CodeMirror/appwrite
1
0
Fork 0
mirror of synced 2024-10-03 19:53:33 +13:00
Code Issues Projects Releases Wiki Activity

Fix missing admin mode checks for collections

Browse source
This commit is contained in:
Jake Barnby 2023-07-28 11:37:14 -04:00
parent be4660a4a0
commit aa94310259
No known key found for this signature in database
GPG key ID: C437A8CC85B96E9C
1 changed files with 5 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
app/controllers/api/databases.php
View file

@ -2670,7 +2670,7 @@ App::post('/v1/databases/:databaseId/collections/:collectionId/documents')
$collection = Authorization::skip(fn() => $dbForProject->getDocument('database_' . $database->getInternalId(), $collectionId));
if ($collection->isEmpty() || !$collection->getAttribute('enabled')) {
if ($collection->isEmpty() || (!$collection->getAttribute('enabled') && $mode !== APP_MODE_ADMIN)) {
if (!($mode === APP_MODE_ADMIN && Auth::isPrivilegedUser(Authorization::getRoles()))) {
throw new Exception(Exception::COLLECTION_NOT_FOUND);
}
@ -2898,7 +2898,7 @@ App::get('/v1/databases/:databaseId/collections/:collectionId/documents')
}
}
if ($collection->isEmpty() || !$collection->getAttribute('enabled')) {
if ($collection->isEmpty() || (!$collection->getAttribute('enabled') && $mode !== APP_MODE_ADMIN)) {
throw new Exception(Exception::COLLECTION_NOT_FOUND);
}
@ -3023,7 +3023,7 @@ App::get('/v1/databases/:databaseId/collections/:collectionId/documents/:documen
$collection = Authorization::skip(fn() => $dbForProject->getDocument('database_' . $database->getInternalId(), $collectionId));
if ($collection->isEmpty() || !$collection->getAttribute('enabled')) {
if ($collection->isEmpty() || (!$collection->getAttribute('enabled') && $mode !== APP_MODE_ADMIN)) {
if (!($mode === APP_MODE_ADMIN && Auth::isPrivilegedUser(Authorization::getRoles()))) {
throw new Exception(Exception::COLLECTION_NOT_FOUND);
}
@ -3235,7 +3235,7 @@ App::patch('/v1/databases/:databaseId/collections/:collectionId/documents/:docum
$collection = Authorization::skip(fn() => $dbForProject->getDocument('database_' . $database->getInternalId(), $collectionId));
if ($collection->isEmpty() || !$collection->getAttribute('enabled')) {
if ($collection->isEmpty() || (!$collection->getAttribute('enabled') && $mode !== APP_MODE_ADMIN)) {
if (!($mode === APP_MODE_ADMIN && Auth::isPrivilegedUser(Authorization::getRoles()))) {
throw new Exception(Exception::COLLECTION_NOT_FOUND);
}
@ -3473,7 +3473,7 @@ App::delete('/v1/databases/:databaseId/collections/:collectionId/documents/:docu
$collection = Authorization::skip(fn() => $dbForProject->getDocument('database_' . $database->getInternalId(), $collectionId));
if ($collection->isEmpty() || !$collection->getAttribute('enabled')) {
if ($collection->isEmpty() || (!$collection->getAttribute('enabled') && $mode !== APP_MODE_ADMIN)) {
if (!($mode === APP_MODE_ADMIN && Auth::isPrivilegedUser(Authorization::getRoles()))) {
throw new Exception(Exception::COLLECTION_NOT_FOUND);
}