diff --git a/app/controllers/api/account.php b/app/controllers/api/account.php index c028409dc..775604152 100644 --- a/app/controllers/api/account.php +++ b/app/controllers/api/account.php @@ -88,11 +88,9 @@ App::post('/v1/account') } } - Authorization::disable(); - try { $userId = $userId == 'unique()' ? $dbForInternal->getId() : $userId; - $user = $dbForInternal->createDocument('users', new Document([ + $user = Authorization::skip(fn() => $dbForInternal->createDocument('users', new Document([ '$id' => $userId, '$read' => ['role:all'], '$write' => ['user:' . $userId], @@ -110,13 +108,11 @@ App::post('/v1/account') 'memberships' => [], 'search' => implode(' ', [$userId, $email, $name]), 'deleted' => false - ])); + ]))); } catch (Duplicate $th) { throw new Exception('Account already exists', 409); } - Authorization::reset(); - Authorization::unsetRole('role:' . Auth::USER_ROLE_GUEST); Authorization::setRole('user:' . $user->getId()); Authorization::setRole('role:' . Auth::USER_ROLE_MEMBER); @@ -490,11 +486,9 @@ App::get('/v1/account/sessions/oauth2/:provider/redirect') } } - Authorization::disable(); - try { $userId = $dbForInternal->getId(); - $user = $dbForInternal->createDocument('users', new Document([ + $user = Authorization::skip(fn() => $dbForInternal->createDocument('users', new Document([ '$id' => $userId, '$read' => ['role:all'], '$write' => ['user:' . $userId], @@ -512,12 +506,10 @@ App::get('/v1/account/sessions/oauth2/:provider/redirect') 'memberships' => [], 'search' => implode(' ', [$userId, $email, $name]), 'deleted' => false - ])); + ]))); } catch (Duplicate $th) { throw new Exception('Account already exists', 409); } - - Authorization::reset(); } } @@ -939,10 +931,8 @@ App::post('/v1/account/sessions/anonymous') } } - Authorization::disable(); - $userId = $dbForInternal->getId(); - $user = $dbForInternal->createDocument('users', new Document([ + $user = Authorization::skip(fn() => $dbForInternal->createDocument('users', new Document([ '$id' => $userId, '$read' => ['role:all'], '$write' => ['user:' . $userId], @@ -960,9 +950,7 @@ App::post('/v1/account/sessions/anonymous') 'memberships' => [], 'search' => $userId, 'deleted' => false - ])); - - Authorization::reset(); + ]))); // Create session token diff --git a/app/controllers/api/functions.php b/app/controllers/api/functions.php index 869efadeb..cfa999e46 100644 --- a/app/controllers/api/functions.php +++ b/app/controllers/api/functions.php @@ -700,15 +700,13 @@ App::post('/v1/functions/:functionId/executions') /** @var Utopia\Database\Database $dbForInternal */ /** @var Utopia\Database\Document $user */ - Authorization::disable(); - - $function = $dbForInternal->getDocument('functions', $functionId); + $function = Authorization::skip(fn() => $dbForInternal->getDocument('functions', $functionId)); if ($function->isEmpty()) { throw new Exception('Function not found', 404); } - $tag = $dbForInternal->getDocument('tags', $function->getAttribute('tag')); + $tag = Authorization::skip(fn() => $dbForInternal->getDocument('tags', $function->getAttribute('tag'))); if ($tag->getAttribute('functionId') !== $function->getId()) { throw new Exception('Tag not found. Deploy tag before trying to execute a function', 404); @@ -718,19 +716,15 @@ App::post('/v1/functions/:functionId/executions') throw new Exception('Tag not found. Deploy tag before trying to execute a function', 404); } - Authorization::reset(); - $validator = new Authorization($function, 'execute'); if (!$validator->isValid($function->getAttribute('execute'))) { // Check if user has write access to execute function throw new Exception($validator->getDescription(), 401); } - Authorization::disable(); - $executionId = $dbForInternal->getId(); - $execution = $dbForInternal->createDocument('executions', new Document([ + $execution = Authorization::skip(fn() => $dbForInternal->createDocument('executions', new Document([ '$id' => $executionId, '$read' => (!$user->isEmpty()) ? ['user:' . $user->getId()] : [], '$write' => [], @@ -744,9 +738,7 @@ App::post('/v1/functions/:functionId/executions') 'stderr' => '', 'time' => 0.0, 'search' => implode(' ', [$functionId, $executionId]), - ])); - - Authorization::reset(); + ]))); $jwt = ''; // initialize if (!$user->isEmpty()) { // If userId exists, generate a JWT for function @@ -856,10 +848,8 @@ App::get('/v1/functions/:functionId/executions/:executionId') ->action(function ($functionId, $executionId, $response, $dbForInternal) { /** @var Appwrite\Utopia\Response $response */ /** @var Utopia\Database\Database $dbForInternal */ - - Authorization::disable(); - $function = $dbForInternal->getDocument('functions', $functionId); - Authorization::reset(); + + $function = Authorization::skip(fn() => $dbForInternal->getDocument('functions', $functionId)); if ($function->isEmpty()) { throw new Exception('Function not found', 404); diff --git a/app/controllers/api/teams.php b/app/controllers/api/teams.php index 176aab610..90eb6afe6 100644 --- a/app/controllers/api/teams.php +++ b/app/controllers/api/teams.php @@ -47,13 +47,11 @@ App::post('/v1/teams') /** @var Utopia\Database\Database $dbForInternal */ /** @var Appwrite\Event\Event $events */ - Authorization::disable(); - $isPrivilegedUser = Auth::isPrivilegedUser(Authorization::getRoles()); $isAppUser = Auth::isAppUser(Authorization::getRoles()); $teamId = $teamId == 'unique()' ? $dbForInternal->getId() : $teamId; - $team = $dbForInternal->createDocument('teams', new Document([ + $team = Authorization::skip(fn() => $dbForInternal->createDocument('teams', new Document([ '$id' => $teamId , '$read' => ['team:'.$teamId], '$write' => ['team:'.$teamId .'/owner'], @@ -61,9 +59,7 @@ App::post('/v1/teams') 'sum' => ($isPrivilegedUser || $isAppUser) ? 0 : 1, 'dateCreated' => \time(), 'search' => implode(' ', [$teamId, $name]), - ])); - - Authorization::reset(); + ]))); if (!$isPrivilegedUser && !$isAppUser) { // Don't add user on server mode $membership = new Document([ @@ -318,11 +314,9 @@ App::post('/v1/teams/:teamId/memberships') } } - Authorization::disable(); - try { $userId = $dbForInternal->getId(); - $invitee = $dbForInternal->createDocument('users', new Document([ + $invitee = Authorization::skip(fn() => $dbForInternal->createDocument('users', new Document([ '$id' => $userId, '$read' => ['user:'.$userId, 'role:all'], '$write' => ['user:'.$userId], @@ -344,12 +338,10 @@ App::post('/v1/teams/:teamId/memberships') 'tokens' => [], 'memberships' => [], 'search' => implode(' ', [$userId, $email, $name]), - ])); + ]))); } catch (Duplicate $th) { throw new Exception('Account already exists', 409); } - - Authorization::reset(); } $isOwner = Authorization::isRole('team:'.$team->getId().'/owner');; @@ -374,21 +366,18 @@ App::post('/v1/teams/:teamId/memberships') ]); if ($isPrivilegedUser || $isAppUser) { // Allow admin to create membership - Authorization::disable(); try { - $membership = $dbForInternal->createDocument('memberships', $membership); + $membership = Authorization::skip(fn() => $dbForInternal->createDocument('memberships', $membership)); } catch (Duplicate $th) { throw new Exception('User has already been invited or is already a member of this team', 409); } - - $team = $dbForInternal->updateDocument('teams', $team->getId(), $team->setAttribute('sum', $team->getAttribute('sum', 0) + 1)); + $team->setAttribute('sum', $team->getAttribute('sum', 0) + 1); + $team = Authorization::skip(fn() => $dbForInternal->updateDocument('teams', $team->getId(), $team)); // Attach user to team $invitee->setAttribute('memberships', $membership, Document::SET_TYPE_APPEND); - $invitee = $dbForInternal->updateDocument('users', $invitee->getId(), $invitee); - - Authorization::reset(); + $invitee = Authorization::skip(fn() => $dbForInternal->updateDocument('users', $invitee->getId(), $invitee)); } else { try { $membership = $dbForInternal->createDocument('memberships', $membership); @@ -702,11 +691,7 @@ App::patch('/v1/teams/:teamId/memberships/:membershipId/status') $user = $dbForInternal->updateDocument('users', $user->getId(), $user); $membership = $dbForInternal->updateDocument('memberships', $membership->getId(), $membership); - Authorization::disable(); - - $team = $dbForInternal->updateDocument('teams', $team->getId(), $team->setAttribute('sum', $team->getAttribute('sum', 0) + 1)); - - Authorization::reset(); + $team = Authorization::skip(fn() => $dbForInternal->updateDocument('teams', $team->getId(), $team->setAttribute('sum', $team->getAttribute('sum', 0) + 1))); $audits ->setParam('userId', $user->getId()) @@ -791,14 +776,13 @@ App::delete('/v1/teams/:teamId/memberships/:membershipId') } } - Authorization::disable(); + $user->setAttribute('memberships', $memberships); - $dbForInternal->updateDocument('users', $user->getId(), $user->setAttribute('memberships', $memberships)); - - Authorization::reset(); + Authorization::skip(fn() => $dbForInternal->updateDocument('users', $user->getId(), $user)); if ($membership->getAttribute('confirm')) { // Count only confirmed members - $team = $dbForInternal->updateDocument('teams', $team->getId(), $team->setAttribute('sum', \max($team->getAttribute('sum', 0) - 1, 0))); + $team->setAttribute('sum', \max($team->getAttribute('sum', 0) - 1, 0)); + $team = $dbForInternal->updateDocument('teams', $team->getId(), $team); } $audits diff --git a/app/init.php b/app/init.php index 9495bc7b8..1f967e926 100644 --- a/app/init.php +++ b/app/init.php @@ -706,18 +706,13 @@ App::setResource('project', function($dbForConsole, $request, $console) { /** @var Utopia\Database\Database $dbForConsole */ /** @var Utopia\Database\Document $console */ - $projectId = $request->getParam('project', - $request->getHeader('x-appwrite-project', 'console')); - + $projectId = $request->getParam('project', $request->getHeader('x-appwrite-project', 'console')); + if($projectId === 'console') { return $console; } - Authorization::disable(); - - $project = $dbForConsole->getDocument('projects', $projectId); - - Authorization::reset(); + $project = Authorization::skip(fn() => $dbForConsole->getDocument('projects', $projectId)); return $project; }, ['dbForConsole', 'request', 'console']);