From b69deb594d79c9f1379a1edfbc3fc15e54881547 Mon Sep 17 00:00:00 2001
From: Eldad Fux <eldad.fux@gmail.com>
Date: Mon, 15 Mar 2021 00:33:59 +0200
Subject: [PATCH] Allow permission reset

---
 app/controllers/api/database.php | 12 ++----------
 1 file changed, 2 insertions(+), 10 deletions(-)

diff --git a/app/controllers/api/database.php b/app/controllers/api/database.php
index 77de5953a..c386749ca 100644
--- a/app/controllers/api/database.php
+++ b/app/controllers/api/database.php
@@ -535,20 +535,12 @@ App::patch('/v1/database/collections/:collectionId/documents/:documentId')
             throw new Exception('No document found', 404);
         }
 
-        //TODO check merge read write permissions
-
-        if (!empty($read)) { // Overwrite permissions only when passed
-            $data['$permissions']['read'] = $read;
-        }
-
-        if (!empty($write)) { // Overwrite permissions only when passed
-            $data['$permissions']['write'] = $write;
-        }
-
         $data = \array_merge($document->getArrayCopy(), $data);
 
         $data['$collection'] = $collection->getId(); // Make sure user don't switch collectionID
         $data['$id'] = $document->getId(); // Make sure user don't switch document unique ID
+        $data['$permissions']['read'] = $read;
+        $data['$permissions']['write'] = $write;
 
         if (empty($data)) {
             throw new Exception('Missing payload', 400);