CodeMirror/appwrite
1
0
Fork 0
mirror of synced 2024-07-01 20:50:49 +12:00
Code Issues Projects Releases Wiki Activity

Merge branch '0.16.x' of github.com:appwrite/appwrite into 0.16.shmuel.1

Browse source 
 Conflicts:
	composer.json
	composer.lock
This commit is contained in:
fogelito 2022-09-06 18:28:23 +03:00
parent 51f2cb8a64 858d1a7d66
commit a08c6f8235
13 changed files with 239 additions and 45 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
app/controllers/api/databases.php
View file

@ -1827,7 +1827,7 @@ App::post('/v1/databases/:databaseId/collections/:collectionId/documents')
->param('documentId', '', new CustomId(), 'Document ID. Choose your own unique ID or pass the string "unique()" to auto generate it. Valid chars are a-z, A-Z, 0-9, period, hyphen, and underscore. Can\'t start with a special char. Max length is 36 chars.')
->param('collectionId', null, new UID(), 'Collection ID. You can create a new collection using the Database service [server integration](https://appwrite.io/docs/server/databases#databasesCreateCollection). Make sure to define attributes before creating documents.')
->param('data', [], new JSON(), 'Document data as JSON object.')
->param('permissions', null, new Permissions(APP_LIMIT_ARRAY_PARAMS_SIZE, [Database::PERMISSION_READ, Database::PERMISSION_UPDATE, Database::PERMISSION_DELETE]), 'An array of permissions strings. By default the current user is granted with all permissions. [Learn more about permissions](/docs/permissions).', true)
->param('permissions', null, new Permissions(APP_LIMIT_ARRAY_PARAMS_SIZE, [Database::PERMISSION_READ, Database::PERMISSION_UPDATE, Database::PERMISSION_DELETE, Database::PERMISSION_WRITE]), 'An array of permissions strings. By default the current user is granted with all permissions. [Learn more about permissions](/docs/permissions).', true)
->inject('response')
->inject('dbForProject')
->inject('user')
@ -2207,7 +2207,7 @@ App::patch('/v1/databases/:databaseId/collections/:collectionId/documents/:docum
->param('collectionId', null, new UID(), 'Collection ID.')
->param('documentId', null, new UID(), 'Document ID.')
->param('data', [], new JSON(), 'Document data as JSON object. Include only attribute and value pairs to be updated.', true)
->param('permissions', null, new Permissions(APP_LIMIT_ARRAY_PARAMS_SIZE), 'An array of permissions strings. By default the current permissions are inherited. [Learn more about permissions](/docs/permissions).', true)
->param('permissions', null, new Permissions(APP_LIMIT_ARRAY_PARAMS_SIZE, [Database::PERMISSION_READ, Database::PERMISSION_UPDATE, Database::PERMISSION_DELETE, Database::PERMISSION_WRITE]), 'An array of permissions strings. By default the current permissions are inherited. [Learn more about permissions](/docs/permissions).', true)
->inject('response')
->inject('dbForProject')
->inject('events')

1
app/controllers/api/functions.php
View file

@ -1108,6 +1108,7 @@ App::post('/v1/functions/:functionId/executions')
$roles = Authorization::getRoles();
$isPrivilegedUser = Auth::isPrivilegedUser($roles);
$isAppUser = Auth::isAppUser($roles);
if (!$isPrivilegedUser && !$isAppUser) {
$execution->setAttribute('stdout', '');
$execution->setAttribute('stderr', '');

4
app/controllers/api/storage.php
View file

@ -344,7 +344,7 @@ App::post('/v1/storage/buckets/:bucketId/files')
->param('bucketId', null, new UID(), 'Storage bucket unique ID. You can create a new storage bucket using the Storage service [server integration](/docs/server/storage#createBucket).')
->param('fileId', '', new CustomId(), 'File ID. Choose your own unique ID or pass the string "unique()" to auto generate it. Valid chars are a-z, A-Z, 0-9, period, hyphen, and underscore. Can\'t start with a special char. Max length is 36 chars.')
->param('file', [], new File(), 'Binary file.', false)
->param('permissions', null, new Permissions(APP_LIMIT_ARRAY_PARAMS_SIZE, [Database::PERMISSION_READ, Database::PERMISSION_UPDATE, Database::PERMISSION_DELETE]), 'An array of permission strings. By default the current user is granted with all permissions. [Learn more about permissions](/docs/permissions).', true)
->param('permissions', null, new Permissions(APP_LIMIT_ARRAY_PARAMS_SIZE, [Database::PERMISSION_READ, Database::PERMISSION_UPDATE, Database::PERMISSION_DELETE, Database::PERMISSION_WRITE]), 'An array of permission strings. By default the current user is granted with all permissions. [Learn more about permissions](/docs/permissions).', true)
->inject('request')
->inject('response')
->inject('dbForProject')
@ -1251,7 +1251,7 @@ App::put('/v1/storage/buckets/:bucketId/files/:fileId')
->label('sdk.response.model', Response::MODEL_FILE)
->param('bucketId', null, new UID(), 'Storage bucket unique ID. You can create a new storage bucket using the Storage service [server integration](/docs/server/storage#createBucket).')
->param('fileId', '', new UID(), 'File unique ID.')
->param('permissions', null, new Permissions(APP_LIMIT_ARRAY_PARAMS_SIZE), 'An array of permission string. By default the current permissions are inherited. [Learn more about permissions](/docs/permissions).', true)
->param('permissions', null, new Permissions(APP_LIMIT_ARRAY_PARAMS_SIZE, [Database::PERMISSION_READ, Database::PERMISSION_UPDATE, Database::PERMISSION_DELETE, Database::PERMISSION_WRITE]), 'An array of permission string. By default the current permissions are inherited. [Learn more about permissions](/docs/permissions).', true)
->inject('response')
->inject('dbForProject')
->inject('user')

6
composer.json
View file

@ -45,13 +45,13 @@
"appwrite/php-runtimes": "0.11.*",
"utopia-php/framework": "0.21.*",
"utopia-php/logger": "0.3.*",
"utopia-php/abuse": "0.12.*",
"utopia-php/abuse": "0.13.*",
"utopia-php/analytics": "0.2.*",
"utopia-php/audit": "0.13.*",
"utopia-php/audit": "0.14.*",
"utopia-php/cache": "0.6.*",
"utopia-php/cli": "0.13.*",
"utopia-php/config": "0.2.*",
"utopia-php/database": "dev-fix-5permissions as 0.24.0",
"utopia-php/database": "0.25.*",
"utopia-php/locale": "0.4.*",
"utopia-php/registry": "0.5.*",
"utopia-php/preloader": "0.2.*",

57
composer.lock generated
View file

@ -4,7 +4,7 @@
"Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies",
"This file is @generated automatically"
],
"content-hash": "232d5f1757b2bf06864c75d289488401",
"content-hash": "9c6fd9ae7d343488bbc9ccca8357a9ca",
"packages": [
{
"name": "adhocore/jwt",
@ -1741,23 +1741,23 @@
},
{
"name": "utopia-php/abuse",
"version": "0.12.0",
"version": "0.13.0",
"source": {
"type": "git",
"url": "https://github.com/utopia-php/abuse.git",
"reference": "aa1e1aae163ecf8ea81d48857ff55c241dcb695f"
"reference": "3157bee5eee631b549fa4e9cca0aaf982649f931"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/utopia-php/abuse/zipball/aa1e1aae163ecf8ea81d48857ff55c241dcb695f",
"reference": "aa1e1aae163ecf8ea81d48857ff55c241dcb695f",
"url": "https://api.github.com/repos/utopia-php/abuse/zipball/3157bee5eee631b549fa4e9cca0aaf982649f931",
"reference": "3157bee5eee631b549fa4e9cca0aaf982649f931",
"shasum": ""
},
"require": {
"ext-curl": "*",
"ext-pdo": "*",
"php": ">=8.0",
"utopia-php/database": "0.24.0"
"utopia-php/database": "0.25.0"
},
"require-dev": {
"phpunit/phpunit": "^9.4",
@ -1789,9 +1789,9 @@
],
"support": {
"issues": "https://github.com/utopia-php/abuse/issues",
"source": "https://github.com/utopia-php/abuse/tree/0.12.0"
"source": "https://github.com/utopia-php/abuse/tree/0.13.0"
},
"time": "2022-08-27T09:50:09+00:00"
"time": "2022-09-06T08:33:02+00:00"
},
{
"name": "utopia-php/analytics",
@ -1850,22 +1850,22 @@
},
{
"name": "utopia-php/audit",
"version": "0.13.0",
"version": "0.14.0",
"source": {
"type": "git",
"url": "https://github.com/utopia-php/audit.git",
"reference": "a2f30ccfba7a61b1718b9ebd4557ed0d8a4dcb5b"
"reference": "fe5d59076512dd63db92d38035d3039170730e5e"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/utopia-php/audit/zipball/a2f30ccfba7a61b1718b9ebd4557ed0d8a4dcb5b",
"reference": "a2f30ccfba7a61b1718b9ebd4557ed0d8a4dcb5b",
"url": "https://api.github.com/repos/utopia-php/audit/zipball/fe5d59076512dd63db92d38035d3039170730e5e",
"reference": "fe5d59076512dd63db92d38035d3039170730e5e",
"shasum": ""
},
"require": {
"ext-pdo": "*",
"php": ">=8.0",
"utopia-php/database": "0.24.0"
"utopia-php/database": "0.25.0"
},
"require-dev": {
"phpunit/phpunit": "^9.3",
@ -1897,9 +1897,9 @@
],
"support": {
"issues": "https://github.com/utopia-php/audit/issues",
"source": "https://github.com/utopia-php/audit/tree/0.13.0"
"source": "https://github.com/utopia-php/audit/tree/0.14.0"
},
"time": "2022-08-27T09:18:57+00:00"
"time": "2022-09-06T08:38:04+00:00"
},
{
"name": "utopia-php/cache",
@ -2060,16 +2060,16 @@
},
{
"name": "utopia-php/database",
"version": "dev-fix-5permissions",
"version": "0.25.0",
"source": {
"type": "git",
"url": "https://github.com/utopia-php/database.git",
"reference": "afb5f9a8ccc7641169dc8837dd880e405cafc324"
"reference": "167fb53a6c199d4b9ce5fc513c78774ee92199e7"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/utopia-php/database/zipball/afb5f9a8ccc7641169dc8837dd880e405cafc324",
"reference": "afb5f9a8ccc7641169dc8837dd880e405cafc324",
"url": "https://api.github.com/repos/utopia-php/database/zipball/167fb53a6c199d4b9ce5fc513c78774ee92199e7",
"reference": "167fb53a6c199d4b9ce5fc513c78774ee92199e7",
"shasum": ""
},
"require": {
@ -2118,9 +2118,9 @@
],
"support": {
"issues": "https://github.com/utopia-php/database/issues",
"source": "https://github.com/utopia-php/database/tree/fix-5permissions"
"source": "https://github.com/utopia-php/database/tree/0.25.0"
},
"time": "2022-09-06T13:51:35+00:00"
"time": "2022-09-06T07:53:26+00:00"
},
{
"name": "utopia-php/domains",
@ -5358,18 +5358,9 @@
"time": "2022-08-12T06:47:24+00:00"
}
],
"aliases": [
{
"package": "utopia-php/database",
"version": "dev-fix-5permissions",
"alias": "0.24.0",
"alias_normalized": "0.24.0.0"
}
],
"aliases": [],
"minimum-stability": "stable",
"stability-flags": {
"utopia-php/database": 20
},
"stability-flags": [],
"prefer-stable": false,
"prefer-lowest": false,
"platform": {
@ -5393,5 +5384,5 @@
"platform-overrides": {
"php": "8.0"
},
"plugin-api-version": "2.2.0"
"plugin-api-version": "2.3.0"
}

88
tests/e2e/Services/Databases/DatabasesCustomClientTest.php
View file

@ -16,6 +16,94 @@ class DatabasesCustomClientTest extends Scope
use ProjectCustom;
use SideClient;
public function testAllowedPermissions(): void
{
/**
* Test for SUCCESS
*/
$database = $this->client->call(Client::METHOD_POST, '/databases', [
'content-type' => 'application/json',
'x-appwrite-project' => $this->getProject()['$id'],
'x-appwrite-key' => $this->getProject()['apiKey']
], [
'databaseId' => ID::unique(),
'name' => 'Test Database'
]);
$databaseId = $database['body']['$id'];
// Collection aliases write to create, update, delete
$movies = $this->client->call(Client::METHOD_POST, '/databases/' . $databaseId . '/collections', array_merge([
'content-type' => 'application/json',
'x-appwrite-project' => $this->getProject()['$id'],
'x-appwrite-key' => $this->getProject()['apiKey']
]), [
'collectionId' => ID::unique(),
'name' => 'Movies',
'documentSecurity' => true,
'permissions' => [
Permission::write(Role::user($this->getUser()['$id'])),
],
]);
$moviesId = $movies['body']['$id'];
$this->assertContains(Permission::create(Role::user($this->getUser()['$id'])), $movies['body']['$permissions']);
$this->assertContains(Permission::update(Role::user($this->getUser()['$id'])), $movies['body']['$permissions']);
$this->assertContains(Permission::delete(Role::user($this->getUser()['$id'])), $movies['body']['$permissions']);
$this->client->call(Client::METHOD_POST, '/databases/' . $databaseId . '/collections/' . $moviesId . '/attributes/string', array_merge([
'content-type' => 'application/json',
'x-appwrite-project' => $this->getProject()['$id'],
'x-appwrite-key' => $this->getProject()['apiKey']
]), [
'key' => 'title',
'size' => 256,
'required' => true,
]);
sleep(1);
// Document aliases write to update, delete
$document1 = $this->client->call(Client::METHOD_POST, '/databases/' . $databaseId . '/collections/' . $moviesId . '/documents', array_merge([
'content-type' => 'application/json',
'x-appwrite-project' => $this->getProject()['$id'],
], $this->getHeaders()), [
'documentId' => ID::unique(),
'data' => [
'title' => 'Captain America',
],
'permissions' => [
Permission::write(Role::user($this->getUser()['$id'])),
]
]);
$this->assertNotContains(Permission::create(Role::user($this->getUser()['$id'])), $document1['body']['$permissions']);
$this->assertContains(Permission::update(Role::user($this->getUser()['$id'])), $document1['body']['$permissions']);
$this->assertContains(Permission::delete(Role::user($this->getUser()['$id'])), $document1['body']['$permissions']);
/**
* Test for FAILURE
*/
// Document does not allow create permission
$document2 = $this->client->call(Client::METHOD_POST, '/databases/' . $databaseId . '/collections/' . $moviesId . '/documents', array_merge([
'content-type' => 'application/json',
'x-appwrite-project' => $this->getProject()['$id'],
], $this->getHeaders()), [
'documentId' => ID::unique(),
'data' => [
'title' => 'Captain America',
],
'permissions' => [
Permission::create(Role::user($this->getUser()['$id'])),
]
]);
$this->assertEquals(400, $document2['headers']['status-code']);
}
public function testUpdateWithoutPermission(): array
{
// If document has been created by server and client tried to update it without adjusting permissions, permission validation should be skipped

50
tests/e2e/Services/Databases/DatabasesPermissionsGuestTest.php
View file

@ -225,4 +225,54 @@ class DatabasesPermissionsGuestTest extends Scope
Authorization::setRole($role);
}
}
public function testWriteDocumentWithPermissions()
{
$database = $this->client->call(Client::METHOD_POST, '/databases', array_merge([
'content-type' => 'application/json',
'x-appwrite-project' => $this->getProject()['$id'],
'x-appwrite-key' => $this->getProject()['apiKey']
]), [
'databaseId' => ID::unique(),
'name' => 'GuestPermissionsWrite',
]);
$this->assertEquals(201, $database['headers']['status-code']);
$this->assertEquals('GuestPermissionsWrite', $database['body']['name']);
$databaseId = $database['body']['$id'];
$movies = $this->client->call(Client::METHOD_POST, '/databases/' . $databaseId . '/collections', $this->getServerHeader(), [
'collectionId' => ID::unique(),
'name' => 'Movies',
'permissions' => [
Permission::create(Role::any()),
],
'documentSecurity' => true
]);
$moviesId = $movies['body']['$id'];
$this->client->call(Client::METHOD_POST, '/databases/' . $databaseId . '/collections/' . $moviesId . '/attributes/string', $this->getServerHeader(), [
'key' => 'title',
'size' => 256,
'required' => true,
]);
sleep(1);
$document = $this->client->call(Client::METHOD_POST, '/databases/' . $databaseId . '/collections/' . $moviesId . '/documents', [
'content-type' => 'application/json',
'x-appwrite-project' => $this->getProject()['$id'],
], [
'documentId' => ID::unique(),
'data' => [
'title' => 'Thor: Ragnarok',
],
'permissions' => [
Permission::read(Role::any()),
]
]);
$this->assertEquals(201, $document['headers']['status-code']);
$this->assertEquals('Thor: Ragnarok', $document['body']['title']);
}
}

1
tests/e2e/Services/Functions/FunctionsCustomServerTest.php
View file

@ -727,6 +727,7 @@ class FunctionsCustomServerTest extends Scope
/**
* @depends testUpdateDeployment
*/
#[Retry(count: 2)]
public function testSyncCreateExecution($data): array
{
/**

1
tests/e2e/Services/Realtime/RealtimeCustomClientTest.php
View file

@ -1122,7 +1122,6 @@ class RealtimeCustomClientTest extends Scope
], $this->getHeaders()), [
'permissions' => [
Permission::read(Role::any()),
Permission::create(Role::any()),
Permission::update(Role::any()),
Permission::delete(Role::any()),
],

67
tests/e2e/Services/Storage/StorageCustomClientTest.php
View file

@ -1065,6 +1065,68 @@ class StorageCustomClientTest extends Scope
$this->assertEmpty($file['body']);
}
public function testAllowedPermissions(): void
{
/**
* Test for SUCCESS
*/
// Bucket aliases write to create, update, delete
$bucket = $this->client->call(Client::METHOD_POST, '/storage/buckets', [
'content-type' => 'application/json',
'x-appwrite-project' => $this->getProject()['$id'],
'x-appwrite-key' => $this->getProject()['apiKey'],
], [
'bucketId' => ID::unique(),
'name' => 'Test Bucket',
'permissions' => [
Permission::write(Role::user($this->getUser()['$id'])),
],
'fileSecurity' => true,
]);
$bucketId = $bucket['body']['$id'];
$this->assertEquals(201, $bucket['headers']['status-code']);
$this->assertContains(Permission::create(Role::user($this->getUser()['$id'])), $bucket['body']['$permissions']);
$this->assertContains(Permission::update(Role::user($this->getUser()['$id'])), $bucket['body']['$permissions']);
$this->assertContains(Permission::delete(Role::user($this->getUser()['$id'])), $bucket['body']['$permissions']);
// File aliases write to update, delete
$file1 = $this->client->call(Client::METHOD_POST, '/storage/buckets/' . $bucketId . '/files', array_merge([
'content-type' => 'multipart/form-data',
'x-appwrite-project' => $this->getProject()['$id'],
], $this->getHeaders()), [
'fileId' => ID::unique(),
'file' => new CURLFile(realpath(__DIR__ . '/../../../resources/logo.png'), 'image/png', 'permissions.png'),
'permissions' => [
Permission::write(Role::user($this->getUser()['$id'])),
]
]);
$this->assertNotContains(Permission::create(Role::user($this->getUser()['$id'])), $file1['body']['$permissions']);
$this->assertContains(Permission::update(Role::user($this->getUser()['$id'])), $file1['body']['$permissions']);
$this->assertContains(Permission::delete(Role::user($this->getUser()['$id'])), $file1['body']['$permissions']);
/**
* Test for FAILURE
*/
// File does not allow create permission
$file2 = $this->client->call(Client::METHOD_POST, '/storage/buckets/' . $bucketId . '/files', [
'content-type' => 'multipart/form-data',
'x-appwrite-project' => $this->getProject()['$id'],
], [
'fileId' => ID::unique(),
'file' => new CURLFile(realpath(__DIR__ . '/../../../resources/logo.png'), 'image/png', 'permissions.png'),
'permissions' => [
Permission::create(Role::user($this->getUser()['$id'])),
]
]);
$this->assertEquals(400, $file2['headers']['status-code']);
}
public function testCreateFileDefaultPermissions(): array
{
/**
@ -1220,9 +1282,8 @@ class StorageCustomClientTest extends Scope
], $this->getHeaders()), [
'permissions' => [
Permission::read(Role::user(ID::custom('notme'))),
Permission::create(Role::user(ID::custom('notme'))),
Permission::update(Role::user(ID::custom('notme'))),
Permission::delete(Role::user(ID::custom('notme'))),
Permission::update(Role::user(ID::custom('notme'))),
Permission::delete(Role::user(ID::custom('notme'))),
],
]);

2
tests/e2e/Services/Users/UsersBase.php
View file

@ -2,6 +2,7 @@
namespace Tests\E2E\Services\Users;
use Appwrite\Tests\Retry;
use Tests\E2E\Client;
use Utopia\Database\ID;
@ -852,6 +853,7 @@ trait UsersBase
/**
* @depends testGetUser
*/
#[Retry(count: 1)]
public function testUpdateUserStatus(array $data): array
{
/**

1
tests/e2e/Services/Webhooks/WebhooksBase.php
View file

@ -556,7 +556,6 @@ trait WebhooksBase
], $this->getHeaders()), [
'permissions' => [
Permission::read(Role::any()),
Permission::create(Role::any()),
Permission::update(Role::any()),
Permission::delete(Role::any()),
],

2
tests/e2e/Services/Webhooks/WebhooksCustomClientTest.php
View file

@ -2,6 +2,7 @@
namespace Tests\E2E\Services\Webhooks;
use Appwrite\Tests\Retry;
use Tests\E2E\Client;
use Tests\E2E\Scopes\Scope;
use Tests\E2E\Scopes\ProjectCustom;
@ -416,6 +417,7 @@ class WebhooksCustomClientTest extends Scope
/**
* @depends testDeleteAccountSessions
*/
#[Retry(count: 1)]
public function testUpdateAccountName($data): array
{
$id = $data['id'] ?? '';