From 5c08e066aa24e69b2310219657b37108f2a9d4b0 Mon Sep 17 00:00:00 2001 From: Jake Barnby Date: Mon, 5 Sep 2022 13:41:01 +1200 Subject: [PATCH 1/9] Fix allowed permissions for documents/files --- app/controllers/api/databases.php | 4 ++-- app/controllers/api/storage.php | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/app/controllers/api/databases.php b/app/controllers/api/databases.php index 38489c8331..ff2ecc0d08 100644 --- a/app/controllers/api/databases.php +++ b/app/controllers/api/databases.php @@ -1827,7 +1827,7 @@ App::post('/v1/databases/:databaseId/collections/:collectionId/documents') ->param('documentId', '', new CustomId(), 'Document ID. Choose your own unique ID or pass the string "unique()" to auto generate it. Valid chars are a-z, A-Z, 0-9, period, hyphen, and underscore. Can\'t start with a special char. Max length is 36 chars.') ->param('collectionId', null, new UID(), 'Collection ID. You can create a new collection using the Database service [server integration](https://appwrite.io/docs/server/databases#databasesCreateCollection). Make sure to define attributes before creating documents.') ->param('data', [], new JSON(), 'Document data as JSON object.') - ->param('permissions', null, new Permissions(APP_LIMIT_ARRAY_PARAMS_SIZE, [Database::PERMISSION_READ, Database::PERMISSION_UPDATE, Database::PERMISSION_DELETE]), 'An array of permissions strings. By default the current user is granted with all permissions. [Learn more about permissions](/docs/permissions).', true) + ->param('permissions', null, new Permissions(APP_LIMIT_ARRAY_PARAMS_SIZE, [Database::PERMISSION_READ, Database::PERMISSION_UPDATE, Database::PERMISSION_DELETE, 'write']), 'An array of permissions strings. By default the current user is granted with all permissions. [Learn more about permissions](/docs/permissions).', true) ->inject('response') ->inject('dbForProject') ->inject('user') @@ -2207,7 +2207,7 @@ App::patch('/v1/databases/:databaseId/collections/:collectionId/documents/:docum ->param('collectionId', null, new UID(), 'Collection ID.') ->param('documentId', null, new UID(), 'Document ID.') ->param('data', [], new JSON(), 'Document data as JSON object. Include only attribute and value pairs to be updated.', true) - ->param('permissions', null, new Permissions(APP_LIMIT_ARRAY_PARAMS_SIZE), 'An array of permissions strings. By default the current permissions are inherited. [Learn more about permissions](/docs/permissions).', true) + ->param('permissions', null, new Permissions(APP_LIMIT_ARRAY_PARAMS_SIZE, [Database::PERMISSION_READ, Database::PERMISSION_CREATE, Database::PERMISSION_UPDATE, 'write']), 'An array of permissions strings. By default the current permissions are inherited. [Learn more about permissions](/docs/permissions).', true) ->inject('response') ->inject('dbForProject') ->inject('events') diff --git a/app/controllers/api/storage.php b/app/controllers/api/storage.php index 2fe9a941a9..e9baa2971f 100644 --- a/app/controllers/api/storage.php +++ b/app/controllers/api/storage.php @@ -344,7 +344,7 @@ App::post('/v1/storage/buckets/:bucketId/files') ->param('bucketId', null, new UID(), 'Storage bucket unique ID. You can create a new storage bucket using the Storage service [server integration](/docs/server/storage#createBucket).') ->param('fileId', '', new CustomId(), 'File ID. Choose your own unique ID or pass the string "unique()" to auto generate it. Valid chars are a-z, A-Z, 0-9, period, hyphen, and underscore. Can\'t start with a special char. Max length is 36 chars.') ->param('file', [], new File(), 'Binary file.', false) - ->param('permissions', null, new Permissions(APP_LIMIT_ARRAY_PARAMS_SIZE, [Database::PERMISSION_READ, Database::PERMISSION_UPDATE, Database::PERMISSION_DELETE]), 'An array of permission strings. By default the current user is granted with all permissions. [Learn more about permissions](/docs/permissions).', true) + ->param('permissions', null, new Permissions(APP_LIMIT_ARRAY_PARAMS_SIZE, [Database::PERMISSION_READ, Database::PERMISSION_UPDATE, Database::PERMISSION_DELETE, 'write']), 'An array of permission strings. By default the current user is granted with all permissions. [Learn more about permissions](/docs/permissions).', true) ->inject('request') ->inject('response') ->inject('dbForProject') @@ -1251,7 +1251,7 @@ App::put('/v1/storage/buckets/:bucketId/files/:fileId') ->label('sdk.response.model', Response::MODEL_FILE) ->param('bucketId', null, new UID(), 'Storage bucket unique ID. You can create a new storage bucket using the Storage service [server integration](/docs/server/storage#createBucket).') ->param('fileId', '', new UID(), 'File unique ID.') - ->param('permissions', null, new Permissions(APP_LIMIT_ARRAY_PARAMS_SIZE), 'An array of permission string. By default the current permissions are inherited. [Learn more about permissions](/docs/permissions).', true) + ->param('permissions', null, new Permissions(APP_LIMIT_ARRAY_PARAMS_SIZE, [Database::PERMISSION_READ, Database::PERMISSION_CREATE, Database::PERMISSION_UPDATE, 'write']), 'An array of permission string. By default the current permissions are inherited. [Learn more about permissions](/docs/permissions).', true) ->inject('response') ->inject('dbForProject') ->inject('user') From a861b174a2ebea522d5bb2ac5663d830dbb206d8 Mon Sep 17 00:00:00 2001 From: Jake Barnby Date: Mon, 5 Sep 2022 14:16:40 +1200 Subject: [PATCH 2/9] Add allowed permissions tests --- composer.json | 2 +- composer.lock | 27 ++++-- .../Databases/DatabasesCustomClientTest.php | 86 +++++++++++++++++++ .../Storage/StorageCustomClientTest.php | 62 +++++++++++++ 4 files changed, 167 insertions(+), 10 deletions(-) diff --git a/composer.json b/composer.json index 8fe79a7ace..462179e3cb 100644 --- a/composer.json +++ b/composer.json @@ -51,7 +51,7 @@ "utopia-php/cache": "0.6.*", "utopia-php/cli": "0.13.*", "utopia-php/config": "0.2.*", - "utopia-php/database": "0.24.*", + "utopia-php/database": "dev-feat-write-helper as 0.24.0", "utopia-php/locale": "0.4.*", "utopia-php/registry": "0.5.*", "utopia-php/preloader": "0.2.*", diff --git a/composer.lock b/composer.lock index 5d2cef66f0..0a611f17e0 100644 --- a/composer.lock +++ b/composer.lock @@ -4,7 +4,7 @@ "Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies", "This file is @generated automatically" ], - "content-hash": "39c0ee0169b4681e5c07889d2a285d01", + "content-hash": "acf850ed1f73f172c7573daf5ca54940", "packages": [ { "name": "adhocore/jwt", @@ -2060,16 +2060,16 @@ }, { "name": "utopia-php/database", - "version": "0.24.0", + "version": "dev-feat-write-helper", "source": { "type": "git", "url": "https://github.com/utopia-php/database.git", - "reference": "7da841d65d87e9f2c242589e58c38880def44dd8" + "reference": "d6a18e52df0118b33eda2228a8911c88533a1dbe" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/utopia-php/database/zipball/7da841d65d87e9f2c242589e58c38880def44dd8", - "reference": "7da841d65d87e9f2c242589e58c38880def44dd8", + "url": "https://api.github.com/repos/utopia-php/database/zipball/d6a18e52df0118b33eda2228a8911c88533a1dbe", + "reference": "d6a18e52df0118b33eda2228a8911c88533a1dbe", "shasum": "" }, "require": { @@ -2118,9 +2118,9 @@ ], "support": { "issues": "https://github.com/utopia-php/database/issues", - "source": "https://github.com/utopia-php/database/tree/0.24.0" + "source": "https://github.com/utopia-php/database/tree/feat-write-helper" }, - "time": "2022-08-27T09:16:05+00:00" + "time": "2022-09-05T01:47:47+00:00" }, { "name": "utopia-php/domains", @@ -5358,9 +5358,18 @@ "time": "2022-08-12T06:47:24+00:00" } ], - "aliases": [], + "aliases": [ + { + "package": "utopia-php/database", + "version": "dev-feat-write-helper", + "alias": "0.24.0", + "alias_normalized": "0.24.0.0" + } + ], "minimum-stability": "stable", - "stability-flags": [], + "stability-flags": { + "utopia-php/database": 20 + }, "prefer-stable": false, "prefer-lowest": false, "platform": { diff --git a/tests/e2e/Services/Databases/DatabasesCustomClientTest.php b/tests/e2e/Services/Databases/DatabasesCustomClientTest.php index 3ed1879288..595d0d632c 100644 --- a/tests/e2e/Services/Databases/DatabasesCustomClientTest.php +++ b/tests/e2e/Services/Databases/DatabasesCustomClientTest.php @@ -16,6 +16,92 @@ class DatabasesCustomClientTest extends Scope use ProjectCustom; use SideClient; + public function testAllowedPermissions(): void + { + /** + * Test for SUCCESS + */ + + $database = $this->client->call(Client::METHOD_POST, '/databases', [ + 'content-type' => 'application/json', + 'x-appwrite-project' => $this->getProject()['$id'], + 'x-appwrite-key' => $this->getProject()['apiKey'] + ], [ + 'databaseId' => ID::unique(), + 'name' => 'Test Database' + ]); + + $databaseId = $database['body']['$id']; + + // Collection aliases write to create, update, delete + $movies = $this->client->call(Client::METHOD_POST, '/databases/' . $databaseId . '/collections', array_merge([ + 'content-type' => 'application/json', + 'x-appwrite-project' => $this->getProject()['$id'], + 'x-appwrite-key' => $this->getProject()['apiKey'] + ]), [ + 'collectionId' => ID::unique(), + 'name' => 'Movies', + 'documentSecurity' => true, + 'permissions' => [ + Permission::write(Role::user($this->getUser()['$id'])), + ], + ]); + + $this->assertContains(Permission::create(Role::user($this->getUser()['$id'])), $movies['body']['$permissions']); + $this->assertContains(Permission::update(Role::user($this->getUser()['$id'])), $movies['body']['$permissions']); + $this->assertContains(Permission::delete(Role::user($this->getUser()['$id'])), $movies['body']['$permissions']); + + // Document aliases write to update, delete + $document1 = $this->client->call(Client::METHOD_POST, '/databases/' . $databaseId . '/collections/' . $data['moviesId'] . '/documents', array_merge([ + 'content-type' => 'application/json', + 'x-appwrite-project' => $this->getProject()['$id'], + ], $this->getHeaders()), [ + 'documentId' => ID::unique(), + 'data' => [ + 'title' => 'Captain America', + 'releaseYear' => 1944, + 'birthDay' => '1975-06-12 14:12:55+02:00', + 'actors' => [ + 'Chris Evans', + 'Samuel Jackson', + ] + ], + 'permissions' => [ + Permission::write(Role::user($this->getUser()['$id'])), + ] + ]); + + $this->assertNotContains(Permission::create(Role::user($this->getUser()['$id'])), $document1['body']['$permissions']); + $this->assertContains(Permission::update(Role::user($this->getUser()['$id'])), $document1['body']['$permissions']); + $this->assertContains(Permission::delete(Role::user($this->getUser()['$id'])), $document1['body']['$permissions']); + + /** + * Test for FAILURE + */ + + // Document does not allow create permission + $document2 = $this->client->call(Client::METHOD_POST, '/databases/' . $databaseId . '/collections/' . $data['moviesId'] . '/documents', array_merge([ + 'content-type' => 'application/json', + 'x-appwrite-project' => $this->getProject()['$id'], + ], $this->getHeaders()), [ + 'documentId' => ID::unique(), + 'data' => [ + 'title' => 'Captain America', + 'releaseYear' => 1944, + 'birthDay' => '1975-06-12 14:12:55+02:00', + 'actors' => [ + 'Chris Evans', + 'Samuel Jackson', + ] + ], + 'permissions' => [ + Permission::create(Role::user($this->getUser()['$id'])), + ] + ]); + + $this->assertEquals(400, $document2['headers']['status-code']); + } + public function testUpdateWithoutPermission(): array { // If document has been created by server and client tried to update it without adjusting permissions, permission validation should be skipped diff --git a/tests/e2e/Services/Storage/StorageCustomClientTest.php b/tests/e2e/Services/Storage/StorageCustomClientTest.php index b7173658fd..f24e8c0f21 100644 --- a/tests/e2e/Services/Storage/StorageCustomClientTest.php +++ b/tests/e2e/Services/Storage/StorageCustomClientTest.php @@ -1065,6 +1065,68 @@ class StorageCustomClientTest extends Scope $this->assertEmpty($file['body']); } + public function testAllowedPermissions(): void + { + /** + * Test for SUCCESS + */ + + // Bucket aliases write to create, update, delete + $bucket = $this->client->call(Client::METHOD_POST, '/storage/buckets', [ + 'content-type' => 'application/json', + 'x-appwrite-project' => $this->getProject()['$id'], + 'x-appwrite-key' => $this->getProject()['apiKey'], + ], [ + 'bucketId' => ID::unique(), + 'name' => 'Test Bucket', + 'permissions' => [ + Permission::write(Role::user($this->getUser()['$id'])), + ], + 'fileSecurity' => true, + ]); + + $bucketId = $bucket['body']['$id']; + $this->assertEquals(201, $bucket['headers']['status-code']); + + $this->assertContains(Permission::create(Role::user($this->getUser()['$id'])), $bucket['body']['$permissions']); + $this->assertContains(Permission::update(Role::user($this->getUser()['$id'])), $bucket['body']['$permissions']); + $this->assertContains(Permission::delete(Role::user($this->getUser()['$id'])), $bucket['body']['$permissions']); + + // File aliases write to update, delete + $file1 = $this->client->call(Client::METHOD_POST, '/storage/buckets/' . $bucketId . '/files', [ + 'content-type' => 'multipart/form-data', + 'x-appwrite-project' => $this->getProject()['$id'], + ], [ + 'fileId' => ID::unique(), + 'file' => new CURLFile(realpath(__DIR__ . '/../../../resources/logo.png'), 'image/png', 'permissions.png'), + 'permissions' => [ + Permission::write(Role::user($this->getUser()['$id'])), + ] + ]); + + $this->assertNotContains(Permission::create(Role::user($this->getUser()['$id'])), $file1['body']['$permissions']); + $this->assertContains(Permission::update(Role::user($this->getUser()['$id'])), $file1['body']['$permissions']); + $this->assertContains(Permission::delete(Role::user($this->getUser()['$id'])), $file1['body']['$permissions']); + + /** + * Test for FAILURE + */ + + // File does not allow create permission + $file2 = $this->client->call(Client::METHOD_POST, '/storage/buckets/' . $bucketId . '/files', [ + 'content-type' => 'multipart/form-data', + 'x-appwrite-project' => $this->getProject()['$id'], + ], [ + 'fileId' => ID::unique(), + 'file' => new CURLFile(realpath(__DIR__ . '/../../../resources/logo.png'), 'image/png', 'permissions.png'), + 'permissions' => [ + Permission::create(Role::user($this->getUser()['$id'])), + ] + ]); + + $this->assertEquals(400, $file2['headers']['status-code']); + } + public function testCreateFileDefaultPermissions(): array { /** From e55faff0a1ae80530d7f784b98bf054d6f8d7883 Mon Sep 17 00:00:00 2001 From: Jake Barnby Date: Mon, 5 Sep 2022 19:51:33 +1200 Subject: [PATCH 3/9] Fix tests --- app/controllers/api/databases.php | 2 +- app/controllers/api/storage.php | 2 +- composer.lock | 8 +-- .../Databases/DatabasesCustomClientTest.php | 30 +++++------ .../DatabasesPermissionsGuestTest.php | 50 +++++++++++++++++++ .../Storage/StorageCustomClientTest.php | 4 +- 6 files changed, 74 insertions(+), 22 deletions(-) diff --git a/app/controllers/api/databases.php b/app/controllers/api/databases.php index ff2ecc0d08..64421b52ce 100644 --- a/app/controllers/api/databases.php +++ b/app/controllers/api/databases.php @@ -2207,7 +2207,7 @@ App::patch('/v1/databases/:databaseId/collections/:collectionId/documents/:docum ->param('collectionId', null, new UID(), 'Collection ID.') ->param('documentId', null, new UID(), 'Document ID.') ->param('data', [], new JSON(), 'Document data as JSON object. Include only attribute and value pairs to be updated.', true) - ->param('permissions', null, new Permissions(APP_LIMIT_ARRAY_PARAMS_SIZE, [Database::PERMISSION_READ, Database::PERMISSION_CREATE, Database::PERMISSION_UPDATE, 'write']), 'An array of permissions strings. By default the current permissions are inherited. [Learn more about permissions](/docs/permissions).', true) + ->param('permissions', null, new Permissions(APP_LIMIT_ARRAY_PARAMS_SIZE, [Database::PERMISSION_READ, Database::PERMISSION_UPDATE, Database::PERMISSION_DELETE, 'write']), 'An array of permissions strings. By default the current permissions are inherited. [Learn more about permissions](/docs/permissions).', true) ->inject('response') ->inject('dbForProject') ->inject('events') diff --git a/app/controllers/api/storage.php b/app/controllers/api/storage.php index e9baa2971f..5799f04d20 100644 --- a/app/controllers/api/storage.php +++ b/app/controllers/api/storage.php @@ -1251,7 +1251,7 @@ App::put('/v1/storage/buckets/:bucketId/files/:fileId') ->label('sdk.response.model', Response::MODEL_FILE) ->param('bucketId', null, new UID(), 'Storage bucket unique ID. You can create a new storage bucket using the Storage service [server integration](/docs/server/storage#createBucket).') ->param('fileId', '', new UID(), 'File unique ID.') - ->param('permissions', null, new Permissions(APP_LIMIT_ARRAY_PARAMS_SIZE, [Database::PERMISSION_READ, Database::PERMISSION_CREATE, Database::PERMISSION_UPDATE, 'write']), 'An array of permission string. By default the current permissions are inherited. [Learn more about permissions](/docs/permissions).', true) + ->param('permissions', null, new Permissions(APP_LIMIT_ARRAY_PARAMS_SIZE, [Database::PERMISSION_READ, Database::PERMISSION_UPDATE, Database::PERMISSION_DELETE, 'write']), 'An array of permission string. By default the current permissions are inherited. [Learn more about permissions](/docs/permissions).', true) ->inject('response') ->inject('dbForProject') ->inject('user') diff --git a/composer.lock b/composer.lock index 0a611f17e0..ac4e07cb0e 100644 --- a/composer.lock +++ b/composer.lock @@ -2064,12 +2064,12 @@ "source": { "type": "git", "url": "https://github.com/utopia-php/database.git", - "reference": "d6a18e52df0118b33eda2228a8911c88533a1dbe" + "reference": "0a4119703ba11112f0e1d1fffa383fa1a882a588" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/utopia-php/database/zipball/d6a18e52df0118b33eda2228a8911c88533a1dbe", - "reference": "d6a18e52df0118b33eda2228a8911c88533a1dbe", + "url": "https://api.github.com/repos/utopia-php/database/zipball/0a4119703ba11112f0e1d1fffa383fa1a882a588", + "reference": "0a4119703ba11112f0e1d1fffa383fa1a882a588", "shasum": "" }, "require": { @@ -2120,7 +2120,7 @@ "issues": "https://github.com/utopia-php/database/issues", "source": "https://github.com/utopia-php/database/tree/feat-write-helper" }, - "time": "2022-09-05T01:47:47+00:00" + "time": "2022-09-05T03:51:48+00:00" }, { "name": "utopia-php/domains", diff --git a/tests/e2e/Services/Databases/DatabasesCustomClientTest.php b/tests/e2e/Services/Databases/DatabasesCustomClientTest.php index 595d0d632c..9f86bb66c0 100644 --- a/tests/e2e/Services/Databases/DatabasesCustomClientTest.php +++ b/tests/e2e/Services/Databases/DatabasesCustomClientTest.php @@ -47,24 +47,32 @@ class DatabasesCustomClientTest extends Scope ], ]); + $moviesId = $movies['body']['$id']; + $this->assertContains(Permission::create(Role::user($this->getUser()['$id'])), $movies['body']['$permissions']); $this->assertContains(Permission::update(Role::user($this->getUser()['$id'])), $movies['body']['$permissions']); $this->assertContains(Permission::delete(Role::user($this->getUser()['$id'])), $movies['body']['$permissions']); + $this->client->call(Client::METHOD_POST, '/databases/' . $databaseId . '/collections/' . $moviesId . '/attributes/string', array_merge([ + 'content-type' => 'application/json', + 'x-appwrite-project' => $this->getProject()['$id'], + 'x-appwrite-key' => $this->getProject()['apiKey'] + ]), [ + 'key' => 'title', + 'size' => 256, + 'required' => true, + ]); + + sleep(1); + // Document aliases write to update, delete - $document1 = $this->client->call(Client::METHOD_POST, '/databases/' . $databaseId . '/collections/' . $data['moviesId'] . '/documents', array_merge([ + $document1 = $this->client->call(Client::METHOD_POST, '/databases/' . $databaseId . '/collections/' . $moviesId . '/documents', array_merge([ 'content-type' => 'application/json', 'x-appwrite-project' => $this->getProject()['$id'], ], $this->getHeaders()), [ 'documentId' => ID::unique(), 'data' => [ 'title' => 'Captain America', - 'releaseYear' => 1944, - 'birthDay' => '1975-06-12 14:12:55+02:00', - 'actors' => [ - 'Chris Evans', - 'Samuel Jackson', - ] ], 'permissions' => [ Permission::write(Role::user($this->getUser()['$id'])), @@ -80,19 +88,13 @@ class DatabasesCustomClientTest extends Scope */ // Document does not allow create permission - $document2 = $this->client->call(Client::METHOD_POST, '/databases/' . $databaseId . '/collections/' . $data['moviesId'] . '/documents', array_merge([ + $document2 = $this->client->call(Client::METHOD_POST, '/databases/' . $databaseId . '/collections/' . $moviesId . '/documents', array_merge([ 'content-type' => 'application/json', 'x-appwrite-project' => $this->getProject()['$id'], ], $this->getHeaders()), [ 'documentId' => ID::unique(), 'data' => [ 'title' => 'Captain America', - 'releaseYear' => 1944, - 'birthDay' => '1975-06-12 14:12:55+02:00', - 'actors' => [ - 'Chris Evans', - 'Samuel Jackson', - ] ], 'permissions' => [ Permission::create(Role::user($this->getUser()['$id'])), diff --git a/tests/e2e/Services/Databases/DatabasesPermissionsGuestTest.php b/tests/e2e/Services/Databases/DatabasesPermissionsGuestTest.php index 067e477695..c2293e30f4 100644 --- a/tests/e2e/Services/Databases/DatabasesPermissionsGuestTest.php +++ b/tests/e2e/Services/Databases/DatabasesPermissionsGuestTest.php @@ -225,4 +225,54 @@ class DatabasesPermissionsGuestTest extends Scope Authorization::setRole($role); } } + + public function testWriteDocumentWithPermissions() + { + $database = $this->client->call(Client::METHOD_POST, '/databases', array_merge([ + 'content-type' => 'application/json', + 'x-appwrite-project' => $this->getProject()['$id'], + 'x-appwrite-key' => $this->getProject()['apiKey'] + ]), [ + 'databaseId' => ID::unique(), + 'name' => 'GuestPermissionsWrite', + ]); + $this->assertEquals(201, $database['headers']['status-code']); + $this->assertEquals('InvalidDocumentDatabase', $database['body']['name']); + + $databaseId = $database['body']['$id']; + $movies = $this->client->call(Client::METHOD_POST, '/databases/' . $databaseId . '/collections', $this->getServerHeader(), [ + 'collectionId' => ID::unique(), + 'name' => 'Movies', + 'permissions' => [ + Permission::create(Role::any()), + ], + 'documentSecurity' => true + ]); + + $moviesId = $movies['body']['$id']; + + $this->client->call(Client::METHOD_POST, '/databases/' . $databaseId . '/collections/' . $moviesId . '/attributes/string', $this->getServerHeader(), [ + 'key' => 'title', + 'size' => 256, + 'required' => true, + ]); + + sleep(1); + + $document = $this->client->call(Client::METHOD_POST, '/databases/' . $databaseId . '/collections/' . $moviesId . '/documents', [ + 'content-type' => 'application/json', + 'x-appwrite-project' => $this->getProject()['$id'], + ], [ + 'documentId' => ID::unique(), + 'data' => [ + 'title' => 'Thor: Ragnarok', + ], + 'permissions' => [ + Permission::read(Role::any()), + ] + ]); + + $this->assertEquals(201, $document['headers']['status-code']); + $this->assertEquals('Thor: Ragnarok', $document['body']['title']); + } } diff --git a/tests/e2e/Services/Storage/StorageCustomClientTest.php b/tests/e2e/Services/Storage/StorageCustomClientTest.php index f24e8c0f21..0e4daa9957 100644 --- a/tests/e2e/Services/Storage/StorageCustomClientTest.php +++ b/tests/e2e/Services/Storage/StorageCustomClientTest.php @@ -1093,10 +1093,10 @@ class StorageCustomClientTest extends Scope $this->assertContains(Permission::delete(Role::user($this->getUser()['$id'])), $bucket['body']['$permissions']); // File aliases write to update, delete - $file1 = $this->client->call(Client::METHOD_POST, '/storage/buckets/' . $bucketId . '/files', [ + $file1 = $this->client->call(Client::METHOD_POST, '/storage/buckets/' . $bucketId . '/files', array_merge([ 'content-type' => 'multipart/form-data', 'x-appwrite-project' => $this->getProject()['$id'], - ], [ + ], $this->getHeaders()), [ 'fileId' => ID::unique(), 'file' => new CURLFile(realpath(__DIR__ . '/../../../resources/logo.png'), 'image/png', 'permissions.png'), 'permissions' => [ From 02f54eca6525fb59955744b07d9ecdd42f7beb19 Mon Sep 17 00:00:00 2001 From: Jake Barnby Date: Tue, 6 Sep 2022 13:02:32 +1200 Subject: [PATCH 4/9] Fix tests --- composer.json | 2 +- composer.lock | 14 +++++++------- .../Databases/DatabasesCustomClientTest.php | 8 ++++++-- .../Databases/DatabasesPermissionsGuestTest.php | 2 +- .../Functions/FunctionsCustomServerTest.php | 1 + .../Services/Storage/StorageCustomClientTest.php | 13 ++++++++----- tests/e2e/Services/Webhooks/WebhooksBase.php | 1 - .../Services/Webhooks/WebhooksCustomClientTest.php | 2 ++ 8 files changed, 26 insertions(+), 17 deletions(-) diff --git a/composer.json b/composer.json index 52f26d24de..a792a11a4c 100644 --- a/composer.json +++ b/composer.json @@ -51,7 +51,7 @@ "utopia-php/cache": "0.6.*", "utopia-php/cli": "0.13.*", "utopia-php/config": "0.2.*", - "utopia-php/database": "dev-feat-write-helper as 0.24.0", + "utopia-php/database": "0.24.0", "utopia-php/locale": "0.4.*", "utopia-php/registry": "0.5.*", "utopia-php/preloader": "0.2.*", diff --git a/composer.lock b/composer.lock index ac4e07cb0e..04659290c3 100644 --- a/composer.lock +++ b/composer.lock @@ -4,7 +4,7 @@ "Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies", "This file is @generated automatically" ], - "content-hash": "acf850ed1f73f172c7573daf5ca54940", + "content-hash": "ee4de251e5e0a3bf5f982bded0d28176", "packages": [ { "name": "adhocore/jwt", @@ -2840,16 +2840,16 @@ "packages-dev": [ { "name": "appwrite/sdk-generator", - "version": "0.23.0", + "version": "0.24.0", "source": { "type": "git", "url": "https://github.com/appwrite/sdk-generator.git", - "reference": "efadccb9abd6263d045ef157881143d3a59dc710" + "reference": "310ab7210ee97266632ee2df9616c9770c7b37e6" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/appwrite/sdk-generator/zipball/efadccb9abd6263d045ef157881143d3a59dc710", - "reference": "efadccb9abd6263d045ef157881143d3a59dc710", + "url": "https://api.github.com/repos/appwrite/sdk-generator/zipball/310ab7210ee97266632ee2df9616c9770c7b37e6", + "reference": "310ab7210ee97266632ee2df9616c9770c7b37e6", "shasum": "" }, "require": { @@ -2884,9 +2884,9 @@ "description": "Appwrite PHP library for generating API SDKs for multiple programming languages and platforms", "support": { "issues": "https://github.com/appwrite/sdk-generator/issues", - "source": "https://github.com/appwrite/sdk-generator/tree/0.23.0" + "source": "https://github.com/appwrite/sdk-generator/tree/0.24.0" }, - "time": "2022-09-04T17:29:33+00:00" + "time": "2022-09-05T06:37:25+00:00" }, { "name": "doctrine/instantiator", diff --git a/tests/e2e/Services/Databases/DatabasesCustomClientTest.php b/tests/e2e/Services/Databases/DatabasesCustomClientTest.php index 9f86bb66c0..da4eb80da5 100644 --- a/tests/e2e/Services/Databases/DatabasesCustomClientTest.php +++ b/tests/e2e/Services/Databases/DatabasesCustomClientTest.php @@ -43,7 +43,9 @@ class DatabasesCustomClientTest extends Scope 'name' => 'Movies', 'documentSecurity' => true, 'permissions' => [ - Permission::write(Role::user($this->getUser()['$id'])), + // To avoid need for a Database release for now + //Permission::write(Role::user($this->getUser()['$id'])), + 'write("user:' . $this->getUser()['$id'] . '")', ], ]); @@ -75,7 +77,9 @@ class DatabasesCustomClientTest extends Scope 'title' => 'Captain America', ], 'permissions' => [ - Permission::write(Role::user($this->getUser()['$id'])), + // To avoid need for a Database release for now + //Permission::write(Role::user($this->getUser()['$id'])), + 'write("user:' . $this->getUser()['$id'] . '")', ] ]); diff --git a/tests/e2e/Services/Databases/DatabasesPermissionsGuestTest.php b/tests/e2e/Services/Databases/DatabasesPermissionsGuestTest.php index c2293e30f4..1c15a363a8 100644 --- a/tests/e2e/Services/Databases/DatabasesPermissionsGuestTest.php +++ b/tests/e2e/Services/Databases/DatabasesPermissionsGuestTest.php @@ -237,7 +237,7 @@ class DatabasesPermissionsGuestTest extends Scope 'name' => 'GuestPermissionsWrite', ]); $this->assertEquals(201, $database['headers']['status-code']); - $this->assertEquals('InvalidDocumentDatabase', $database['body']['name']); + $this->assertEquals('GuestPermissionsWrite', $database['body']['name']); $databaseId = $database['body']['$id']; $movies = $this->client->call(Client::METHOD_POST, '/databases/' . $databaseId . '/collections', $this->getServerHeader(), [ diff --git a/tests/e2e/Services/Functions/FunctionsCustomServerTest.php b/tests/e2e/Services/Functions/FunctionsCustomServerTest.php index 208382ae43..5e49599230 100644 --- a/tests/e2e/Services/Functions/FunctionsCustomServerTest.php +++ b/tests/e2e/Services/Functions/FunctionsCustomServerTest.php @@ -727,6 +727,7 @@ class FunctionsCustomServerTest extends Scope /** * @depends testUpdateDeployment */ + #[Retry(count: 1)] public function testSyncCreateExecution($data): array { /** diff --git a/tests/e2e/Services/Storage/StorageCustomClientTest.php b/tests/e2e/Services/Storage/StorageCustomClientTest.php index 0e4daa9957..fb2d93b371 100644 --- a/tests/e2e/Services/Storage/StorageCustomClientTest.php +++ b/tests/e2e/Services/Storage/StorageCustomClientTest.php @@ -1080,7 +1080,9 @@ class StorageCustomClientTest extends Scope 'bucketId' => ID::unique(), 'name' => 'Test Bucket', 'permissions' => [ - Permission::write(Role::user($this->getUser()['$id'])), + // To avoid need for a Database release for now + //Permission::write(Role::user($this->getUser()['$id'])), + 'write("user:' . $this->getUser()['$id'] . '")', ], 'fileSecurity' => true, ]); @@ -1100,7 +1102,9 @@ class StorageCustomClientTest extends Scope 'fileId' => ID::unique(), 'file' => new CURLFile(realpath(__DIR__ . '/../../../resources/logo.png'), 'image/png', 'permissions.png'), 'permissions' => [ - Permission::write(Role::user($this->getUser()['$id'])), + // To avoid need for a Database release for now + //Permission::write(Role::user($this->getUser()['$id'])), + 'write("user:' . $this->getUser()['$id'] . '")', ] ]); @@ -1282,9 +1286,8 @@ class StorageCustomClientTest extends Scope ], $this->getHeaders()), [ 'permissions' => [ Permission::read(Role::user(ID::custom('notme'))), - Permission::create(Role::user(ID::custom('notme'))), - Permission::update(Role::user(ID::custom('notme'))), - Permission::delete(Role::user(ID::custom('notme'))), + Permission::update(Role::user(ID::custom('notme'))), + Permission::delete(Role::user(ID::custom('notme'))), ], ]); diff --git a/tests/e2e/Services/Webhooks/WebhooksBase.php b/tests/e2e/Services/Webhooks/WebhooksBase.php index b12faf6321..bb7edfdb46 100644 --- a/tests/e2e/Services/Webhooks/WebhooksBase.php +++ b/tests/e2e/Services/Webhooks/WebhooksBase.php @@ -556,7 +556,6 @@ trait WebhooksBase ], $this->getHeaders()), [ 'permissions' => [ Permission::read(Role::any()), - Permission::create(Role::any()), Permission::update(Role::any()), Permission::delete(Role::any()), ], diff --git a/tests/e2e/Services/Webhooks/WebhooksCustomClientTest.php b/tests/e2e/Services/Webhooks/WebhooksCustomClientTest.php index 7c30234727..9e26322931 100644 --- a/tests/e2e/Services/Webhooks/WebhooksCustomClientTest.php +++ b/tests/e2e/Services/Webhooks/WebhooksCustomClientTest.php @@ -2,6 +2,7 @@ namespace Tests\E2E\Services\Webhooks; +use Appwrite\Tests\Retry; use Tests\E2E\Client; use Tests\E2E\Scopes\Scope; use Tests\E2E\Scopes\ProjectCustom; @@ -416,6 +417,7 @@ class WebhooksCustomClientTest extends Scope /** * @depends testDeleteAccountSessions */ + #[Retry(count: 1)] public function testUpdateAccountName($data): array { $id = $data['id'] ?? ''; From e8a8069a6794778fd9ffa271c8cbc2baec9713a3 Mon Sep 17 00:00:00 2001 From: Jake Barnby Date: Tue, 6 Sep 2022 16:13:24 +1200 Subject: [PATCH 5/9] Fix realtime test --- tests/e2e/Services/Realtime/RealtimeCustomClientTest.php | 1 - tests/e2e/Services/Users/UsersBase.php | 2 ++ 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/tests/e2e/Services/Realtime/RealtimeCustomClientTest.php b/tests/e2e/Services/Realtime/RealtimeCustomClientTest.php index 1cd7cd9c90..ab758ec7a9 100644 --- a/tests/e2e/Services/Realtime/RealtimeCustomClientTest.php +++ b/tests/e2e/Services/Realtime/RealtimeCustomClientTest.php @@ -1122,7 +1122,6 @@ class RealtimeCustomClientTest extends Scope ], $this->getHeaders()), [ 'permissions' => [ Permission::read(Role::any()), - Permission::create(Role::any()), Permission::update(Role::any()), Permission::delete(Role::any()), ], diff --git a/tests/e2e/Services/Users/UsersBase.php b/tests/e2e/Services/Users/UsersBase.php index 88bb8872e9..845510a6b7 100644 --- a/tests/e2e/Services/Users/UsersBase.php +++ b/tests/e2e/Services/Users/UsersBase.php @@ -2,6 +2,7 @@ namespace Tests\E2E\Services\Users; +use Appwrite\Tests\Retry; use Tests\E2E\Client; use Utopia\Database\ID; @@ -852,6 +853,7 @@ trait UsersBase /** * @depends testGetUser */ + #[Retry(count: 1)] public function testUpdateUserStatus(array $data): array { /** From 713ca7d55af418244fc30ed1657f9d3a1fde75c2 Mon Sep 17 00:00:00 2001 From: Jake Barnby Date: Tue, 6 Sep 2022 16:42:46 +1200 Subject: [PATCH 6/9] Retry sync execution twice --- tests/e2e/Services/Functions/FunctionsCustomServerTest.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/e2e/Services/Functions/FunctionsCustomServerTest.php b/tests/e2e/Services/Functions/FunctionsCustomServerTest.php index 5e49599230..017ae24bbc 100644 --- a/tests/e2e/Services/Functions/FunctionsCustomServerTest.php +++ b/tests/e2e/Services/Functions/FunctionsCustomServerTest.php @@ -727,7 +727,7 @@ class FunctionsCustomServerTest extends Scope /** * @depends testUpdateDeployment */ - #[Retry(count: 1)] + #[Retry(count: 2)] public function testSyncCreateExecution($data): array { /** From 95c5d7eb3935aef393d147de4ce38a60fa693b5f Mon Sep 17 00:00:00 2001 From: Jake Barnby Date: Tue, 6 Sep 2022 21:11:31 +1200 Subject: [PATCH 7/9] Update db + abuse + audit --- composer.json | 6 +++--- composer.lock | 55 +++++++++++++++++++++------------------------------ 2 files changed, 26 insertions(+), 35 deletions(-) diff --git a/composer.json b/composer.json index a792a11a4c..cd151e949f 100644 --- a/composer.json +++ b/composer.json @@ -45,13 +45,13 @@ "appwrite/php-runtimes": "0.11.*", "utopia-php/framework": "0.21.*", "utopia-php/logger": "0.3.*", - "utopia-php/abuse": "0.12.*", + "utopia-php/abuse": "0.13.*", "utopia-php/analytics": "0.2.*", - "utopia-php/audit": "0.13.*", + "utopia-php/audit": "0.14.*", "utopia-php/cache": "0.6.*", "utopia-php/cli": "0.13.*", "utopia-php/config": "0.2.*", - "utopia-php/database": "0.24.0", + "utopia-php/database": "0.25.*", "utopia-php/locale": "0.4.*", "utopia-php/registry": "0.5.*", "utopia-php/preloader": "0.2.*", diff --git a/composer.lock b/composer.lock index 04659290c3..aab6a9f51e 100644 --- a/composer.lock +++ b/composer.lock @@ -4,7 +4,7 @@ "Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies", "This file is @generated automatically" ], - "content-hash": "ee4de251e5e0a3bf5f982bded0d28176", + "content-hash": "9c6fd9ae7d343488bbc9ccca8357a9ca", "packages": [ { "name": "adhocore/jwt", @@ -1741,23 +1741,23 @@ }, { "name": "utopia-php/abuse", - "version": "0.12.0", + "version": "0.13.0", "source": { "type": "git", "url": "https://github.com/utopia-php/abuse.git", - "reference": "aa1e1aae163ecf8ea81d48857ff55c241dcb695f" + "reference": "3157bee5eee631b549fa4e9cca0aaf982649f931" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/utopia-php/abuse/zipball/aa1e1aae163ecf8ea81d48857ff55c241dcb695f", - "reference": "aa1e1aae163ecf8ea81d48857ff55c241dcb695f", + "url": "https://api.github.com/repos/utopia-php/abuse/zipball/3157bee5eee631b549fa4e9cca0aaf982649f931", + "reference": "3157bee5eee631b549fa4e9cca0aaf982649f931", "shasum": "" }, "require": { "ext-curl": "*", "ext-pdo": "*", "php": ">=8.0", - "utopia-php/database": "0.24.0" + "utopia-php/database": "0.25.0" }, "require-dev": { "phpunit/phpunit": "^9.4", @@ -1789,9 +1789,9 @@ ], "support": { "issues": "https://github.com/utopia-php/abuse/issues", - "source": "https://github.com/utopia-php/abuse/tree/0.12.0" + "source": "https://github.com/utopia-php/abuse/tree/0.13.0" }, - "time": "2022-08-27T09:50:09+00:00" + "time": "2022-09-06T08:33:02+00:00" }, { "name": "utopia-php/analytics", @@ -1850,22 +1850,22 @@ }, { "name": "utopia-php/audit", - "version": "0.13.0", + "version": "0.14.0", "source": { "type": "git", "url": "https://github.com/utopia-php/audit.git", - "reference": "a2f30ccfba7a61b1718b9ebd4557ed0d8a4dcb5b" + "reference": "fe5d59076512dd63db92d38035d3039170730e5e" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/utopia-php/audit/zipball/a2f30ccfba7a61b1718b9ebd4557ed0d8a4dcb5b", - "reference": "a2f30ccfba7a61b1718b9ebd4557ed0d8a4dcb5b", + "url": "https://api.github.com/repos/utopia-php/audit/zipball/fe5d59076512dd63db92d38035d3039170730e5e", + "reference": "fe5d59076512dd63db92d38035d3039170730e5e", "shasum": "" }, "require": { "ext-pdo": "*", "php": ">=8.0", - "utopia-php/database": "0.24.0" + "utopia-php/database": "0.25.0" }, "require-dev": { "phpunit/phpunit": "^9.3", @@ -1897,9 +1897,9 @@ ], "support": { "issues": "https://github.com/utopia-php/audit/issues", - "source": "https://github.com/utopia-php/audit/tree/0.13.0" + "source": "https://github.com/utopia-php/audit/tree/0.14.0" }, - "time": "2022-08-27T09:18:57+00:00" + "time": "2022-09-06T08:38:04+00:00" }, { "name": "utopia-php/cache", @@ -2060,16 +2060,16 @@ }, { "name": "utopia-php/database", - "version": "dev-feat-write-helper", + "version": "0.25.0", "source": { "type": "git", "url": "https://github.com/utopia-php/database.git", - "reference": "0a4119703ba11112f0e1d1fffa383fa1a882a588" + "reference": "167fb53a6c199d4b9ce5fc513c78774ee92199e7" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/utopia-php/database/zipball/0a4119703ba11112f0e1d1fffa383fa1a882a588", - "reference": "0a4119703ba11112f0e1d1fffa383fa1a882a588", + "url": "https://api.github.com/repos/utopia-php/database/zipball/167fb53a6c199d4b9ce5fc513c78774ee92199e7", + "reference": "167fb53a6c199d4b9ce5fc513c78774ee92199e7", "shasum": "" }, "require": { @@ -2118,9 +2118,9 @@ ], "support": { "issues": "https://github.com/utopia-php/database/issues", - "source": "https://github.com/utopia-php/database/tree/feat-write-helper" + "source": "https://github.com/utopia-php/database/tree/0.25.0" }, - "time": "2022-09-05T03:51:48+00:00" + "time": "2022-09-06T07:53:26+00:00" }, { "name": "utopia-php/domains", @@ -5358,18 +5358,9 @@ "time": "2022-08-12T06:47:24+00:00" } ], - "aliases": [ - { - "package": "utopia-php/database", - "version": "dev-feat-write-helper", - "alias": "0.24.0", - "alias_normalized": "0.24.0.0" - } - ], + "aliases": [], "minimum-stability": "stable", - "stability-flags": { - "utopia-php/database": 20 - }, + "stability-flags": [], "prefer-stable": false, "prefer-lowest": false, "platform": { From 477dbbb90925d0db362de9a2223400605310ed25 Mon Sep 17 00:00:00 2001 From: Jake Barnby Date: Tue, 6 Sep 2022 21:13:42 +1200 Subject: [PATCH 8/9] Update write helper usages --- .../e2e/Services/Databases/DatabasesCustomClientTest.php | 8 ++------ tests/e2e/Services/Storage/StorageCustomClientTest.php | 8 ++------ 2 files changed, 4 insertions(+), 12 deletions(-) diff --git a/tests/e2e/Services/Databases/DatabasesCustomClientTest.php b/tests/e2e/Services/Databases/DatabasesCustomClientTest.php index da4eb80da5..9f86bb66c0 100644 --- a/tests/e2e/Services/Databases/DatabasesCustomClientTest.php +++ b/tests/e2e/Services/Databases/DatabasesCustomClientTest.php @@ -43,9 +43,7 @@ class DatabasesCustomClientTest extends Scope 'name' => 'Movies', 'documentSecurity' => true, 'permissions' => [ - // To avoid need for a Database release for now - //Permission::write(Role::user($this->getUser()['$id'])), - 'write("user:' . $this->getUser()['$id'] . '")', + Permission::write(Role::user($this->getUser()['$id'])), ], ]); @@ -77,9 +75,7 @@ class DatabasesCustomClientTest extends Scope 'title' => 'Captain America', ], 'permissions' => [ - // To avoid need for a Database release for now - //Permission::write(Role::user($this->getUser()['$id'])), - 'write("user:' . $this->getUser()['$id'] . '")', + Permission::write(Role::user($this->getUser()['$id'])), ] ]); diff --git a/tests/e2e/Services/Storage/StorageCustomClientTest.php b/tests/e2e/Services/Storage/StorageCustomClientTest.php index fb2d93b371..b63de5648f 100644 --- a/tests/e2e/Services/Storage/StorageCustomClientTest.php +++ b/tests/e2e/Services/Storage/StorageCustomClientTest.php @@ -1080,9 +1080,7 @@ class StorageCustomClientTest extends Scope 'bucketId' => ID::unique(), 'name' => 'Test Bucket', 'permissions' => [ - // To avoid need for a Database release for now - //Permission::write(Role::user($this->getUser()['$id'])), - 'write("user:' . $this->getUser()['$id'] . '")', + Permission::write(Role::user($this->getUser()['$id'])), ], 'fileSecurity' => true, ]); @@ -1102,9 +1100,7 @@ class StorageCustomClientTest extends Scope 'fileId' => ID::unique(), 'file' => new CURLFile(realpath(__DIR__ . '/../../../resources/logo.png'), 'image/png', 'permissions.png'), 'permissions' => [ - // To avoid need for a Database release for now - //Permission::write(Role::user($this->getUser()['$id'])), - 'write("user:' . $this->getUser()['$id'] . '")', + Permission::write(Role::user($this->getUser()['$id'])), ] ]); From 4590c464efe13c42ad7d9a89338eb4bb5827163b Mon Sep 17 00:00:00 2001 From: Jake Barnby Date: Tue, 6 Sep 2022 21:17:25 +1200 Subject: [PATCH 9/9] Use write const --- app/controllers/api/databases.php | 4 ++-- app/controllers/api/storage.php | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/app/controllers/api/databases.php b/app/controllers/api/databases.php index 64421b52ce..3a030244f3 100644 --- a/app/controllers/api/databases.php +++ b/app/controllers/api/databases.php @@ -1827,7 +1827,7 @@ App::post('/v1/databases/:databaseId/collections/:collectionId/documents') ->param('documentId', '', new CustomId(), 'Document ID. Choose your own unique ID or pass the string "unique()" to auto generate it. Valid chars are a-z, A-Z, 0-9, period, hyphen, and underscore. Can\'t start with a special char. Max length is 36 chars.') ->param('collectionId', null, new UID(), 'Collection ID. You can create a new collection using the Database service [server integration](https://appwrite.io/docs/server/databases#databasesCreateCollection). Make sure to define attributes before creating documents.') ->param('data', [], new JSON(), 'Document data as JSON object.') - ->param('permissions', null, new Permissions(APP_LIMIT_ARRAY_PARAMS_SIZE, [Database::PERMISSION_READ, Database::PERMISSION_UPDATE, Database::PERMISSION_DELETE, 'write']), 'An array of permissions strings. By default the current user is granted with all permissions. [Learn more about permissions](/docs/permissions).', true) + ->param('permissions', null, new Permissions(APP_LIMIT_ARRAY_PARAMS_SIZE, [Database::PERMISSION_READ, Database::PERMISSION_UPDATE, Database::PERMISSION_DELETE, Database::PERMISSION_WRITE]), 'An array of permissions strings. By default the current user is granted with all permissions. [Learn more about permissions](/docs/permissions).', true) ->inject('response') ->inject('dbForProject') ->inject('user') @@ -2207,7 +2207,7 @@ App::patch('/v1/databases/:databaseId/collections/:collectionId/documents/:docum ->param('collectionId', null, new UID(), 'Collection ID.') ->param('documentId', null, new UID(), 'Document ID.') ->param('data', [], new JSON(), 'Document data as JSON object. Include only attribute and value pairs to be updated.', true) - ->param('permissions', null, new Permissions(APP_LIMIT_ARRAY_PARAMS_SIZE, [Database::PERMISSION_READ, Database::PERMISSION_UPDATE, Database::PERMISSION_DELETE, 'write']), 'An array of permissions strings. By default the current permissions are inherited. [Learn more about permissions](/docs/permissions).', true) + ->param('permissions', null, new Permissions(APP_LIMIT_ARRAY_PARAMS_SIZE, [Database::PERMISSION_READ, Database::PERMISSION_UPDATE, Database::PERMISSION_DELETE, Database::PERMISSION_WRITE]), 'An array of permissions strings. By default the current permissions are inherited. [Learn more about permissions](/docs/permissions).', true) ->inject('response') ->inject('dbForProject') ->inject('events') diff --git a/app/controllers/api/storage.php b/app/controllers/api/storage.php index 5799f04d20..edb65da5af 100644 --- a/app/controllers/api/storage.php +++ b/app/controllers/api/storage.php @@ -344,7 +344,7 @@ App::post('/v1/storage/buckets/:bucketId/files') ->param('bucketId', null, new UID(), 'Storage bucket unique ID. You can create a new storage bucket using the Storage service [server integration](/docs/server/storage#createBucket).') ->param('fileId', '', new CustomId(), 'File ID. Choose your own unique ID or pass the string "unique()" to auto generate it. Valid chars are a-z, A-Z, 0-9, period, hyphen, and underscore. Can\'t start with a special char. Max length is 36 chars.') ->param('file', [], new File(), 'Binary file.', false) - ->param('permissions', null, new Permissions(APP_LIMIT_ARRAY_PARAMS_SIZE, [Database::PERMISSION_READ, Database::PERMISSION_UPDATE, Database::PERMISSION_DELETE, 'write']), 'An array of permission strings. By default the current user is granted with all permissions. [Learn more about permissions](/docs/permissions).', true) + ->param('permissions', null, new Permissions(APP_LIMIT_ARRAY_PARAMS_SIZE, [Database::PERMISSION_READ, Database::PERMISSION_UPDATE, Database::PERMISSION_DELETE, Database::PERMISSION_WRITE]), 'An array of permission strings. By default the current user is granted with all permissions. [Learn more about permissions](/docs/permissions).', true) ->inject('request') ->inject('response') ->inject('dbForProject') @@ -1251,7 +1251,7 @@ App::put('/v1/storage/buckets/:bucketId/files/:fileId') ->label('sdk.response.model', Response::MODEL_FILE) ->param('bucketId', null, new UID(), 'Storage bucket unique ID. You can create a new storage bucket using the Storage service [server integration](/docs/server/storage#createBucket).') ->param('fileId', '', new UID(), 'File unique ID.') - ->param('permissions', null, new Permissions(APP_LIMIT_ARRAY_PARAMS_SIZE, [Database::PERMISSION_READ, Database::PERMISSION_UPDATE, Database::PERMISSION_DELETE, 'write']), 'An array of permission string. By default the current permissions are inherited. [Learn more about permissions](/docs/permissions).', true) + ->param('permissions', null, new Permissions(APP_LIMIT_ARRAY_PARAMS_SIZE, [Database::PERMISSION_READ, Database::PERMISSION_UPDATE, Database::PERMISSION_DELETE, Database::PERMISSION_WRITE]), 'An array of permission string. By default the current permissions are inherited. [Learn more about permissions](/docs/permissions).', true) ->inject('response') ->inject('dbForProject') ->inject('user')