Merge pull request #976 from appwrite/feat-execution-permission
Feat execution permission
This commit is contained in:
commit
bade0932cb
|
@ -1,7 +1,14 @@
|
|||
# Version 0.8.0 (Not Released Yet)
|
||||
|
||||
## Features
|
||||
|
||||
- Anonymous login
|
||||
|
||||
## Breaking Changes
|
||||
|
||||
- Only logged in users can execute functions (for guests, use anonymous login)
|
||||
- Only the user who has triggered the execution get access to the relevant execution logs
|
||||
|
||||
# Version 0.7.1
|
||||
|
||||
## Features
|
||||
|
|
|
@ -60,8 +60,6 @@ return [
|
|||
'files.read',
|
||||
'locale.read',
|
||||
'avatars.read',
|
||||
'execution.read',
|
||||
'execution.write',
|
||||
],
|
||||
],
|
||||
Auth::USER_ROLE_MEMBER => [
|
||||
|
|
|
@ -676,10 +676,12 @@ App::post('/v1/functions/:functionId/executions')
|
|||
->inject('response')
|
||||
->inject('project')
|
||||
->inject('projectDB')
|
||||
->action(function ($functionId, /*$async,*/ $response, $project, $projectDB) {
|
||||
->inject('user')
|
||||
->action(function ($functionId, /*$async,*/ $response, $project, $projectDB, $user) {
|
||||
/** @var Appwrite\Utopia\Response $response */
|
||||
/** @var Appwrite\Database\Document $project */
|
||||
/** @var Appwrite\Database\Database $projectDB */
|
||||
/** @var Appwrite\Database\Document $user */
|
||||
|
||||
Authorization::disable();
|
||||
|
||||
|
@ -712,7 +714,7 @@ App::post('/v1/functions/:functionId/executions')
|
|||
$execution = $projectDB->createDocument([
|
||||
'$collection' => Database::SYSTEM_COLLECTION_EXECUTIONS,
|
||||
'$permissions' => [
|
||||
'read' => $function->getPermissions()['execute'] ?? [],
|
||||
'read' => (!empty($user->getId())) ? ['user:' . $user->getId()] : [],
|
||||
'write' => [],
|
||||
],
|
||||
'dateCreated' => time(),
|
||||
|
|
|
@ -113,6 +113,15 @@ class FunctionsCustomClientTest extends Scope
|
|||
|
||||
$this->assertEquals(201, $execution['headers']['status-code']);
|
||||
|
||||
$execution = $this->client->call(Client::METHOD_POST, '/functions/'.$function['body']['$id'].'/executions', array_merge([
|
||||
'content-type' => 'application/json',
|
||||
'x-appwrite-project' => $this->getProject()['$id'],
|
||||
]), [
|
||||
'async' => 1,
|
||||
]);
|
||||
|
||||
$this->assertEquals(401, $execution['headers']['status-code']);
|
||||
|
||||
return [];
|
||||
}
|
||||
}
|
Loading…
Reference in a new issue