Merge pull request #976 from appwrite/feat-execution-permission

Feat execution permission
2024-06-29 03:30:34 +12:00 · 2021-03-17 22:54:46 +02:00 · 2021-03-17 22:54:46 +02:00 · bade0932cb
parent 45e09210c9 0a0d46ff05
commit bade0932cb
4 changed files with 20 additions and 4 deletions
--- a/CHANGES.md
+++ b/CHANGES.md
@ -1,7 +1,14 @@
 # Version 0.8.0 (Not Released Yet)

+## Features
+
 - Anonymous login

+## Breaking Changes
+
+- Only logged in users can execute functions (for guests, use anonymous login)
+- Only the user who has triggered the execution get access to the relevant execution logs
+
 # Version 0.7.1

 ## Features
--- a/app/config/roles.php
+++ b/app/config/roles.php
@ -60,8 +60,6 @@ return [
            'files.read',
            'locale.read',
            'avatars.read',
-            'execution.read',
-            'execution.write',
        ],
    ],
    Auth::USER_ROLE_MEMBER => [
--- a/app/controllers/api/functions.php
+++ b/app/controllers/api/functions.php
@ -676,10 +676,12 @@ App::post('/v1/functions/:functionId/executions')
    ->inject('response')
    ->inject('project')
    ->inject('projectDB')
-    ->action(function ($functionId, /*$async,*/ $response, $project, $projectDB) {
+    ->inject('user')
+    ->action(function ($functionId, /*$async,*/ $response, $project, $projectDB, $user) {
        /** @var Appwrite\Utopia\Response $response */
        /** @var Appwrite\Database\Document $project */
        /** @var Appwrite\Database\Database $projectDB */
+        /** @var Appwrite\Database\Document $user */

        Authorization::disable();

@ -712,7 +714,7 @@ App::post('/v1/functions/:functionId/executions')
        $execution = $projectDB->createDocument([
            '$collection' => Database::SYSTEM_COLLECTION_EXECUTIONS,
            '$permissions' => [
-                'read' => $function->getPermissions()['execute'] ?? [],
+                'read' => (!empty($user->getId())) ? ['user:' . $user->getId()] : [],
                'write' => [],
            ],
            'dateCreated' => time(),
--- a/tests/e2e/Services/Functions/FunctionsCustomClientTest.php
+++ b/tests/e2e/Services/Functions/FunctionsCustomClientTest.php
@ -113,6 +113,15 @@ class FunctionsCustomClientTest extends Scope

        $this->assertEquals(201, $execution['headers']['status-code']);
       
+        $execution = $this->client->call(Client::METHOD_POST, '/functions/'.$function['body']['$id'].'/executions', array_merge([
+            'content-type' => 'application/json',
+            'x-appwrite-project' => $this->getProject()['$id'],
+        ]), [
+            'async' => 1,
+        ]);
+
+        $this->assertEquals(401, $execution['headers']['status-code']);
+       
        return [];
    }
 }