CodeMirror/appwrite
1
0
Fork 0
mirror of synced 2024-06-29 03:30:34 +12:00
Code Issues Projects Releases Wiki Activity

fix(acl): getting role for user in auth class

Browse source
This commit is contained in:
Torsten Dittmann 2021-06-30 16:04:32 +02:00
parent eaa3644f0f
commit 80c4e378b3
4 changed files with 8 additions and 10 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
app/controllers/general.php
View file

@ -234,14 +234,13 @@ App::init(function ($utopia, $request, $response, $console, $project, $consoleDB
]); ]);
$role = Auth::USER_ROLE_APP; $role = Auth::USER_ROLE_APP;
$scopes = \array_merge($roles[$role]['scopes'], $key->getAttribute('scopes', [])); $scopes = \array_merge($roles[Auth::USER_ROLE_APP]['scopes'], $key->getAttribute('scopes', []));
Authorization::setRole('role:'.Auth::USER_ROLE_APP);
Authorization::setDefaultStatus(false); // Cancel security segmentation for API keys. Authorization::setDefaultStatus(false); // Cancel security segmentation for API keys.
} }
} }
Authorization::setRole('role:'.$role);
foreach (Auth::getRoles($user) as $role) { foreach (Auth::getRoles($user) as $role) {
Authorization::setRole($role); Authorization::setRole($role);
} }

5
app/realtime.php
View file

@ -261,10 +261,7 @@ $server->onOpen(function (int $connection, SwooleRequest $request) use ($server,
throw new Exception($originValidator->getDescription(), 1008); throw new Exception($originValidator->getDescription(), 1008);
} }
$roles = [ $roles = Auth::getRoles($user);
'role:' . (($user->isEmpty()) ? Auth::USER_ROLE_GUEST : Auth::USER_ROLE_MEMBER),
...Auth::getRoles($user)
];
$channels = Realtime::convertChannels($request->getQuery('channels', []), $user); $channels = Realtime::convertChannels($request->getQuery('channels', []), $user);

3
src/Appwrite/Auth/Auth.php
View file

@ -282,8 +282,9 @@ class Auth
{ {
if ($user->getId()) { if ($user->getId()) {
$roles[] = 'user:'.$user->getId(); $roles[] = 'user:'.$user->getId();
$roles[] = 'role:'.Auth::USER_ROLE_MEMBER;
} else { } else {
return []; return ['role:'.Auth::USER_ROLE_GUEST];
} }
foreach ($user->getAttribute('memberships', []) as $node) { foreach ($user->getAttribute('memberships', []) as $node) {

5
tests/unit/Auth/AuthTest.php
View file

@ -204,8 +204,8 @@ class AuthTest extends TestCase
]); ]);
$roles = Auth::getRoles($user); $roles = Auth::getRoles($user);
$this->assertCount(0, $roles); $this->assertCount(1, $roles);
$this->assertEmpty($roles); $this->assertContains('role:guest', $roles);
} }
public function testUserRoles() public function testUserRoles()
@ -232,6 +232,7 @@ class AuthTest extends TestCase
$roles = Auth::getRoles($user); $roles = Auth::getRoles($user);
$this->assertCount(6, $roles); $this->assertCount(6, $roles);
$this->assertContains('role:member', $roles);
$this->assertContains('user:123', $roles); $this->assertContains('user:123', $roles);
$this->assertContains('team:abc', $roles); $this->assertContains('team:abc', $roles);
$this->assertContains('team:abc/administrator', $roles); $this->assertContains('team:abc/administrator', $roles);