Merge branch 'appwrite:master' into feat-926-oauth2-microsoft-tenant-config

2024-09-29 08:51:28 +13:00 · 2022-01-27 11:12:27 +01:00 · 2022-01-27 11:12:27 +01:00 · ad8258f7c9
commit ad8258f7c9
parent cecf46a975 9cd9a1dc5d
4 changed files with 92 additions and 9 deletions
--- a/app/controllers/api/database.php
+++ b/app/controllers/api/database.php
@ -166,8 +166,6 @@ App::post('/v1/database/collections')
        $collectionId = $collectionId == 'unique()' ? $dbForProject->getId() : $collectionId;

        try {
-            $dbForProject->createCollection('collection_' . $collectionId);
-
            $collection = $dbForProject->createDocument('collections', new Document([
                '$id' => $collectionId,
                '$read' => $read ?? [], // Collection permissions for collection documents (based on permission model)
@ -179,8 +177,12 @@ App::post('/v1/database/collections')
                'name' => $name,
                'search' => implode(' ', [$collectionId, $name]),
            ]));
+
+            $dbForProject->createCollection('collection_' . $collectionId);
        } catch (DuplicateException $th) {
            throw new Exception('Collection already exists', 409);
+        } catch (LimitException $th) {
+            throw new Exception('Collection limit exceeded', 400);
        }

        $audits
--- a/app/controllers/api/teams.php
+++ b/app/controllers/api/teams.php
@ -16,6 +16,7 @@ use Utopia\Validator\ArrayList;
 use Utopia\Validator\WhiteList;
 use Utopia\Database\Database;
 use Utopia\Database\Document;
+use Utopia\Database\Exception\Authorization as AuthorizationException;
 use Utopia\Database\Exception\Duplicate;
 use Utopia\Database\Query;
 use Utopia\Database\Validator\Authorization;
@ -761,7 +762,11 @@ App::delete('/v1/teams/:teamId/memberships/:membershipId')
            throw new Exception('Team not found', 404);
        }

-        if (!$dbForProject->deleteDocument('memberships', $membership->getId())) {
+        try {
+            $dbForProject->deleteDocument('memberships', $membership->getId());
+        } catch (AuthorizationException $exception) {
+            throw new Exception('Unauthorized permissions', 401);
+        } catch (\Exception $exception) {
            throw new Exception('Failed to remove membership from DB', 500);
        }

@ -782,7 +787,7 @@ App::delete('/v1/teams/:teamId/memberships/:membershipId')

        if ($membership->getAttribute('confirm')) { // Count only confirmed members
            $team->setAttribute('sum', \max($team->getAttribute('sum', 0) - 1, 0));
-            $team = $dbForProject->updateDocument('teams', $team->getId(), $team);
+            Authorization::skip(fn() => $dbForProject->updateDocument('teams', $team->getId(), $team));
        }

        $audits
--- a/tests/e2e/Services/Database/DatabaseCustomServerTest.php
+++ b/tests/e2e/Services/Database/DatabaseCustomServerTest.php
@ -169,6 +169,21 @@ class DatabaseCustomServerTest extends Scope
        ]);

        $this->assertEquals($response['headers']['status-code'], 400);
+
+        // This collection already exists
+        $response = $this->client->call(Client::METHOD_POST, '/database/collections', array_merge([
+            'content-type' => 'application/json',
+            'x-appwrite-project' => $this->getProject()['$id'],
+            'x-appwrite-key' => $this->getProject()['apiKey']
+        ]), [
+            'name' => 'Test 1',
+            'collectionId' => 'first',
+            'read' => ['role:all'],
+            'write' => ['role:all'],
+            'permission' => 'document'
+        ]);
+
+        $this->assertEquals($response['headers']['status-code'], 409);
    }

    public function testDeleteAttribute(): array
--- a/tests/e2e/Services/Teams/TeamsBaseClient.php
+++ b/tests/e2e/Services/Teams/TeamsBaseClient.php
@ -391,11 +391,75 @@ trait TeamsBaseClient
    {
        $teamUid = $data['teamUid'] ?? '';
        $membershipUid = $data['membershipUid'] ?? '';
+        $session = $data['session'] ?? '';
+
+        $response = $this->client->call(Client::METHOD_GET, '/teams/'.$teamUid.'/memberships', array_merge([
+            'content-type' => 'application/json',
+            'x-appwrite-project' => $this->getProject()['$id'],
+        ], $this->getHeaders()));
+
+        $this->assertEquals(200, $response['headers']['status-code']);
+        $this->assertEquals(2, $response['body']['sum']);
        
+        $ownerMembershipUid = $response['body']['memberships'][0]['$id'];
+
+        /**
+         * Test for FAILURE
+         */
+
+        /**
+         * Test deleting a membership that does not exists
+         */
+        $response = $this->client->call(Client::METHOD_DELETE, '/teams/'.$teamUid.'/memberships/dne', [
+            'origin' => 'http://localhost',
+            'content-type' => 'application/json',
+            'x-appwrite-project' => $this->getProject()['$id'],
+            'cookie' => 'a_session_'.$this->getProject()['$id'].'='.$session,
+        ]);
+        
+        $this->assertEquals(404, $response['headers']['status-code']);
+
+        /**
+         * Test deleting another user's membership
+         */
+        $response = $this->client->call(Client::METHOD_DELETE, '/teams/'.$teamUid.'/memberships/'.$ownerMembershipUid, [
+            'origin' => 'http://localhost',
+            'content-type' => 'application/json',
+            'x-appwrite-project' => $this->getProject()['$id'],
+            'cookie' => 'a_session_'.$this->getProject()['$id'].'='.$session,
+        ]);
+        
+        $this->assertEquals(401, $response['headers']['status-code']);
+
        /**
         * Test for SUCCESS
         */
-        $response = $this->client->call(Client::METHOD_DELETE, '/teams/'.$teamUid.'/memberships/'.$membershipUid, array_merge([
+
+        /**
+         * Test for when a user other than the owner tries to delete their membership
+         */
+        $response = $this->client->call(Client::METHOD_DELETE, '/teams/'.$teamUid.'/memberships/'.$membershipUid, [
+            'origin' => 'http://localhost',
+            'content-type' => 'application/json',
+            'x-appwrite-project' => $this->getProject()['$id'],
+            'cookie' => 'a_session_'.$this->getProject()['$id'].'='.$session,
+        ]);
+        
+        $this->assertEquals(204, $response['headers']['status-code']);
+        $this->assertEmpty($response['body']);
+
+        $response = $this->client->call(Client::METHOD_GET, '/teams/'.$teamUid.'/memberships', array_merge([
+            'content-type' => 'application/json',
+            'x-appwrite-project' => $this->getProject()['$id'],
+        ], $this->getHeaders()));
+
+        $this->assertEquals(200, $response['headers']['status-code']);
+        $this->assertEquals(1, $response['body']['sum']);
+
+        /**
+         * Test for when the owner tries to delete their membership
+         */
+        $response = $this->client->call(Client::METHOD_DELETE, '/teams/'.$teamUid.'/memberships/'.$ownerMembershipUid, array_merge([
            'origin' => 'http://localhost',
            'content-type' => 'application/json',
            'x-appwrite-project' => $this->getProject()['$id'],
@ -404,10 +468,7 @@ trait TeamsBaseClient
        $this->assertEquals(204, $response['headers']['status-code']);
        $this->assertEmpty($response['body']);

-        /**
-         * Test for FAILURE
-         */
-        $response = $this->client->call(Client::METHOD_GET, '/teams/'.$teamUid.'/memberships/'.$membershipUid, array_merge([
+        $response = $this->client->call(Client::METHOD_GET, '/teams/'.$teamUid.'/memberships/'.$ownerMembershipUid, array_merge([
            'origin' => 'http://localhost',
            'content-type' => 'application/json',
            'x-appwrite-project' => $this->getProject()['$id'],