Fix console/API key checks
This commit is contained in:
parent
ff83751450
commit
b196914638
4 changed files with 77 additions and 57 deletions
|
@ -2664,12 +2664,13 @@ App::post('/v1/databases/:databaseId/collections/:collectionId/documents')
|
|||
|
||||
$database = Authorization::skip(fn() => $dbForProject->getDocument('databases', $databaseId));
|
||||
|
||||
$isAdminMode = $mode === APP_MODE_ADMIN;
|
||||
$isAppUser = Auth::isAppUser(Authorization::getRoles());
|
||||
$isAPIKey = Auth::isAppUser(Authorization::getRoles());
|
||||
$isPrivilegedUser = Auth::isPrivilegedUser(Authorization::getRoles());
|
||||
$isAdminMode = $mode === APP_MODE_ADMIN;
|
||||
$isConsole = $isAdminMode && $isPrivilegedUser;
|
||||
|
||||
if ($database->isEmpty() || !$database->getAttribute('enabled')) {
|
||||
if (!($isAdminMode && ($isAppUser || $isPrivilegedUser))) {
|
||||
if (!$isConsole && !$isAPIKey) {
|
||||
throw new Exception(Exception::DATABASE_NOT_FOUND);
|
||||
}
|
||||
}
|
||||
|
@ -2677,7 +2678,7 @@ App::post('/v1/databases/:databaseId/collections/:collectionId/documents')
|
|||
$collection = Authorization::skip(fn() => $dbForProject->getDocument('database_' . $database->getInternalId(), $collectionId));
|
||||
|
||||
if ($collection->isEmpty() || !$collection->getAttribute('enabled')) {
|
||||
if (!($isAdminMode && ($isAppUser || $isPrivilegedUser))) {
|
||||
if (!$isConsole && !$isAPIKey) {
|
||||
throw new Exception(Exception::COLLECTION_NOT_FOUND);
|
||||
}
|
||||
}
|
||||
|
@ -2889,19 +2890,20 @@ App::get('/v1/databases/:databaseId/collections/:collectionId/documents')
|
|||
|
||||
$database = Authorization::skip(fn() => $dbForProject->getDocument('databases', $databaseId));
|
||||
|
||||
$isAdminMode = $mode === APP_MODE_ADMIN;
|
||||
$isAppUser = Auth::isAppUser(Authorization::getRoles());
|
||||
$isAPIKey = Auth::isAppUser(Authorization::getRoles());
|
||||
$isPrivilegedUser = Auth::isPrivilegedUser(Authorization::getRoles());
|
||||
$isAdminMode = $mode === APP_MODE_ADMIN;
|
||||
$isConsole = $isAdminMode && $isPrivilegedUser;
|
||||
|
||||
if ($database->isEmpty() || !$database->getAttribute('enabled')) {
|
||||
if (!($isAdminMode && ($isAppUser || $isPrivilegedUser))) {
|
||||
if (!$isConsole && !$isAPIKey) {
|
||||
throw new Exception(Exception::DATABASE_NOT_FOUND);
|
||||
}
|
||||
}
|
||||
|
||||
$collection = Authorization::skip(fn() => $dbForProject->getDocument('database_' . $database->getInternalId(), $collectionId));
|
||||
|
||||
if (!($isAdminMode && ($isAppUser || $isPrivilegedUser))) {
|
||||
if (!($isAdminMode && ($isAPIKey || $isPrivilegedUser))) {
|
||||
if (!$collection->getAttribute('documentSecurity', false)) {
|
||||
$validator = new Authorization(Database::PERMISSION_READ);
|
||||
if (!$validator->isValid($collection->getRead())) {
|
||||
|
@ -2911,7 +2913,7 @@ App::get('/v1/databases/:databaseId/collections/:collectionId/documents')
|
|||
}
|
||||
|
||||
if ($collection->isEmpty() || !$collection->getAttribute('enabled')) {
|
||||
if (!($isAdminMode && ($isAppUser || $isPrivilegedUser))) {
|
||||
if (!$isConsole && !$isAPIKey) {
|
||||
throw new Exception(Exception::COLLECTION_NOT_FOUND);
|
||||
}
|
||||
}
|
||||
|
@ -3031,12 +3033,14 @@ App::get('/v1/databases/:databaseId/collections/:collectionId/documents/:documen
|
|||
|
||||
$database = Authorization::skip(fn() => $dbForProject->getDocument('databases', $databaseId));
|
||||
|
||||
$isAdminMode = $mode === APP_MODE_ADMIN;
|
||||
$isAppUser = Auth::isAppUser(Authorization::getRoles());
|
||||
$isAPIKey = Auth::isAppUser(Authorization::getRoles());
|
||||
$isPrivilegedUser = Auth::isPrivilegedUser(Authorization::getRoles());
|
||||
$isAdminMode = $mode === APP_MODE_ADMIN;
|
||||
$isConsole = $isAdminMode && $isPrivilegedUser;
|
||||
|
||||
|
||||
if ($database->isEmpty() || !$database->getAttribute('enabled')) {
|
||||
if (!($isAdminMode && ($isAppUser || $isPrivilegedUser))) {
|
||||
if (!$isConsole && !$isAPIKey) {
|
||||
throw new Exception(Exception::DATABASE_NOT_FOUND);
|
||||
}
|
||||
}
|
||||
|
@ -3044,7 +3048,7 @@ App::get('/v1/databases/:databaseId/collections/:collectionId/documents/:documen
|
|||
$collection = Authorization::skip(fn() => $dbForProject->getDocument('database_' . $database->getInternalId(), $collectionId));
|
||||
|
||||
if ($collection->isEmpty() || !$collection->getAttribute('enabled')) {
|
||||
if (!($isAdminMode && ($isAppUser || $isPrivilegedUser))) {
|
||||
if (!$isConsole && !$isAPIKey) {
|
||||
throw new Exception(Exception::COLLECTION_NOT_FOUND);
|
||||
}
|
||||
}
|
||||
|
@ -3249,12 +3253,14 @@ App::patch('/v1/databases/:databaseId/collections/:collectionId/documents/:docum
|
|||
|
||||
$database = Authorization::skip(fn() => $dbForProject->getDocument('databases', $databaseId));
|
||||
|
||||
$isAdminMode = $mode === APP_MODE_ADMIN;
|
||||
$isAppUser = Auth::isAppUser(Authorization::getRoles());
|
||||
$isAPIKey = Auth::isAppUser(Authorization::getRoles());
|
||||
$isPrivilegedUser = Auth::isPrivilegedUser(Authorization::getRoles());
|
||||
$isAdminMode = $mode === APP_MODE_ADMIN;
|
||||
$isConsole = $isAdminMode && $isPrivilegedUser;
|
||||
|
||||
|
||||
if ($database->isEmpty() || !$database->getAttribute('enabled')) {
|
||||
if (!($isAdminMode && ($isAppUser || $isPrivilegedUser))) {
|
||||
if (!$isConsole && !$isAPIKey) {
|
||||
throw new Exception(Exception::DATABASE_NOT_FOUND);
|
||||
}
|
||||
}
|
||||
|
@ -3262,7 +3268,7 @@ App::patch('/v1/databases/:databaseId/collections/:collectionId/documents/:docum
|
|||
$collection = Authorization::skip(fn() => $dbForProject->getDocument('database_' . $database->getInternalId(), $collectionId));
|
||||
|
||||
if ($collection->isEmpty() || !$collection->getAttribute('enabled')) {
|
||||
if (!($isAdminMode && ($isAppUser || $isPrivilegedUser))) {
|
||||
if (!$isConsole && !$isAPIKey) {
|
||||
throw new Exception(Exception::COLLECTION_NOT_FOUND);
|
||||
}
|
||||
}
|
||||
|
@ -3493,12 +3499,14 @@ App::delete('/v1/databases/:databaseId/collections/:collectionId/documents/:docu
|
|||
|
||||
$database = Authorization::skip(fn() => $dbForProject->getDocument('databases', $databaseId));
|
||||
|
||||
$isAdminMode = $mode === APP_MODE_ADMIN;
|
||||
$isAppUser = Auth::isAppUser(Authorization::getRoles());
|
||||
$isAPIKey = Auth::isAppUser(Authorization::getRoles());
|
||||
$isPrivilegedUser = Auth::isPrivilegedUser(Authorization::getRoles());
|
||||
$isAdminMode = $mode === APP_MODE_ADMIN;
|
||||
$isConsole = $isAdminMode && $isPrivilegedUser;
|
||||
|
||||
|
||||
if ($database->isEmpty() || !$database->getAttribute('enabled')) {
|
||||
if (!($isAdminMode && ($isAppUser || $isPrivilegedUser))) {
|
||||
if (!$isConsole && !$isAPIKey) {
|
||||
throw new Exception(Exception::DATABASE_NOT_FOUND);
|
||||
}
|
||||
}
|
||||
|
@ -3506,7 +3514,7 @@ App::delete('/v1/databases/:databaseId/collections/:collectionId/documents/:docu
|
|||
$collection = Authorization::skip(fn() => $dbForProject->getDocument('database_' . $database->getInternalId(), $collectionId));
|
||||
|
||||
if ($collection->isEmpty() || !$collection->getAttribute('enabled')) {
|
||||
if (!($isAdminMode && ($isAppUser || $isPrivilegedUser))) {
|
||||
if (!$isConsole && !$isAPIKey) {
|
||||
throw new Exception(Exception::COLLECTION_NOT_FOUND);
|
||||
}
|
||||
}
|
||||
|
|
|
@ -1038,11 +1038,12 @@ App::post('/v1/functions/:functionId/executions')
|
|||
$function = Authorization::skip(fn () => $dbForProject->getDocument('functions', $functionId));
|
||||
|
||||
if ($function->isEmpty() || !$function->getAttribute('enabled')) {
|
||||
$isAdminMode = $mode === APP_MODE_ADMIN;
|
||||
$isAppUser = Auth::isAppUser(Authorization::getRoles());
|
||||
$isAPIKey = Auth::isAppUser(Authorization::getRoles());
|
||||
$isPrivilegedUser = Auth::isPrivilegedUser(Authorization::getRoles());
|
||||
$isAdminMode = $mode === APP_MODE_ADMIN;
|
||||
$isConsole = $isAdminMode && $isPrivilegedUser;
|
||||
|
||||
if (!($isAdminMode && ($isAppUser || $isPrivilegedUser))) {
|
||||
if (!$isConsole && !$isAPIKey) {
|
||||
throw new Exception(Exception::FUNCTION_NOT_FOUND);
|
||||
}
|
||||
}
|
||||
|
@ -1237,11 +1238,12 @@ App::get('/v1/functions/:functionId/executions')
|
|||
$function = Authorization::skip(fn () => $dbForProject->getDocument('functions', $functionId));
|
||||
|
||||
if ($function->isEmpty() || !$function->getAttribute('enabled')) {
|
||||
$isAdminMode = $mode === APP_MODE_ADMIN;
|
||||
$isAppUser = Auth::isAppUser(Authorization::getRoles());
|
||||
$isAPIKey = Auth::isAppUser(Authorization::getRoles());
|
||||
$isPrivilegedUser = Auth::isPrivilegedUser(Authorization::getRoles());
|
||||
$isAdminMode = $mode === APP_MODE_ADMIN;
|
||||
$isConsole = $isAdminMode && $isPrivilegedUser;
|
||||
|
||||
if (!($isAdminMode && ($isAppUser || $isPrivilegedUser))) {
|
||||
if (!$isConsole && !$isAPIKey) {
|
||||
throw new Exception(Exception::FUNCTION_NOT_FOUND);
|
||||
}
|
||||
}
|
||||
|
@ -1313,11 +1315,12 @@ App::get('/v1/functions/:functionId/executions/:executionId')
|
|||
$function = Authorization::skip(fn () => $dbForProject->getDocument('functions', $functionId));
|
||||
|
||||
if ($function->isEmpty() || !$function->getAttribute('enabled')) {
|
||||
$isAdminMode = $mode === APP_MODE_ADMIN;
|
||||
$isAppUser = Auth::isAppUser(Authorization::getRoles());
|
||||
$isAPIKey = Auth::isAppUser(Authorization::getRoles());
|
||||
$isPrivilegedUser = Auth::isPrivilegedUser(Authorization::getRoles());
|
||||
$isAdminMode = $mode === APP_MODE_ADMIN;
|
||||
$isConsole = $isAdminMode && $isPrivilegedUser;
|
||||
|
||||
if (!($isAdminMode && ($isAppUser || $isPrivilegedUser))) {
|
||||
if (!$isConsole && !$isAPIKey) {
|
||||
throw new Exception(Exception::FUNCTION_NOT_FOUND);
|
||||
}
|
||||
}
|
||||
|
|
|
@ -365,11 +365,12 @@ App::post('/v1/storage/buckets/:bucketId/files')
|
|||
$bucket = Authorization::skip(fn () => $dbForProject->getDocument('buckets', $bucketId));
|
||||
|
||||
if ($bucket->isEmpty() || !$bucket->getAttribute('enabled')) {
|
||||
$isAdminMode = $mode === APP_MODE_ADMIN;
|
||||
$isAppUser = Auth::isAppUser(Authorization::getRoles());
|
||||
$isAPIKey = Auth::isAppUser(Authorization::getRoles());
|
||||
$isPrivilegedUser = Auth::isPrivilegedUser(Authorization::getRoles());
|
||||
$isAdminMode = $mode === APP_MODE_ADMIN;
|
||||
$isConsole = $isAdminMode && $isPrivilegedUser;
|
||||
|
||||
if (!($isAdminMode && ($isAppUser || $isPrivilegedUser))) {
|
||||
if (!$isConsole && !$isAPIKey) {
|
||||
throw new Exception(Exception::STORAGE_BUCKET_NOT_FOUND);
|
||||
}
|
||||
}
|
||||
|
@ -699,11 +700,12 @@ App::get('/v1/storage/buckets/:bucketId/files')
|
|||
$bucket = Authorization::skip(fn () => $dbForProject->getDocument('buckets', $bucketId));
|
||||
|
||||
if ($bucket->isEmpty() || !$bucket->getAttribute('enabled')) {
|
||||
$isAdminMode = $mode === APP_MODE_ADMIN;
|
||||
$isAppUser = Auth::isAppUser(Authorization::getRoles());
|
||||
$isAPIKey = Auth::isAppUser(Authorization::getRoles());
|
||||
$isPrivilegedUser = Auth::isPrivilegedUser(Authorization::getRoles());
|
||||
$isAdminMode = $mode === APP_MODE_ADMIN;
|
||||
$isConsole = $isAdminMode && $isPrivilegedUser;
|
||||
|
||||
if (!($isAdminMode && ($isAppUser || $isPrivilegedUser))) {
|
||||
if (!$isConsole && !$isAPIKey) {
|
||||
throw new Exception(Exception::STORAGE_BUCKET_NOT_FOUND);
|
||||
}
|
||||
}
|
||||
|
@ -781,11 +783,12 @@ App::get('/v1/storage/buckets/:bucketId/files/:fileId')
|
|||
$bucket = Authorization::skip(fn () => $dbForProject->getDocument('buckets', $bucketId));
|
||||
|
||||
if ($bucket->isEmpty() || !$bucket->getAttribute('enabled')) {
|
||||
$isAdminMode = $mode === APP_MODE_ADMIN;
|
||||
$isAppUser = Auth::isAppUser(Authorization::getRoles());
|
||||
$isAPIKey = Auth::isAppUser(Authorization::getRoles());
|
||||
$isPrivilegedUser = Auth::isPrivilegedUser(Authorization::getRoles());
|
||||
$isAdminMode = $mode === APP_MODE_ADMIN;
|
||||
$isConsole = $isAdminMode && $isPrivilegedUser;
|
||||
|
||||
if (!($isAdminMode && ($isAppUser || $isPrivilegedUser))) {
|
||||
if (!$isConsole && !$isAPIKey) {
|
||||
throw new Exception(Exception::STORAGE_BUCKET_NOT_FOUND);
|
||||
}
|
||||
}
|
||||
|
@ -856,11 +859,12 @@ App::get('/v1/storage/buckets/:bucketId/files/:fileId/preview')
|
|||
$bucket = Authorization::skip(fn () => $dbForProject->getDocument('buckets', $bucketId));
|
||||
|
||||
if ($bucket->isEmpty() || !$bucket->getAttribute('enabled')) {
|
||||
$isAdminMode = $mode === APP_MODE_ADMIN;
|
||||
$isAppUser = Auth::isAppUser(Authorization::getRoles());
|
||||
$isAPIKey = Auth::isAppUser(Authorization::getRoles());
|
||||
$isPrivilegedUser = Auth::isPrivilegedUser(Authorization::getRoles());
|
||||
$isAdminMode = $mode === APP_MODE_ADMIN;
|
||||
$isConsole = $isAdminMode && $isPrivilegedUser;
|
||||
|
||||
if (!($isAdminMode && ($isAppUser || $isPrivilegedUser))) {
|
||||
if (!$isConsole && !$isAPIKey) {
|
||||
throw new Exception(Exception::STORAGE_BUCKET_NOT_FOUND);
|
||||
}
|
||||
}
|
||||
|
@ -1008,11 +1012,12 @@ App::get('/v1/storage/buckets/:bucketId/files/:fileId/download')
|
|||
$bucket = Authorization::skip(fn () => $dbForProject->getDocument('buckets', $bucketId));
|
||||
|
||||
if ($bucket->isEmpty() || !$bucket->getAttribute('enabled')) {
|
||||
$isAdminMode = $mode === APP_MODE_ADMIN;
|
||||
$isAppUser = Auth::isAppUser(Authorization::getRoles());
|
||||
$isAPIKey = Auth::isAppUser(Authorization::getRoles());
|
||||
$isPrivilegedUser = Auth::isPrivilegedUser(Authorization::getRoles());
|
||||
$isAdminMode = $mode === APP_MODE_ADMIN;
|
||||
$isConsole = $isAdminMode && $isPrivilegedUser;
|
||||
|
||||
if (!($isAdminMode && ($isAppUser || $isPrivilegedUser))) {
|
||||
if (!$isConsole && !$isAPIKey) {
|
||||
throw new Exception(Exception::STORAGE_BUCKET_NOT_FOUND);
|
||||
}
|
||||
}
|
||||
|
@ -1154,11 +1159,12 @@ App::get('/v1/storage/buckets/:bucketId/files/:fileId/view')
|
|||
$bucket = Authorization::skip(fn () => $dbForProject->getDocument('buckets', $bucketId));
|
||||
|
||||
if ($bucket->isEmpty() || !$bucket->getAttribute('enabled')) {
|
||||
$isAdminMode = $mode === APP_MODE_ADMIN;
|
||||
$isAppUser = Auth::isAppUser(Authorization::getRoles());
|
||||
$isAPIKey = Auth::isAppUser(Authorization::getRoles());
|
||||
$isPrivilegedUser = Auth::isPrivilegedUser(Authorization::getRoles());
|
||||
$isAdminMode = $mode === APP_MODE_ADMIN;
|
||||
$isConsole = $isAdminMode && $isPrivilegedUser;
|
||||
|
||||
if (!($isAdminMode && ($isAppUser || $isPrivilegedUser))) {
|
||||
if (!$isConsole && !$isAPIKey) {
|
||||
throw new Exception(Exception::STORAGE_BUCKET_NOT_FOUND);
|
||||
}
|
||||
}
|
||||
|
@ -1319,11 +1325,12 @@ App::put('/v1/storage/buckets/:bucketId/files/:fileId')
|
|||
$bucket = Authorization::skip(fn () => $dbForProject->getDocument('buckets', $bucketId));
|
||||
|
||||
if ($bucket->isEmpty() || !$bucket->getAttribute('enabled')) {
|
||||
$isAdminMode = $mode === APP_MODE_ADMIN;
|
||||
$isAppUser = Auth::isAppUser(Authorization::getRoles());
|
||||
$isAPIKey = Auth::isAppUser(Authorization::getRoles());
|
||||
$isPrivilegedUser = Auth::isPrivilegedUser(Authorization::getRoles());
|
||||
$isAdminMode = $mode === APP_MODE_ADMIN;
|
||||
$isConsole = $isAdminMode && $isPrivilegedUser;
|
||||
|
||||
if (!($isAdminMode && ($isAppUser || $isPrivilegedUser))) {
|
||||
if (!$isConsole && !$isAPIKey) {
|
||||
throw new Exception(Exception::STORAGE_BUCKET_NOT_FOUND);
|
||||
}
|
||||
}
|
||||
|
@ -1430,11 +1437,12 @@ App::delete('/v1/storage/buckets/:bucketId/files/:fileId')
|
|||
$bucket = Authorization::skip(fn () => $dbForProject->getDocument('buckets', $bucketId));
|
||||
|
||||
if ($bucket->isEmpty() || !$bucket->getAttribute('enabled')) {
|
||||
$isAdminMode = $mode === APP_MODE_ADMIN;
|
||||
$isAppUser = Auth::isAppUser(Authorization::getRoles());
|
||||
$isAPIKey = Auth::isAppUser(Authorization::getRoles());
|
||||
$isPrivilegedUser = Auth::isPrivilegedUser(Authorization::getRoles());
|
||||
$isAdminMode = $mode === APP_MODE_ADMIN;
|
||||
$isConsole = $isAdminMode && $isPrivilegedUser;
|
||||
|
||||
if (!($isAdminMode && ($isAppUser || $isPrivilegedUser))) {
|
||||
if (!$isConsole && !$isAPIKey) {
|
||||
throw new Exception(Exception::STORAGE_BUCKET_NOT_FOUND);
|
||||
}
|
||||
}
|
||||
|
|
|
@ -232,11 +232,12 @@ App::init()
|
|||
$bucket = Authorization::skip(fn () => $dbForProject->getDocument('buckets', $bucketId));
|
||||
|
||||
if ($bucket->isEmpty() || !$bucket->getAttribute('enabled')) {
|
||||
$isAdminMode = $mode === APP_MODE_ADMIN;
|
||||
$isAppUser = Auth::isAppUser(Authorization::getRoles());
|
||||
$isAPIKey = Auth::isAppUser(Authorization::getRoles());
|
||||
$isPrivilegedUser = Auth::isPrivilegedUser(Authorization::getRoles());
|
||||
$isAdminMode = $mode === APP_MODE_ADMIN;
|
||||
$isConsole = $isAdminMode && $isPrivilegedUser;
|
||||
|
||||
if (!($isAdminMode && ($isAppUser || $isPrivilegedUser))) {
|
||||
if (!$isConsole && !$isAPIKey) {
|
||||
throw new Exception(Exception::STORAGE_BUCKET_NOT_FOUND);
|
||||
}
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue