEquals(false, Auth::isPrivilegedUser([Auth::USER_ROLE_APP, Auth::USER_ROLE_APP]));
+        $this->assertEquals(false, Auth::isPrivilegedUser([Auth::USER_ROLE_APP, Auth::USER_ROLE_GUESTS]));
+        $this->assertEquals(true, Auth::isPrivilegedUser([Auth::USER_ROLE_OWNER, Auth::USER_ROLE_GUESTS]));
+        $this->assertEquals(true, Auth::isPrivilegedUser([Auth::USER_ROLE_OWNER, Auth::USER_ROLE_ADMIN, Auth::USER_ROLE_DEVELOPER]));
     }
 
     public function testIsAppUser()
     {
         $this->assertEquals(false, Auth::isAppUser([]));
-        $this->assertEquals(false, Auth::isAppUser(['role:' . Auth::USER_ROLE_GUEST]));
-        $this->assertEquals(false, Auth::isAppUser(['role:' . Auth::USER_ROLE_MEMBER]));
-        $this->assertEquals(false, Auth::isAppUser(['role:' . Auth::USER_ROLE_ADMIN]));
-        $this->assertEquals(false, Auth::isAppUser(['role:' . Auth::USER_ROLE_DEVELOPER]));
-        $this->assertEquals(false, Auth::isAppUser(['role:' . Auth::USER_ROLE_OWNER]));
-        $this->assertEquals(true, Auth::isAppUser(['role:' . Auth::USER_ROLE_APP]));
-        $this->assertEquals(false, Auth::isAppUser(['role:' . Auth::USER_ROLE_SYSTEM]));
+        $this->assertEquals(false, Auth::isAppUser([Auth::USER_ROLE_GUESTS]));
+        $this->assertEquals(false, Auth::isAppUser([Auth::USER_ROLE_USERS]));
+        $this->assertEquals(false, Auth::isAppUser([Auth::USER_ROLE_ADMIN]));
+        $this->assertEquals(false, Auth::isAppUser([Auth::USER_ROLE_DEVELOPER]));
+        $this->assertEquals(false, Auth::isAppUser([Auth::USER_ROLE_OWNER]));
+        $this->assertEquals(true, Auth::isAppUser([Auth::USER_ROLE_APP]));
+        $this->assertEquals(false, Auth::isAppUser([Auth::USER_ROLE_SYSTEM]));
 
-        $this->assertEquals(true, Auth::isAppUser(['role:' . Auth::USER_ROLE_APP, 'role:' . Auth::USER_ROLE_APP]));
-        $this->assertEquals(true, Auth::isAppUser(['role:' . Auth::USER_ROLE_APP, 'role:' . Auth::USER_ROLE_GUEST]));
-        $this->assertEquals(false, Auth::isAppUser(['role:' . Auth::USER_ROLE_OWNER, 'role:' . Auth::USER_ROLE_GUEST]));
-        $this->assertEquals(false, Auth::isAppUser(['role:' . Auth::USER_ROLE_OWNER, 'role:' . Auth::USER_ROLE_ADMIN, 'role:' . Auth::USER_ROLE_DEVELOPER]));
+        $this->assertEquals(true, Auth::isAppUser([Auth::USER_ROLE_APP, Auth::USER_ROLE_APP]));
+        $this->assertEquals(true, Auth::isAppUser([Auth::USER_ROLE_APP, Auth::USER_ROLE_GUESTS]));
+        $this->assertEquals(false, Auth::isAppUser([Auth::USER_ROLE_OWNER, Auth::USER_ROLE_GUESTS]));
+        $this->assertEquals(false, Auth::isAppUser([Auth::USER_ROLE_OWNER, Auth::USER_ROLE_ADMIN, Auth::USER_ROLE_DEVELOPER]));
     }
 
     public function testGuestRoles()
@@ -249,7 +249,7 @@ class AuthTest extends TestCase
 
     public function testPrivilegedUserRoles()
     {
-        Authorization::setRole('role:' . Auth::USER_ROLE_OWNER);
+        Authorization::setRole(Auth::USER_ROLE_OWNER);
         $user  = new Document([
             '$id' => '123',
             'memberships' => [
@@ -283,7 +283,7 @@ class AuthTest extends TestCase
 
     public function testAppUserRoles()
     {
-        Authorization::setRole('role:' . Auth::USER_ROLE_APP);
+        Authorization::setRole(Auth::USER_ROLE_APP);
         $user  = new Document([
             '$id' => '123',
             'memberships' => [