From ce38e74ba20ec41ac82333396cc0e5a3311d9b14 Mon Sep 17 00:00:00 2001 From: Jake Barnby Date: Tue, 2 Aug 2022 21:21:53 +1200 Subject: [PATCH] Update remaining services to new permissions --- app/controllers/api/account.php | 92 ++++++++++++------- app/controllers/api/functions.php | 15 +-- app/controllers/api/projects.php | 30 ++++-- app/controllers/api/teams.php | 30 ++++-- app/controllers/api/users.php | 6 +- app/workers/builds.php | 3 +- app/workers/functions.php | 3 +- .../Utopia/Response/Model/Execution.php | 4 +- tests/e2e/Services/Webhooks/WebhooksBase.php | 42 +++------ .../Webhooks/WebhooksCustomServerTest.php | 12 +-- tests/unit/Messaging/MessagingTest.php | 54 +++++++---- 11 files changed, 169 insertions(+), 122 deletions(-) diff --git a/app/controllers/api/account.php b/app/controllers/api/account.php index 6c90441afb..f8f782b6a7 100644 --- a/app/controllers/api/account.php +++ b/app/controllers/api/account.php @@ -96,8 +96,10 @@ App::post('/v1/account') $userId = $userId == 'unique()' ? $dbForProject->getId() : $userId; $user = Authorization::skip(fn() => $dbForProject->createDocument('users', new Document([ '$id' => $userId, - '$read' => ['role:all'], - '$write' => ['user:' . $userId], + '$permissions' => [ + 'read(any)', + 'write(user:' . $userId . ')', + ], 'email' => $email, 'emailVerification' => false, 'status' => true, @@ -198,9 +200,10 @@ App::post('/v1/account/sessions/email') Authorization::setRole('user:' . $profile->getId()); - $session = $dbForProject->createDocument('sessions', $session - ->setAttribute('$read', ['user:' . $profile->getId()]) - ->setAttribute('$write', ['user:' . $profile->getId()])); + $session = $dbForProject->createDocument('sessions', $session->setAttribute('$permissions', [ + 'read(user:' . $profile->getId() . ')', + 'write(user:' . $profile->getId() . ')', + ])); $dbForProject->deleteCachedDocument('users', $profile->getId()); @@ -478,8 +481,10 @@ App::get('/v1/account/sessions/oauth2/:provider/redirect') $userId = $dbForProject->getId(); $user = Authorization::skip(fn() => $dbForProject->createDocument('users', new Document([ '$id' => $userId, - '$read' => ['role:all'], - '$write' => ['user:' . $userId], + '$permissions' => [ + 'read(any)', + 'write(user:' . $userId . ')', + ], 'email' => $email, 'emailVerification' => true, 'status' => true, // Email should already be authenticated by OAuth2 provider @@ -542,9 +547,10 @@ App::get('/v1/account/sessions/oauth2/:provider/redirect') $dbForProject->updateDocument('users', $user->getId(), $user); - $session = $dbForProject->createDocument('sessions', $session - ->setAttribute('$read', ['user:' . $user->getId()]) - ->setAttribute('$write', ['user:' . $user->getId()])); + $session = $dbForProject->createDocument('sessions', $session->setAttribute('$permissions', [ + 'read(user:' . $user->getId() . ')', + 'write(user:' . $user->getId() . ')', + ])); $dbForProject->deleteCachedDocument('users', $user->getId()); @@ -643,8 +649,10 @@ App::post('/v1/account/sessions/magic-url') $user = Authorization::skip(fn () => $dbForProject->createDocument('users', new Document([ '$id' => $userId, - '$read' => ['role:all'], - '$write' => ['user:' . $userId], + '$permissions' => [ + 'read(any)', + 'write(user: ' . $userId . ')', + ], 'email' => $email, 'emailVerification' => false, 'status' => true, @@ -678,8 +686,10 @@ App::post('/v1/account/sessions/magic-url') Authorization::setRole('user:' . $user->getId()); $token = $dbForProject->createDocument('tokens', $token - ->setAttribute('$read', ['user:' . $user->getId()]) - ->setAttribute('$write', ['user:' . $user->getId()])); + ->setAttribute('$permissions', [ + 'read(user: ' . $user->getId() . ')', + 'write(user:' . $user->getId() . ')', + ])); $dbForProject->deleteCachedDocument('users', $user->getId()); @@ -783,8 +793,10 @@ App::put('/v1/account/sessions/magic-url') Authorization::setRole('user:' . $user->getId()); $session = $dbForProject->createDocument('sessions', $session - ->setAttribute('$read', ['user:' . $user->getId()]) - ->setAttribute('$write', ['user:' . $user->getId()])); + ->setAttribute('$permissions', [ + 'read(user: ' . $user->getId() . ')', + 'write(user:' . $user->getId() . ')', + ])); $dbForProject->deleteCachedDocument('users', $user->getId()); @@ -884,8 +896,10 @@ App::post('/v1/account/sessions/phone') $user = Authorization::skip(fn () => $dbForProject->createDocument('users', new Document([ '$id' => $userId, - '$read' => ['role:all'], - '$write' => ['user:' . $userId], + '$permissions' => [ + 'read(any)', + 'write(user:' . $userId . ')' + ], 'email' => null, 'phone' => $number, 'emailVerification' => false, @@ -921,8 +935,10 @@ App::post('/v1/account/sessions/phone') Authorization::setRole('user:' . $user->getId()); $token = $dbForProject->createDocument('tokens', $token - ->setAttribute('$read', ['user:' . $user->getId()]) - ->setAttribute('$write', ['user:' . $user->getId()])); + ->setAttribute('$permissions', [ + 'read(user: ' . $user->getId() . ')', + 'write(user:' . $user->getId() . ')' + ])); $dbForProject->deleteCachedDocument('users', $user->getId()); @@ -1013,8 +1029,10 @@ App::put('/v1/account/sessions/phone') Authorization::setRole('user:' . $user->getId()); $session = $dbForProject->createDocument('sessions', $session - ->setAttribute('$read', ['user:' . $user->getId()]) - ->setAttribute('$write', ['user:' . $user->getId()])); + ->setAttribute('$permissions', [ + 'read(user: ' . $user->getId() . ')', + 'write(user:' . $user->getId() . ')' + ])); $dbForProject->deleteCachedDocument('users', $user->getId()); @@ -1112,8 +1130,10 @@ App::post('/v1/account/sessions/anonymous') $userId = $dbForProject->getId(); $user = Authorization::skip(fn() => $dbForProject->createDocument('users', new Document([ '$id' => $userId, - '$read' => ['role:all'], - '$write' => ['user:' . $userId], + '$permissions' => [ + 'read(any)', + 'write(user:' . $userId . ')' + ], 'email' => null, 'emailVerification' => false, 'status' => true, @@ -1155,8 +1175,10 @@ App::post('/v1/account/sessions/anonymous') Authorization::setRole('user:' . $user->getId()); $session = $dbForProject->createDocument('sessions', $session - ->setAttribute('$read', ['user:' . $user->getId()]) - ->setAttribute('$write', ['user:' . $user->getId()])); + -->setAttribute('$permissions', [ + 'read(user: ' . $user->getId() . ')', + 'write(user:' . $user->getId() . ')' + ])); $dbForProject->deleteCachedDocument('users', $user->getId()); @@ -1979,8 +2001,10 @@ App::post('/v1/account/recovery') Authorization::setRole('user:' . $profile->getId()); $recovery = $dbForProject->createDocument('tokens', $recovery - ->setAttribute('$read', ['user:' . $profile->getId()]) - ->setAttribute('$write', ['user:' . $profile->getId()])); + ->setAttribute('$permissions', [ + 'read(user: ' . $profile->getId() . ')', + 'write(user: ' . $profile->getId() . ')', + ])); $dbForProject->deleteCachedDocument('users', $profile->getId()); @@ -2140,8 +2164,10 @@ App::post('/v1/account/verification') Authorization::setRole('user:' . $user->getId()); $verification = $dbForProject->createDocument('tokens', $verification - ->setAttribute('$read', ['user:' . $user->getId()]) - ->setAttribute('$write', ['user:' . $user->getId()])); + ->setAttribute('$permissions', [ + 'read(user: ' . $user->getId() . ')', + 'write(user: ' . $user->getId() . ')', + ])); $dbForProject->deleteCachedDocument('users', $user->getId()); @@ -2295,8 +2321,10 @@ App::post('/v1/account/verification/phone') Authorization::setRole('user:' . $user->getId()); $verification = $dbForProject->createDocument('tokens', $verification - ->setAttribute('$read', ['user:' . $user->getId()]) - ->setAttribute('$write', ['user:' . $user->getId()])); + ->setAttribute('$permissions', [ + 'read(user: ' . $user->getId() . ')', + 'write(user: ' . $user->getId() . ')', + ])); $dbForProject->deleteCachedDocument('users', $user->getId()); diff --git a/app/controllers/api/functions.php b/app/controllers/api/functions.php index 21b827042d..0b7e0c57bc 100644 --- a/app/controllers/api/functions.php +++ b/app/controllers/api/functions.php @@ -569,8 +569,10 @@ App::post('/v1/functions/:functionId/deployments') if ($deployment->isEmpty()) { $deployment = $dbForProject->createDocument('deployments', new Document([ '$id' => $deploymentId, - '$read' => ['role:all'], - '$write' => ['role:all'], + '$permissions' => [ + 'read(any)', + 'write(any)' + ], 'resourceId' => $function->getId(), 'resourceType' => 'functions', 'entrypoint' => $entrypoint, @@ -598,8 +600,10 @@ App::post('/v1/functions/:functionId/deployments') if ($deployment->isEmpty()) { $deployment = $dbForProject->createDocument('deployments', new Document([ '$id' => $deploymentId, - '$read' => ['role:all'], - '$write' => ['role:all'], + '$permissions' => [ + 'read(any)', + 'write(any)' + ], 'resourceId' => $function->getId(), 'resourceType' => 'functions', 'entrypoint' => $entrypoint, @@ -854,8 +858,7 @@ App::post('/v1/functions/:functionId/executions') /** @var Document $execution */ $execution = Authorization::skip(fn () => $dbForProject->createDocument('executions', new Document([ '$id' => $executionId, - '$read' => (!$user->isEmpty()) ? ['user:' . $user->getId()] : [], - '$write' => [], + '$permissions' => !$user->isEmpty() ? ['read(user:' . $user->getId() . ')'] : [], 'functionId' => $function->getId(), 'deploymentId' => $deployment->getId(), 'trigger' => 'http', // http / schedule / event diff --git a/app/controllers/api/projects.php b/app/controllers/api/projects.php index 86996f4a58..89e606de47 100644 --- a/app/controllers/api/projects.php +++ b/app/controllers/api/projects.php @@ -85,8 +85,10 @@ App::post('/v1/projects') $project = $dbForConsole->createDocument('projects', new Document([ '$id' => $projectId, - '$read' => ['team:' . $teamId], - '$write' => ['team:' . $teamId . '/owner', 'team:' . $teamId . '/developer'], + '$permissions' => [ + 'read(team:' . $teamId . ')', + 'write(team:' . $teamId . '/owner, team:' . $teamId . '/developer)', + ], 'name' => $name, 'teamInternalId' => $team->getInternalId(), 'teamId' => $team->getId(), @@ -588,8 +590,10 @@ App::post('/v1/projects/:projectId/webhooks') $webhook = new Document([ '$id' => $dbForConsole->getId(), - '$read' => ['role:all'], - '$write' => ['role:all'], + '$permissions' => [ + 'read(any)', + 'write(any)', + ], 'projectInternalId' => $project->getInternalId(), 'projectId' => $project->getId(), 'name' => $name, @@ -832,8 +836,10 @@ App::post('/v1/projects/:projectId/keys') $key = new Document([ '$id' => $dbForConsole->getId(), - '$read' => ['role:all'], - '$write' => ['role:all'], + '$permissions' => [ + 'read(any)', + 'write(any)', + ], 'projectInternalId' => $project->getInternalId(), 'projectId' => $project->getId(), 'name' => $name, @@ -1028,8 +1034,10 @@ App::post('/v1/projects/:projectId/platforms') $platform = new Document([ '$id' => $dbForConsole->getId(), - '$read' => ['role:all'], - '$write' => ['role:all'], + '$permissions' => [ + 'read(any)', + 'write(any)', + ], 'projectInternalId' => $project->getInternalId(), 'projectId' => $project->getId(), 'type' => $type, @@ -1240,8 +1248,10 @@ App::post('/v1/projects/:projectId/domains') $domain = new Document([ '$id' => $dbForConsole->getId(), - '$read' => ['role:all'], - '$write' => ['role:all'], + '$permissions' => [ + 'read(any)', + 'write(any)', + ], 'projectInternalId' => $project->getInternalId(), 'projectId' => $project->getId(), 'updated' => \time(), diff --git a/app/controllers/api/teams.php b/app/controllers/api/teams.php index 383bcac149..f0699b31d4 100644 --- a/app/controllers/api/teams.php +++ b/app/controllers/api/teams.php @@ -59,8 +59,10 @@ App::post('/v1/teams') $teamId = $teamId == 'unique()' ? $dbForProject->getId() : $teamId; $team = Authorization::skip(fn() => $dbForProject->createDocument('teams', new Document([ '$id' => $teamId , - '$read' => ['team:' . $teamId], - '$write' => ['team:' . $teamId . '/owner'], + '$permissions' => [ + "read(team:{$teamId}", + "write(team:{$teamId}/owner)", + ], 'name' => $name, 'total' => ($isPrivilegedUser || $isAppUser) ? 0 : 1, 'search' => implode(' ', [$teamId, $name]), @@ -70,8 +72,10 @@ App::post('/v1/teams') $membershipId = $dbForProject->getId(); $membership = new Document([ '$id' => $membershipId, - '$read' => ['user:' . $user->getId(), 'team:' . $team->getId()], - '$write' => ['user:' . $user->getId(), 'team:' . $team->getId() . '/owner'], + '$permissions' => [ + "read(user:{$user->getId()}, team:{$team->getId()})", + "write(user:{$user->getId()}, team:{$team->getId()}/owner)", + ], 'userId' => $user->getId(), 'userInternalId' => $user->getInternalId(), 'teamId' => $team->getId(), @@ -328,8 +332,10 @@ App::post('/v1/teams/:teamId/memberships') $userId = $dbForProject->getId(); $invitee = Authorization::skip(fn() => $dbForProject->createDocument('users', new Document([ '$id' => $userId, - '$read' => ['user:' . $userId, 'role:all'], - '$write' => ['user:' . $userId], + '$permissions' => [ + 'read(any, user:' . $userId . ')', + 'write(user:' . $userId . ')', + ], 'email' => $email, 'emailVerification' => false, 'status' => true, @@ -365,8 +371,10 @@ App::post('/v1/teams/:teamId/memberships') $membershipId = $dbForProject->getId(); $membership = new Document([ '$id' => $membershipId, - '$read' => ['role:all'], - '$write' => ['user:' . $invitee->getId(), 'team:' . $team->getId() . '/owner'], + '$permissions' => [ + 'read(any)', + 'write(user: ' . $invitee->getId() . ', team:' . $team->getId() . '/owner)', + ], 'userId' => $invitee->getId(), 'userInternalId' => $invitee->getInternalId(), 'teamId' => $team->getId(), @@ -716,8 +724,10 @@ App::patch('/v1/teams/:teamId/memberships/:membershipId/status') ], $detector->getOS(), $detector->getClient(), $detector->getDevice())); $session = $dbForProject->createDocument('sessions', $session - ->setAttribute('$read', ['user:' . $user->getId()]) - ->setAttribute('$write', ['user:' . $user->getId()])); + ->setAttribute('$permissions', [ + 'read(user: ' . $user->getId() . ')', + 'write(user: ' . $user->getId() . ')', + ])); $dbForProject->deleteCachedDocument('users', $user->getId()); diff --git a/app/controllers/api/users.php b/app/controllers/api/users.php index 8845db4810..65be0bdd48 100644 --- a/app/controllers/api/users.php +++ b/app/controllers/api/users.php @@ -57,8 +57,10 @@ App::post('/v1/users') $userId = $userId == 'unique()' ? $dbForProject->getId() : $userId; $user = $dbForProject->createDocument('users', new Document([ '$id' => $userId, - '$read' => ['role:all'], - '$write' => ['user:' . $userId], + '$permissions' => [ + 'read(any)', + 'write(user:' . $userId . ')', + ], 'email' => $email, 'emailVerification' => false, 'status' => true, diff --git a/app/workers/builds.php b/app/workers/builds.php index 2d2f66bb72..271e2967d4 100644 --- a/app/workers/builds.php +++ b/app/workers/builds.php @@ -81,8 +81,7 @@ class BuildsV1 extends Worker $buildId = $dbForProject->getId(); $build = $dbForProject->createDocument('builds', new Document([ '$id' => $buildId, - '$read' => [], - '$write' => [], + '$permissions' => [], 'startTime' => $startTime, 'deploymentId' => $deployment->getId(), 'status' => 'processing', diff --git a/app/workers/functions.php b/app/workers/functions.php index 55d71ef368..112c47ca0a 100644 --- a/app/workers/functions.php +++ b/app/workers/functions.php @@ -237,8 +237,7 @@ class FunctionsV1 extends Worker $executionId = $dbForProject->getId(); $execution = $dbForProject->createDocument('executions', new Document([ '$id' => $executionId, - '$read' => $user->isEmpty() ? [] : ['user:' . $user->getId()], - '$write' => [], + '$permissions' => $user->isEmpty() ? [] : ['read(user:' . $user->getId() . ')'], 'functionId' => $functionId, 'deploymentId' => $deploymentId, 'trigger' => $trigger, diff --git a/src/Appwrite/Utopia/Response/Model/Execution.php b/src/Appwrite/Utopia/Response/Model/Execution.php index e4e4be696a..cb4ce9c200 100644 --- a/src/Appwrite/Utopia/Response/Model/Execution.php +++ b/src/Appwrite/Utopia/Response/Model/Execution.php @@ -28,9 +28,9 @@ class Execution extends Model 'default' => 0, 'example' => 1592981250, ]) - ->addRule('$read', [ + ->addRule('$permissions', [ 'type' => self::TYPE_STRING, - 'description' => 'Execution read permissions.', + 'description' => 'Execution permissions.', 'default' => '', 'example' => 'role:all', 'array' => true, diff --git a/tests/e2e/Services/Webhooks/WebhooksBase.php b/tests/e2e/Services/Webhooks/WebhooksBase.php index c1647b6e87..bb958791c9 100644 --- a/tests/e2e/Services/Webhooks/WebhooksBase.php +++ b/tests/e2e/Services/Webhooks/WebhooksBase.php @@ -67,10 +67,8 @@ trait WebhooksBase $this->assertEquals(empty($webhook['headers']['X-Appwrite-Webhook-User-Id'] ?? ''), true); $this->assertNotEmpty($webhook['data']['$id']); $this->assertEquals($webhook['data']['name'], 'Actors'); - $this->assertIsArray($webhook['data']['$read']); - $this->assertIsArray($webhook['data']['$write']); - $this->assertCount(1, $webhook['data']['$read']); - $this->assertCount(1, $webhook['data']['$write']); + $this->assertIsArray($webhook['data']['$permissions']); + $this->assertCount(2, $webhook['data']['$permissions']); return array_merge(['actorsId' => $actorsId, 'databaseId' => $databaseId]); } @@ -224,10 +222,8 @@ trait WebhooksBase $this->assertNotEmpty($webhook['data']['$id']); $this->assertEquals($webhook['data']['firstName'], 'Chris'); $this->assertEquals($webhook['data']['lastName'], 'Evans'); - $this->assertIsArray($webhook['data']['$read']); - $this->assertIsArray($webhook['data']['$write']); - $this->assertCount(1, $webhook['data']['$read']); - $this->assertCount(1, $webhook['data']['$write']); + $this->assertIsArray($webhook['data']['$permissions']); + $this->assertCount(2, $webhook['data']['$permissions']); $data['documentId'] = $document['body']['$id']; @@ -285,10 +281,8 @@ trait WebhooksBase $this->assertNotEmpty($webhook['data']['$id']); $this->assertEquals($webhook['data']['firstName'], 'Chris1'); $this->assertEquals($webhook['data']['lastName'], 'Evans2'); - $this->assertIsArray($webhook['data']['$read']); - $this->assertIsArray($webhook['data']['$write']); - $this->assertCount(1, $webhook['data']['$read']); - $this->assertCount(1, $webhook['data']['$write']); + $this->assertIsArray($webhook['data']['$permissions']); + $this->assertCount(2, $webhook['data']['$permissions']); return $data; } @@ -353,10 +347,8 @@ trait WebhooksBase $this->assertNotEmpty($webhook['data']['$id']); $this->assertEquals($webhook['data']['firstName'], 'Bradly'); $this->assertEquals($webhook['data']['lastName'], 'Cooper'); - $this->assertIsArray($webhook['data']['$read']); - $this->assertIsArray($webhook['data']['$write']); - $this->assertCount(1, $webhook['data']['$read']); - $this->assertCount(1, $webhook['data']['$write']); + $this->assertIsArray($webhook['data']['$permissions']); + $this->assertCount(2, $webhook['data']['$permissions']); return $data; } @@ -401,8 +393,7 @@ trait WebhooksBase $this->assertNotEmpty($webhook['data']['$id']); $this->assertEquals('Test Bucket', $webhook['data']['name']); $this->assertEquals(true, $webhook['data']['enabled']); - $this->assertIsArray($webhook['data']['$read']); - $this->assertIsArray($webhook['data']['$write']); + $this->assertIsArray($webhook['data']['$permissions']); return array_merge(['bucketId' => $bucketId]); } @@ -447,8 +438,7 @@ trait WebhooksBase $this->assertNotEmpty($webhook['data']['$id']); $this->assertEquals('Test Bucket Updated', $webhook['data']['name']); $this->assertEquals(false, $webhook['data']['enabled']); - $this->assertIsArray($webhook['data']['$read']); - $this->assertIsArray($webhook['data']['$write']); + $this->assertIsArray($webhook['data']['$permissions']); return array_merge(['bucketId' => $bucket['body']['$id']]); } @@ -512,8 +502,7 @@ trait WebhooksBase $this->assertEquals($webhook['headers']['X-Appwrite-Webhook-Project-Id'] ?? '', $this->getProject()['$id']); $this->assertEquals(empty($webhook['headers']['X-Appwrite-Webhook-User-Id'] ?? ''), ('server' === $this->getSide())); $this->assertNotEmpty($webhook['data']['$id']); - $this->assertIsArray($webhook['data']['$read']); - $this->assertIsArray($webhook['data']['$write']); + $this->assertIsArray($webhook['data']['$permissions']); $this->assertEquals($webhook['data']['name'], 'logo.png'); $this->assertIsInt($webhook['data']['$createdAt']); $this->assertNotEmpty($webhook['data']['signature']); @@ -568,8 +557,7 @@ trait WebhooksBase $this->assertEquals($webhook['headers']['X-Appwrite-Webhook-Project-Id'] ?? '', $this->getProject()['$id']); $this->assertEquals(empty($webhook['headers']['X-Appwrite-Webhook-User-Id'] ?? ''), ('server' === $this->getSide())); $this->assertNotEmpty($webhook['data']['$id']); - $this->assertIsArray($webhook['data']['$read']); - $this->assertIsArray($webhook['data']['$write']); + $this->assertIsArray($webhook['data']['$permissions']); $this->assertEquals($webhook['data']['name'], 'logo.png'); $this->assertIsInt($webhook['data']['$createdAt']); $this->assertNotEmpty($webhook['data']['signature']); @@ -619,8 +607,7 @@ trait WebhooksBase $this->assertEquals($webhook['headers']['X-Appwrite-Webhook-Project-Id'] ?? '', $this->getProject()['$id']); $this->assertEquals(empty($webhook['headers']['X-Appwrite-Webhook-User-Id'] ?? ''), ('server' === $this->getSide())); $this->assertNotEmpty($webhook['data']['$id']); - $this->assertIsArray($webhook['data']['$read']); - $this->assertIsArray($webhook['data']['$write']); + $this->assertIsArray($webhook['data']['$permissions']); $this->assertEquals($webhook['data']['name'], 'logo.png'); $this->assertIsInt($webhook['data']['$createdAt']); $this->assertNotEmpty($webhook['data']['signature']); @@ -665,8 +652,7 @@ trait WebhooksBase $this->assertNotEmpty($webhook['data']['$id']); $this->assertEquals('Test Bucket Updated', $webhook['data']['name']); $this->assertEquals(true, $webhook['data']['enabled']); - $this->assertIsArray($webhook['data']['$read']); - $this->assertIsArray($webhook['data']['$write']); + $this->assertIsArray($webhook['data']['$permissions']); } public function testCreateTeam(): array diff --git a/tests/e2e/Services/Webhooks/WebhooksCustomServerTest.php b/tests/e2e/Services/Webhooks/WebhooksCustomServerTest.php index c60e57f6af..503e216f87 100644 --- a/tests/e2e/Services/Webhooks/WebhooksCustomServerTest.php +++ b/tests/e2e/Services/Webhooks/WebhooksCustomServerTest.php @@ -54,10 +54,8 @@ class WebhooksCustomServerTest extends Scope $this->assertEquals(empty($webhook['headers']['X-Appwrite-Webhook-User-Id'] ?? ''), true); $this->assertNotEmpty($webhook['data']['$id']); $this->assertEquals($webhook['data']['name'], 'Actors1'); - $this->assertIsArray($webhook['data']['$read']); - $this->assertIsArray($webhook['data']['$write']); - $this->assertCount(1, $webhook['data']['$read']); - $this->assertCount(1, $webhook['data']['$write']); + $this->assertIsArray($webhook['data']['$permissions']); + $this->assertCount(2, $webhook['data']['$permissions']); return array_merge(['actorsId' => $actors['body']['$id']]); } @@ -193,10 +191,8 @@ class WebhooksCustomServerTest extends Scope $this->assertEquals(empty($webhook['headers']['X-Appwrite-Webhook-User-Id'] ?? ''), true); $this->assertNotEmpty($webhook['data']['$id']); $this->assertEquals($webhook['data']['name'], 'Demo'); - $this->assertIsArray($webhook['data']['$read']); - $this->assertIsArray($webhook['data']['$write']); - $this->assertCount(1, $webhook['data']['$read']); - $this->assertCount(1, $webhook['data']['$write']); + $this->assertIsArray($webhook['data']['$permissions']); + $this->assertCount(2, $webhook['data']['$permissions']); return []; } diff --git a/tests/unit/Messaging/MessagingTest.php b/tests/unit/Messaging/MessagingTest.php index dba684b323..18be4bb1fd 100644 --- a/tests/unit/Messaging/MessagingTest.php +++ b/tests/unit/Messaging/MessagingTest.php @@ -206,14 +206,17 @@ class MessagingTest extends TestCase payload: new Document([ '$id' => 'test', '$collection' => 'collection', - '$read' => ['role:admin'], - '$write' => ['role:admin'] + '$permissions' => [ + 'read(admin)', + 'write(admin)', + ], ]), collection: new Document([ '$id' => 'collection', - '$read' => ['role:all'], - '$write' => ['role:all'], - 'permission' => 'collection' + '$permissions' => [ + 'read(any)', + 'write(any)', + ], ]), database: new Document([ '$id' => 'database', @@ -231,14 +234,18 @@ class MessagingTest extends TestCase payload: new Document([ '$id' => 'test', '$collection' => 'collection', - '$read' => ['role:all'], - '$write' => ['role:all'] + '$permissions' => [ + 'read(any)', + 'write(any)', + ], ]), collection: new Document([ '$id' => 'collection', - '$read' => ['role:admin'], - '$write' => ['role:admin'], - 'permission' => 'document' + '$permissions' => [ + 'read(admin)', + 'write(admin)', + ], + 'documentSecurity' => true, ]), database: new Document([ '$id' => 'database', @@ -259,14 +266,17 @@ class MessagingTest extends TestCase payload: new Document([ '$id' => 'test', '$collection' => 'bucket', - '$read' => ['role:admin'], - '$write' => ['role:admin'] + '$permissions' => [ + 'read(admin)', + 'write(admin)', + ], ]), bucket: new Document([ '$id' => 'bucket', - '$read' => ['role:all'], - '$write' => ['role:all'], - 'permission' => 'bucket' + '$permissions' => [ + 'read(any)', + 'write(any)', + ], ]) ); @@ -281,14 +291,18 @@ class MessagingTest extends TestCase payload: new Document([ '$id' => 'test', '$collection' => 'bucket', - '$read' => ['role:all'], - '$write' => ['role:all'] + '$permissions' => [ + 'read(any)', + 'write(any)', + ], ]), bucket: new Document([ '$id' => 'bucket', - '$read' => ['role:admin'], - '$write' => ['role:admin'], - 'permission' => 'file' + '$permissions' => [ + 'read(admin)', + 'write(admin)', + ], + 'documentSecurity' => 'true' ]) );