Update role references
This commit is contained in:
parent
a0add9ec7a
commit
7b9fb32fae
4 changed files with 38 additions and 38 deletions
|
@ -118,9 +118,9 @@ App::post('/v1/account')
|
||||||
throw new Exception('Account already exists', 409, Exception::USER_ALREADY_EXISTS);
|
throw new Exception('Account already exists', 409, Exception::USER_ALREADY_EXISTS);
|
||||||
}
|
}
|
||||||
|
|
||||||
Authorization::unsetRole('role:' . Auth::USER_ROLE_GUEST);
|
Authorization::unsetRole(Auth::USER_ROLE_GUESTS);
|
||||||
Authorization::setRole('user:' . $user->getId());
|
Authorization::setRole('user:' . $user->getId());
|
||||||
Authorization::setRole('role:' . Auth::USER_ROLE_MEMBER);
|
Authorization::setRole(Auth::USER_ROLE_USERS);
|
||||||
|
|
||||||
$audits
|
$audits
|
||||||
->setResource('user/' . $user->getId())
|
->setResource('user/' . $user->getId())
|
||||||
|
|
|
@ -236,7 +236,7 @@ App::init(function (App $utopia, Request $request, Response $response, Document
|
||||||
/*
|
/*
|
||||||
* ACL Check
|
* ACL Check
|
||||||
*/
|
*/
|
||||||
$role = ($user->isEmpty()) ? Auth::USER_ROLE_GUEST : Auth::USER_ROLE_MEMBER;
|
$role = ($user->isEmpty()) ? Auth::USER_ROLE_GUESTS : Auth::USER_ROLE_USERS;
|
||||||
|
|
||||||
// Add user roles
|
// Add user roles
|
||||||
$memberships = $user->find('teamId', $project->getAttribute('teamId', null), 'memberships');
|
$memberships = $user->find('teamId', $project->getAttribute('teamId', null), 'memberships');
|
||||||
|
@ -289,12 +289,12 @@ App::init(function (App $utopia, Request $request, Response $response, Document
|
||||||
throw new AppwriteException('Project key expired', 401, AppwriteException:: PROJECT_KEY_EXPIRED);
|
throw new AppwriteException('Project key expired', 401, AppwriteException:: PROJECT_KEY_EXPIRED);
|
||||||
}
|
}
|
||||||
|
|
||||||
Authorization::setRole('role:' . Auth::USER_ROLE_APP);
|
Authorization::setRole(Auth::USER_ROLE_APP);
|
||||||
Authorization::setDefaultStatus(false); // Cancel security segmentation for API keys.
|
Authorization::setDefaultStatus(false); // Cancel security segmentation for API keys.
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
Authorization::setRole('role:' . $role);
|
Authorization::setRole($role);
|
||||||
|
|
||||||
foreach (Auth::getRoles($user) as $authRole) {
|
foreach (Auth::getRoles($user) as $authRole) {
|
||||||
Authorization::setRole($authRole);
|
Authorization::setRole($authRole);
|
||||||
|
|
|
@ -10,9 +10,9 @@ class Auth
|
||||||
/**
|
/**
|
||||||
* User Roles.
|
* User Roles.
|
||||||
*/
|
*/
|
||||||
public const USER_ROLE_ALL = 'all';
|
public const USER_ROLE_ANY = 'any';
|
||||||
public const USER_ROLE_GUEST = 'guest';
|
public const USER_ROLE_GUESTS = 'guests';
|
||||||
public const USER_ROLE_MEMBER = 'member';
|
public const USER_ROLE_USERS = 'users';
|
||||||
public const USER_ROLE_ADMIN = 'admin';
|
public const USER_ROLE_ADMIN = 'admin';
|
||||||
public const USER_ROLE_DEVELOPER = 'developer';
|
public const USER_ROLE_DEVELOPER = 'developer';
|
||||||
public const USER_ROLE_OWNER = 'owner';
|
public const USER_ROLE_OWNER = 'owner';
|
||||||
|
@ -270,9 +270,9 @@ class Auth
|
||||||
public static function isPrivilegedUser(array $roles): bool
|
public static function isPrivilegedUser(array $roles): bool
|
||||||
{
|
{
|
||||||
if (
|
if (
|
||||||
in_array('role:' . self::USER_ROLE_OWNER, $roles) ||
|
in_array(self::USER_ROLE_OWNER, $roles) ||
|
||||||
in_array('role:' . self::USER_ROLE_DEVELOPER, $roles) ||
|
in_array(self::USER_ROLE_DEVELOPER, $roles) ||
|
||||||
in_array('role:' . self::USER_ROLE_ADMIN, $roles)
|
in_array(self::USER_ROLE_ADMIN, $roles)
|
||||||
) {
|
) {
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
|
@ -289,7 +289,7 @@ class Auth
|
||||||
*/
|
*/
|
||||||
public static function isAppUser(array $roles): bool
|
public static function isAppUser(array $roles): bool
|
||||||
{
|
{
|
||||||
if (in_array('role:' . self::USER_ROLE_APP, $roles)) {
|
if (in_array(self::USER_ROLE_APP, $roles)) {
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -309,9 +309,9 @@ class Auth
|
||||||
if (!self::isPrivilegedUser(Authorization::getRoles()) && !self::isAppUser(Authorization::getRoles())) {
|
if (!self::isPrivilegedUser(Authorization::getRoles()) && !self::isAppUser(Authorization::getRoles())) {
|
||||||
if ($user->getId()) {
|
if ($user->getId()) {
|
||||||
$roles[] = 'user:' . $user->getId();
|
$roles[] = 'user:' . $user->getId();
|
||||||
$roles[] = 'role:' . Auth::USER_ROLE_MEMBER;
|
$roles[] = Auth::USER_ROLE_USERS;
|
||||||
} else {
|
} else {
|
||||||
return ['role:' . Auth::USER_ROLE_GUEST];
|
return [Auth::USER_ROLE_GUESTS];
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -172,35 +172,35 @@ class AuthTest extends TestCase
|
||||||
public function testIsPrivilegedUser()
|
public function testIsPrivilegedUser()
|
||||||
{
|
{
|
||||||
$this->assertEquals(false, Auth::isPrivilegedUser([]));
|
$this->assertEquals(false, Auth::isPrivilegedUser([]));
|
||||||
$this->assertEquals(false, Auth::isPrivilegedUser(['role:' . Auth::USER_ROLE_GUEST]));
|
$this->assertEquals(false, Auth::isPrivilegedUser([Auth::USER_ROLE_GUESTS]));
|
||||||
$this->assertEquals(false, Auth::isPrivilegedUser(['role:' . Auth::USER_ROLE_MEMBER]));
|
$this->assertEquals(false, Auth::isPrivilegedUser([Auth::USER_ROLE_USERS]));
|
||||||
$this->assertEquals(true, Auth::isPrivilegedUser(['role:' . Auth::USER_ROLE_ADMIN]));
|
$this->assertEquals(true, Auth::isPrivilegedUser([Auth::USER_ROLE_ADMIN]));
|
||||||
$this->assertEquals(true, Auth::isPrivilegedUser(['role:' . Auth::USER_ROLE_DEVELOPER]));
|
$this->assertEquals(true, Auth::isPrivilegedUser([Auth::USER_ROLE_DEVELOPER]));
|
||||||
$this->assertEquals(true, Auth::isPrivilegedUser(['role:' . Auth::USER_ROLE_OWNER]));
|
$this->assertEquals(true, Auth::isPrivilegedUser([Auth::USER_ROLE_OWNER]));
|
||||||
$this->assertEquals(false, Auth::isPrivilegedUser(['role:' . Auth::USER_ROLE_APP]));
|
$this->assertEquals(false, Auth::isPrivilegedUser([Auth::USER_ROLE_APP]));
|
||||||
$this->assertEquals(false, Auth::isPrivilegedUser(['role:' . Auth::USER_ROLE_SYSTEM]));
|
$this->assertEquals(false, Auth::isPrivilegedUser([Auth::USER_ROLE_SYSTEM]));
|
||||||
|
|
||||||
$this->assertEquals(false, Auth::isPrivilegedUser(['role:' . Auth::USER_ROLE_APP, 'role:' . Auth::USER_ROLE_APP]));
|
$this->assertEquals(false, Auth::isPrivilegedUser([Auth::USER_ROLE_APP, Auth::USER_ROLE_APP]));
|
||||||
$this->assertEquals(false, Auth::isPrivilegedUser(['role:' . Auth::USER_ROLE_APP, 'role:' . Auth::USER_ROLE_GUEST]));
|
$this->assertEquals(false, Auth::isPrivilegedUser([Auth::USER_ROLE_APP, Auth::USER_ROLE_GUESTS]));
|
||||||
$this->assertEquals(true, Auth::isPrivilegedUser(['role:' . Auth::USER_ROLE_OWNER, 'role:' . Auth::USER_ROLE_GUEST]));
|
$this->assertEquals(true, Auth::isPrivilegedUser([Auth::USER_ROLE_OWNER, Auth::USER_ROLE_GUESTS]));
|
||||||
$this->assertEquals(true, Auth::isPrivilegedUser(['role:' . Auth::USER_ROLE_OWNER, 'role:' . Auth::USER_ROLE_ADMIN, 'role:' . Auth::USER_ROLE_DEVELOPER]));
|
$this->assertEquals(true, Auth::isPrivilegedUser([Auth::USER_ROLE_OWNER, Auth::USER_ROLE_ADMIN, Auth::USER_ROLE_DEVELOPER]));
|
||||||
}
|
}
|
||||||
|
|
||||||
public function testIsAppUser()
|
public function testIsAppUser()
|
||||||
{
|
{
|
||||||
$this->assertEquals(false, Auth::isAppUser([]));
|
$this->assertEquals(false, Auth::isAppUser([]));
|
||||||
$this->assertEquals(false, Auth::isAppUser(['role:' . Auth::USER_ROLE_GUEST]));
|
$this->assertEquals(false, Auth::isAppUser([Auth::USER_ROLE_GUESTS]));
|
||||||
$this->assertEquals(false, Auth::isAppUser(['role:' . Auth::USER_ROLE_MEMBER]));
|
$this->assertEquals(false, Auth::isAppUser([Auth::USER_ROLE_USERS]));
|
||||||
$this->assertEquals(false, Auth::isAppUser(['role:' . Auth::USER_ROLE_ADMIN]));
|
$this->assertEquals(false, Auth::isAppUser([Auth::USER_ROLE_ADMIN]));
|
||||||
$this->assertEquals(false, Auth::isAppUser(['role:' . Auth::USER_ROLE_DEVELOPER]));
|
$this->assertEquals(false, Auth::isAppUser([Auth::USER_ROLE_DEVELOPER]));
|
||||||
$this->assertEquals(false, Auth::isAppUser(['role:' . Auth::USER_ROLE_OWNER]));
|
$this->assertEquals(false, Auth::isAppUser([Auth::USER_ROLE_OWNER]));
|
||||||
$this->assertEquals(true, Auth::isAppUser(['role:' . Auth::USER_ROLE_APP]));
|
$this->assertEquals(true, Auth::isAppUser([Auth::USER_ROLE_APP]));
|
||||||
$this->assertEquals(false, Auth::isAppUser(['role:' . Auth::USER_ROLE_SYSTEM]));
|
$this->assertEquals(false, Auth::isAppUser([Auth::USER_ROLE_SYSTEM]));
|
||||||
|
|
||||||
$this->assertEquals(true, Auth::isAppUser(['role:' . Auth::USER_ROLE_APP, 'role:' . Auth::USER_ROLE_APP]));
|
$this->assertEquals(true, Auth::isAppUser([Auth::USER_ROLE_APP, Auth::USER_ROLE_APP]));
|
||||||
$this->assertEquals(true, Auth::isAppUser(['role:' . Auth::USER_ROLE_APP, 'role:' . Auth::USER_ROLE_GUEST]));
|
$this->assertEquals(true, Auth::isAppUser([Auth::USER_ROLE_APP, Auth::USER_ROLE_GUESTS]));
|
||||||
$this->assertEquals(false, Auth::isAppUser(['role:' . Auth::USER_ROLE_OWNER, 'role:' . Auth::USER_ROLE_GUEST]));
|
$this->assertEquals(false, Auth::isAppUser([Auth::USER_ROLE_OWNER, Auth::USER_ROLE_GUESTS]));
|
||||||
$this->assertEquals(false, Auth::isAppUser(['role:' . Auth::USER_ROLE_OWNER, 'role:' . Auth::USER_ROLE_ADMIN, 'role:' . Auth::USER_ROLE_DEVELOPER]));
|
$this->assertEquals(false, Auth::isAppUser([Auth::USER_ROLE_OWNER, Auth::USER_ROLE_ADMIN, Auth::USER_ROLE_DEVELOPER]));
|
||||||
}
|
}
|
||||||
|
|
||||||
public function testGuestRoles()
|
public function testGuestRoles()
|
||||||
|
@ -249,7 +249,7 @@ class AuthTest extends TestCase
|
||||||
|
|
||||||
public function testPrivilegedUserRoles()
|
public function testPrivilegedUserRoles()
|
||||||
{
|
{
|
||||||
Authorization::setRole('role:' . Auth::USER_ROLE_OWNER);
|
Authorization::setRole(Auth::USER_ROLE_OWNER);
|
||||||
$user = new Document([
|
$user = new Document([
|
||||||
'$id' => '123',
|
'$id' => '123',
|
||||||
'memberships' => [
|
'memberships' => [
|
||||||
|
@ -283,7 +283,7 @@ class AuthTest extends TestCase
|
||||||
|
|
||||||
public function testAppUserRoles()
|
public function testAppUserRoles()
|
||||||
{
|
{
|
||||||
Authorization::setRole('role:' . Auth::USER_ROLE_APP);
|
Authorization::setRole(Auth::USER_ROLE_APP);
|
||||||
$user = new Document([
|
$user = new Document([
|
||||||
'$id' => '123',
|
'$id' => '123',
|
||||||
'memberships' => [
|
'memberships' => [
|
||||||
|
|
Loading…
Reference in a new issue