Update remaining services to new permissions
This commit is contained in:
Jake Barnby
parent
4520114780
commit
ce38e74ba2
|
|
@ -96,8 +96,10 @@ App::post('/v1/account')
|
||||||
$userId = $userId == 'unique()' ? $dbForProject->getId() : $userId;
|
$userId = $userId == 'unique()' ? $dbForProject->getId() : $userId;
|
||||||
$user = Authorization::skip(fn() => $dbForProject->createDocument('users', new Document([
|
$user = Authorization::skip(fn() => $dbForProject->createDocument('users', new Document([
|
||||||
'$id' => $userId,
|
'$id' => $userId,
|
||||||
'$read' => ['role:all'],
|
'$permissions' => [
|
||||||
'$write' => ['user:' . $userId],
|
'read(any)',
|
||||||
|
'write(user:' . $userId . ')',
|
||||||
|
],
|
||||||
'email' => $email,
|
'email' => $email,
|
||||||
'emailVerification' => false,
|
'emailVerification' => false,
|
||||||
'status' => true,
|
'status' => true,
|
||||||
|
|
@ -198,9 +200,10 @@ App::post('/v1/account/sessions/email')
|
||||||
|
|
||||||
Authorization::setRole('user:' . $profile->getId());
|
Authorization::setRole('user:' . $profile->getId());
|
||||||
|
|
||||||
$session = $dbForProject->createDocument('sessions', $session
|
$session = $dbForProject->createDocument('sessions', $session->setAttribute('$permissions', [
|
||||||
->setAttribute('$read', ['user:' . $profile->getId()])
|
'read(user:' . $profile->getId() . ')',
|
||||||
->setAttribute('$write', ['user:' . $profile->getId()]));
|
'write(user:' . $profile->getId() . ')',
|
||||||
|
]));
|
||||||
|
|
||||||
$dbForProject->deleteCachedDocument('users', $profile->getId());
|
$dbForProject->deleteCachedDocument('users', $profile->getId());
|
||||||
|
|
||||||
|
|
@ -478,8 +481,10 @@ App::get('/v1/account/sessions/oauth2/:provider/redirect')
|
||||||
$userId = $dbForProject->getId();
|
$userId = $dbForProject->getId();
|
||||||
$user = Authorization::skip(fn() => $dbForProject->createDocument('users', new Document([
|
$user = Authorization::skip(fn() => $dbForProject->createDocument('users', new Document([
|
||||||
'$id' => $userId,
|
'$id' => $userId,
|
||||||
'$read' => ['role:all'],
|
'$permissions' => [
|
||||||
'$write' => ['user:' . $userId],
|
'read(any)',
|
||||||
|
'write(user:' . $userId . ')',
|
||||||
|
],
|
||||||
'email' => $email,
|
'email' => $email,
|
||||||
'emailVerification' => true,
|
'emailVerification' => true,
|
||||||
'status' => true, // Email should already be authenticated by OAuth2 provider
|
'status' => true, // Email should already be authenticated by OAuth2 provider
|
||||||
|
|
@ -542,9 +547,10 @@ App::get('/v1/account/sessions/oauth2/:provider/redirect')
|
||||||
|
|
||||||
$dbForProject->updateDocument('users', $user->getId(), $user);
|
$dbForProject->updateDocument('users', $user->getId(), $user);
|
||||||
|
|
||||||
$session = $dbForProject->createDocument('sessions', $session
|
$session = $dbForProject->createDocument('sessions', $session->setAttribute('$permissions', [
|
||||||
->setAttribute('$read', ['user:' . $user->getId()])
|
'read(user:' . $user->getId() . ')',
|
||||||
->setAttribute('$write', ['user:' . $user->getId()]));
|
'write(user:' . $user->getId() . ')',
|
||||||
|
]));
|
||||||
|
|
||||||
$dbForProject->deleteCachedDocument('users', $user->getId());
|
$dbForProject->deleteCachedDocument('users', $user->getId());
|
||||||
|
|
||||||
|
|
@ -643,8 +649,10 @@ App::post('/v1/account/sessions/magic-url')
|
||||||
|
|
||||||
$user = Authorization::skip(fn () => $dbForProject->createDocument('users', new Document([
|
$user = Authorization::skip(fn () => $dbForProject->createDocument('users', new Document([
|
||||||
'$id' => $userId,
|
'$id' => $userId,
|
||||||
'$read' => ['role:all'],
|
'$permissions' => [
|
||||||
'$write' => ['user:' . $userId],
|
'read(any)',
|
||||||
|
'write(user: ' . $userId . ')',
|
||||||
|
],
|
||||||
'email' => $email,
|
'email' => $email,
|
||||||
'emailVerification' => false,
|
'emailVerification' => false,
|
||||||
'status' => true,
|
'status' => true,
|
||||||
|
|
@ -678,8 +686,10 @@ App::post('/v1/account/sessions/magic-url')
|
||||||
Authorization::setRole('user:' . $user->getId());
|
Authorization::setRole('user:' . $user->getId());
|
||||||
|
|
||||||
$token = $dbForProject->createDocument('tokens', $token
|
$token = $dbForProject->createDocument('tokens', $token
|
||||||
->setAttribute('$read', ['user:' . $user->getId()])
|
->setAttribute('$permissions', [
|
||||||
->setAttribute('$write', ['user:' . $user->getId()]));
|
'read(user: ' . $user->getId() . ')',
|
||||||
|
'write(user:' . $user->getId() . ')',
|
||||||
|
]));
|
||||||
|
|
||||||
$dbForProject->deleteCachedDocument('users', $user->getId());
|
$dbForProject->deleteCachedDocument('users', $user->getId());
|
||||||
|
|
||||||
|
|
@ -783,8 +793,10 @@ App::put('/v1/account/sessions/magic-url')
|
||||||
Authorization::setRole('user:' . $user->getId());
|
Authorization::setRole('user:' . $user->getId());
|
||||||
|
|
||||||
$session = $dbForProject->createDocument('sessions', $session
|
$session = $dbForProject->createDocument('sessions', $session
|
||||||
->setAttribute('$read', ['user:' . $user->getId()])
|
->setAttribute('$permissions', [
|
||||||
->setAttribute('$write', ['user:' . $user->getId()]));
|
'read(user: ' . $user->getId() . ')',
|
||||||
|
'write(user:' . $user->getId() . ')',
|
||||||
|
]));
|
||||||
|
|
||||||
$dbForProject->deleteCachedDocument('users', $user->getId());
|
$dbForProject->deleteCachedDocument('users', $user->getId());
|
||||||
|
|
||||||
|
|
@ -884,8 +896,10 @@ App::post('/v1/account/sessions/phone')
|
||||||
|
|
||||||
$user = Authorization::skip(fn () => $dbForProject->createDocument('users', new Document([
|
$user = Authorization::skip(fn () => $dbForProject->createDocument('users', new Document([
|
||||||
'$id' => $userId,
|
'$id' => $userId,
|
||||||
'$read' => ['role:all'],
|
'$permissions' => [
|
||||||
'$write' => ['user:' . $userId],
|
'read(any)',
|
||||||
|
'write(user:' . $userId . ')'
|
||||||
|
],
|
||||||
'email' => null,
|
'email' => null,
|
||||||
'phone' => $number,
|
'phone' => $number,
|
||||||
'emailVerification' => false,
|
'emailVerification' => false,
|
||||||
|
|
@ -921,8 +935,10 @@ App::post('/v1/account/sessions/phone')
|
||||||
Authorization::setRole('user:' . $user->getId());
|
Authorization::setRole('user:' . $user->getId());
|
||||||
|
|
||||||
$token = $dbForProject->createDocument('tokens', $token
|
$token = $dbForProject->createDocument('tokens', $token
|
||||||
->setAttribute('$read', ['user:' . $user->getId()])
|
->setAttribute('$permissions', [
|
||||||
->setAttribute('$write', ['user:' . $user->getId()]));
|
'read(user: ' . $user->getId() . ')',
|
||||||
|
'write(user:' . $user->getId() . ')'
|
||||||
|
]));
|
||||||
|
|
||||||
$dbForProject->deleteCachedDocument('users', $user->getId());
|
$dbForProject->deleteCachedDocument('users', $user->getId());
|
||||||
|
|
||||||
|
|
@ -1013,8 +1029,10 @@ App::put('/v1/account/sessions/phone')
|
||||||
Authorization::setRole('user:' . $user->getId());
|
Authorization::setRole('user:' . $user->getId());
|
||||||
|
|
||||||
$session = $dbForProject->createDocument('sessions', $session
|
$session = $dbForProject->createDocument('sessions', $session
|
||||||
->setAttribute('$read', ['user:' . $user->getId()])
|
->setAttribute('$permissions', [
|
||||||
->setAttribute('$write', ['user:' . $user->getId()]));
|
'read(user: ' . $user->getId() . ')',
|
||||||
|
'write(user:' . $user->getId() . ')'
|
||||||
|
]));
|
||||||
|
|
||||||
$dbForProject->deleteCachedDocument('users', $user->getId());
|
$dbForProject->deleteCachedDocument('users', $user->getId());
|
||||||
|
|
||||||
|
|
@ -1112,8 +1130,10 @@ App::post('/v1/account/sessions/anonymous')
|
||||||
$userId = $dbForProject->getId();
|
$userId = $dbForProject->getId();
|
||||||
$user = Authorization::skip(fn() => $dbForProject->createDocument('users', new Document([
|
$user = Authorization::skip(fn() => $dbForProject->createDocument('users', new Document([
|
||||||
'$id' => $userId,
|
'$id' => $userId,
|
||||||
'$read' => ['role:all'],
|
'$permissions' => [
|
||||||
'$write' => ['user:' . $userId],
|
'read(any)',
|
||||||
|
'write(user:' . $userId . ')'
|
||||||
|
],
|
||||||
'email' => null,
|
'email' => null,
|
||||||
'emailVerification' => false,
|
'emailVerification' => false,
|
||||||
'status' => true,
|
'status' => true,
|
||||||
|
|
@ -1155,8 +1175,10 @@ App::post('/v1/account/sessions/anonymous')
|
||||||
Authorization::setRole('user:' . $user->getId());
|
Authorization::setRole('user:' . $user->getId());
|
||||||
|
|
||||||
$session = $dbForProject->createDocument('sessions', $session
|
$session = $dbForProject->createDocument('sessions', $session
|
||||||
->setAttribute('$read', ['user:' . $user->getId()])
|
-->setAttribute('$permissions', [
|
||||||
->setAttribute('$write', ['user:' . $user->getId()]));
|
'read(user: ' . $user->getId() . ')',
|
||||||
|
'write(user:' . $user->getId() . ')'
|
||||||
|
]));
|
||||||
|
|
||||||
$dbForProject->deleteCachedDocument('users', $user->getId());
|
$dbForProject->deleteCachedDocument('users', $user->getId());
|
||||||
|
|
||||||
|
|
@ -1979,8 +2001,10 @@ App::post('/v1/account/recovery')
|
||||||
Authorization::setRole('user:' . $profile->getId());
|
Authorization::setRole('user:' . $profile->getId());
|
||||||
|
|
||||||
$recovery = $dbForProject->createDocument('tokens', $recovery
|
$recovery = $dbForProject->createDocument('tokens', $recovery
|
||||||
->setAttribute('$read', ['user:' . $profile->getId()])
|
->setAttribute('$permissions', [
|
||||||
->setAttribute('$write', ['user:' . $profile->getId()]));
|
'read(user: ' . $profile->getId() . ')',
|
||||||
|
'write(user: ' . $profile->getId() . ')',
|
||||||
|
]));
|
||||||
|
|
||||||
$dbForProject->deleteCachedDocument('users', $profile->getId());
|
$dbForProject->deleteCachedDocument('users', $profile->getId());
|
||||||
|
|
||||||
|
|
@ -2140,8 +2164,10 @@ App::post('/v1/account/verification')
|
||||||
Authorization::setRole('user:' . $user->getId());
|
Authorization::setRole('user:' . $user->getId());
|
||||||
|
|
||||||
$verification = $dbForProject->createDocument('tokens', $verification
|
$verification = $dbForProject->createDocument('tokens', $verification
|
||||||
->setAttribute('$read', ['user:' . $user->getId()])
|
->setAttribute('$permissions', [
|
||||||
->setAttribute('$write', ['user:' . $user->getId()]));
|
'read(user: ' . $user->getId() . ')',
|
||||||
|
'write(user: ' . $user->getId() . ')',
|
||||||
|
]));
|
||||||
|
|
||||||
$dbForProject->deleteCachedDocument('users', $user->getId());
|
$dbForProject->deleteCachedDocument('users', $user->getId());
|
||||||
|
|
||||||
|
|
@ -2295,8 +2321,10 @@ App::post('/v1/account/verification/phone')
|
||||||
Authorization::setRole('user:' . $user->getId());
|
Authorization::setRole('user:' . $user->getId());
|
||||||
|
|
||||||
$verification = $dbForProject->createDocument('tokens', $verification
|
$verification = $dbForProject->createDocument('tokens', $verification
|
||||||
->setAttribute('$read', ['user:' . $user->getId()])
|
->setAttribute('$permissions', [
|
||||||
->setAttribute('$write', ['user:' . $user->getId()]));
|
'read(user: ' . $user->getId() . ')',
|
||||||
|
'write(user: ' . $user->getId() . ')',
|
||||||
|
]));
|
||||||
|
|
||||||
$dbForProject->deleteCachedDocument('users', $user->getId());
|
$dbForProject->deleteCachedDocument('users', $user->getId());
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -569,8 +569,10 @@ App::post('/v1/functions/:functionId/deployments')
|
||||||
if ($deployment->isEmpty()) {
|
if ($deployment->isEmpty()) {
|
||||||
$deployment = $dbForProject->createDocument('deployments', new Document([
|
$deployment = $dbForProject->createDocument('deployments', new Document([
|
||||||
'$id' => $deploymentId,
|
'$id' => $deploymentId,
|
||||||
'$read' => ['role:all'],
|
'$permissions' => [
|
||||||
'$write' => ['role:all'],
|
'read(any)',
|
||||||
|
'write(any)'
|
||||||
|
],
|
||||||
'resourceId' => $function->getId(),
|
'resourceId' => $function->getId(),
|
||||||
'resourceType' => 'functions',
|
'resourceType' => 'functions',
|
||||||
'entrypoint' => $entrypoint,
|
'entrypoint' => $entrypoint,
|
||||||
|
|
@ -598,8 +600,10 @@ App::post('/v1/functions/:functionId/deployments')
|
||||||
if ($deployment->isEmpty()) {
|
if ($deployment->isEmpty()) {
|
||||||
$deployment = $dbForProject->createDocument('deployments', new Document([
|
$deployment = $dbForProject->createDocument('deployments', new Document([
|
||||||
'$id' => $deploymentId,
|
'$id' => $deploymentId,
|
||||||
'$read' => ['role:all'],
|
'$permissions' => [
|
||||||
'$write' => ['role:all'],
|
'read(any)',
|
||||||
|
'write(any)'
|
||||||
|
],
|
||||||
'resourceId' => $function->getId(),
|
'resourceId' => $function->getId(),
|
||||||
'resourceType' => 'functions',
|
'resourceType' => 'functions',
|
||||||
'entrypoint' => $entrypoint,
|
'entrypoint' => $entrypoint,
|
||||||
|
|
@ -854,8 +858,7 @@ App::post('/v1/functions/:functionId/executions')
|
||||||
/** @var Document $execution */
|
/** @var Document $execution */
|
||||||
$execution = Authorization::skip(fn () => $dbForProject->createDocument('executions', new Document([
|
$execution = Authorization::skip(fn () => $dbForProject->createDocument('executions', new Document([
|
||||||
'$id' => $executionId,
|
'$id' => $executionId,
|
||||||
'$read' => (!$user->isEmpty()) ? ['user:' . $user->getId()] : [],
|
'$permissions' => !$user->isEmpty() ? ['read(user:' . $user->getId() . ')'] : [],
|
||||||
'$write' => [],
|
|
||||||
'functionId' => $function->getId(),
|
'functionId' => $function->getId(),
|
||||||
'deploymentId' => $deployment->getId(),
|
'deploymentId' => $deployment->getId(),
|
||||||
'trigger' => 'http', // http / schedule / event
|
'trigger' => 'http', // http / schedule / event
|
||||||
|
|
|
||||||
|
|
@ -85,8 +85,10 @@ App::post('/v1/projects')
|
||||||
|
|
||||||
$project = $dbForConsole->createDocument('projects', new Document([
|
$project = $dbForConsole->createDocument('projects', new Document([
|
||||||
'$id' => $projectId,
|
'$id' => $projectId,
|
||||||
'$read' => ['team:' . $teamId],
|
'$permissions' => [
|
||||||
'$write' => ['team:' . $teamId . '/owner', 'team:' . $teamId . '/developer'],
|
'read(team:' . $teamId . ')',
|
||||||
|
'write(team:' . $teamId . '/owner, team:' . $teamId . '/developer)',
|
||||||
|
],
|
||||||
'name' => $name,
|
'name' => $name,
|
||||||
'teamInternalId' => $team->getInternalId(),
|
'teamInternalId' => $team->getInternalId(),
|
||||||
'teamId' => $team->getId(),
|
'teamId' => $team->getId(),
|
||||||
|
|
@ -588,8 +590,10 @@ App::post('/v1/projects/:projectId/webhooks')
|
||||||
|
|
||||||
$webhook = new Document([
|
$webhook = new Document([
|
||||||
'$id' => $dbForConsole->getId(),
|
'$id' => $dbForConsole->getId(),
|
||||||
'$read' => ['role:all'],
|
'$permissions' => [
|
||||||
'$write' => ['role:all'],
|
'read(any)',
|
||||||
|
'write(any)',
|
||||||
|
],
|
||||||
'projectInternalId' => $project->getInternalId(),
|
'projectInternalId' => $project->getInternalId(),
|
||||||
'projectId' => $project->getId(),
|
'projectId' => $project->getId(),
|
||||||
'name' => $name,
|
'name' => $name,
|
||||||
|
|
@ -832,8 +836,10 @@ App::post('/v1/projects/:projectId/keys')
|
||||||
|
|
||||||
$key = new Document([
|
$key = new Document([
|
||||||
'$id' => $dbForConsole->getId(),
|
'$id' => $dbForConsole->getId(),
|
||||||
'$read' => ['role:all'],
|
'$permissions' => [
|
||||||
'$write' => ['role:all'],
|
'read(any)',
|
||||||
|
'write(any)',
|
||||||
|
],
|
||||||
'projectInternalId' => $project->getInternalId(),
|
'projectInternalId' => $project->getInternalId(),
|
||||||
'projectId' => $project->getId(),
|
'projectId' => $project->getId(),
|
||||||
'name' => $name,
|
'name' => $name,
|
||||||
|
|
@ -1028,8 +1034,10 @@ App::post('/v1/projects/:projectId/platforms')
|
||||||
|
|
||||||
$platform = new Document([
|
$platform = new Document([
|
||||||
'$id' => $dbForConsole->getId(),
|
'$id' => $dbForConsole->getId(),
|
||||||
'$read' => ['role:all'],
|
'$permissions' => [
|
||||||
'$write' => ['role:all'],
|
'read(any)',
|
||||||
|
'write(any)',
|
||||||
|
],
|
||||||
'projectInternalId' => $project->getInternalId(),
|
'projectInternalId' => $project->getInternalId(),
|
||||||
'projectId' => $project->getId(),
|
'projectId' => $project->getId(),
|
||||||
'type' => $type,
|
'type' => $type,
|
||||||
|
|
@ -1240,8 +1248,10 @@ App::post('/v1/projects/:projectId/domains')
|
||||||
|
|
||||||
$domain = new Document([
|
$domain = new Document([
|
||||||
'$id' => $dbForConsole->getId(),
|
'$id' => $dbForConsole->getId(),
|
||||||
'$read' => ['role:all'],
|
'$permissions' => [
|
||||||
'$write' => ['role:all'],
|
'read(any)',
|
||||||
|
'write(any)',
|
||||||
|
],
|
||||||
'projectInternalId' => $project->getInternalId(),
|
'projectInternalId' => $project->getInternalId(),
|
||||||
'projectId' => $project->getId(),
|
'projectId' => $project->getId(),
|
||||||
'updated' => \time(),
|
'updated' => \time(),
|
||||||
|
|
|
||||||
|
|
@ -59,8 +59,10 @@ App::post('/v1/teams')
|
||||||
$teamId = $teamId == 'unique()' ? $dbForProject->getId() : $teamId;
|
$teamId = $teamId == 'unique()' ? $dbForProject->getId() : $teamId;
|
||||||
$team = Authorization::skip(fn() => $dbForProject->createDocument('teams', new Document([
|
$team = Authorization::skip(fn() => $dbForProject->createDocument('teams', new Document([
|
||||||
'$id' => $teamId ,
|
'$id' => $teamId ,
|
||||||
'$read' => ['team:' . $teamId],
|
'$permissions' => [
|
||||||
'$write' => ['team:' . $teamId . '/owner'],
|
"read(team:{$teamId}",
|
||||||
|
"write(team:{$teamId}/owner)",
|
||||||
|
],
|
||||||
'name' => $name,
|
'name' => $name,
|
||||||
'total' => ($isPrivilegedUser || $isAppUser) ? 0 : 1,
|
'total' => ($isPrivilegedUser || $isAppUser) ? 0 : 1,
|
||||||
'search' => implode(' ', [$teamId, $name]),
|
'search' => implode(' ', [$teamId, $name]),
|
||||||
|
|
@ -70,8 +72,10 @@ App::post('/v1/teams')
|
||||||
$membershipId = $dbForProject->getId();
|
$membershipId = $dbForProject->getId();
|
||||||
$membership = new Document([
|
$membership = new Document([
|
||||||
'$id' => $membershipId,
|
'$id' => $membershipId,
|
||||||
'$read' => ['user:' . $user->getId(), 'team:' . $team->getId()],
|
'$permissions' => [
|
||||||
'$write' => ['user:' . $user->getId(), 'team:' . $team->getId() . '/owner'],
|
"read(user:{$user->getId()}, team:{$team->getId()})",
|
||||||
|
"write(user:{$user->getId()}, team:{$team->getId()}/owner)",
|
||||||
|
],
|
||||||
'userId' => $user->getId(),
|
'userId' => $user->getId(),
|
||||||
'userInternalId' => $user->getInternalId(),
|
'userInternalId' => $user->getInternalId(),
|
||||||
'teamId' => $team->getId(),
|
'teamId' => $team->getId(),
|
||||||
|
|
@ -328,8 +332,10 @@ App::post('/v1/teams/:teamId/memberships')
|
||||||
$userId = $dbForProject->getId();
|
$userId = $dbForProject->getId();
|
||||||
$invitee = Authorization::skip(fn() => $dbForProject->createDocument('users', new Document([
|
$invitee = Authorization::skip(fn() => $dbForProject->createDocument('users', new Document([
|
||||||
'$id' => $userId,
|
'$id' => $userId,
|
||||||
'$read' => ['user:' . $userId, 'role:all'],
|
'$permissions' => [
|
||||||
'$write' => ['user:' . $userId],
|
'read(any, user:' . $userId . ')',
|
||||||
|
'write(user:' . $userId . ')',
|
||||||
|
],
|
||||||
'email' => $email,
|
'email' => $email,
|
||||||
'emailVerification' => false,
|
'emailVerification' => false,
|
||||||
'status' => true,
|
'status' => true,
|
||||||
|
|
@ -365,8 +371,10 @@ App::post('/v1/teams/:teamId/memberships')
|
||||||
$membershipId = $dbForProject->getId();
|
$membershipId = $dbForProject->getId();
|
||||||
$membership = new Document([
|
$membership = new Document([
|
||||||
'$id' => $membershipId,
|
'$id' => $membershipId,
|
||||||
'$read' => ['role:all'],
|
'$permissions' => [
|
||||||
'$write' => ['user:' . $invitee->getId(), 'team:' . $team->getId() . '/owner'],
|
'read(any)',
|
||||||
|
'write(user: ' . $invitee->getId() . ', team:' . $team->getId() . '/owner)',
|
||||||
|
],
|
||||||
'userId' => $invitee->getId(),
|
'userId' => $invitee->getId(),
|
||||||
'userInternalId' => $invitee->getInternalId(),
|
'userInternalId' => $invitee->getInternalId(),
|
||||||
'teamId' => $team->getId(),
|
'teamId' => $team->getId(),
|
||||||
|
|
@ -716,8 +724,10 @@ App::patch('/v1/teams/:teamId/memberships/:membershipId/status')
|
||||||
], $detector->getOS(), $detector->getClient(), $detector->getDevice()));
|
], $detector->getOS(), $detector->getClient(), $detector->getDevice()));
|
||||||
|
|
||||||
$session = $dbForProject->createDocument('sessions', $session
|
$session = $dbForProject->createDocument('sessions', $session
|
||||||
->setAttribute('$read', ['user:' . $user->getId()])
|
->setAttribute('$permissions', [
|
||||||
->setAttribute('$write', ['user:' . $user->getId()]));
|
'read(user: ' . $user->getId() . ')',
|
||||||
|
'write(user: ' . $user->getId() . ')',
|
||||||
|
]));
|
||||||
|
|
||||||
$dbForProject->deleteCachedDocument('users', $user->getId());
|
$dbForProject->deleteCachedDocument('users', $user->getId());
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -57,8 +57,10 @@ App::post('/v1/users')
|
||||||
$userId = $userId == 'unique()' ? $dbForProject->getId() : $userId;
|
$userId = $userId == 'unique()' ? $dbForProject->getId() : $userId;
|
||||||
$user = $dbForProject->createDocument('users', new Document([
|
$user = $dbForProject->createDocument('users', new Document([
|
||||||
'$id' => $userId,
|
'$id' => $userId,
|
||||||
'$read' => ['role:all'],
|
'$permissions' => [
|
||||||
'$write' => ['user:' . $userId],
|
'read(any)',
|
||||||
|
'write(user:' . $userId . ')',
|
||||||
|
],
|
||||||
'email' => $email,
|
'email' => $email,
|
||||||
'emailVerification' => false,
|
'emailVerification' => false,
|
||||||
'status' => true,
|
'status' => true,
|
||||||
|
|
|
||||||
|
|
@ -81,8 +81,7 @@ class BuildsV1 extends Worker
|
||||||
$buildId = $dbForProject->getId();
|
$buildId = $dbForProject->getId();
|
||||||
$build = $dbForProject->createDocument('builds', new Document([
|
$build = $dbForProject->createDocument('builds', new Document([
|
||||||
'$id' => $buildId,
|
'$id' => $buildId,
|
||||||
'$read' => [],
|
'$permissions' => [],
|
||||||
'$write' => [],
|
|
||||||
'startTime' => $startTime,
|
'startTime' => $startTime,
|
||||||
'deploymentId' => $deployment->getId(),
|
'deploymentId' => $deployment->getId(),
|
||||||
'status' => 'processing',
|
'status' => 'processing',
|
||||||
|
|
|
||||||
|
|
@ -237,8 +237,7 @@ class FunctionsV1 extends Worker
|
||||||
$executionId = $dbForProject->getId();
|
$executionId = $dbForProject->getId();
|
||||||
$execution = $dbForProject->createDocument('executions', new Document([
|
$execution = $dbForProject->createDocument('executions', new Document([
|
||||||
'$id' => $executionId,
|
'$id' => $executionId,
|
||||||
'$read' => $user->isEmpty() ? [] : ['user:' . $user->getId()],
|
'$permissions' => $user->isEmpty() ? [] : ['read(user:' . $user->getId() . ')'],
|
||||||
'$write' => [],
|
|
||||||
'functionId' => $functionId,
|
'functionId' => $functionId,
|
||||||
'deploymentId' => $deploymentId,
|
'deploymentId' => $deploymentId,
|
||||||
'trigger' => $trigger,
|
'trigger' => $trigger,
|
||||||
|
|
|
||||||
|
|
@ -28,9 +28,9 @@ class Execution extends Model
|
||||||
'default' => 0,
|
'default' => 0,
|
||||||
'example' => 1592981250,
|
'example' => 1592981250,
|
||||||
])
|
])
|
||||||
->addRule('$read', [
|
->addRule('$permissions', [
|
||||||
'type' => self::TYPE_STRING,
|
'type' => self::TYPE_STRING,
|
||||||
'description' => 'Execution read permissions.',
|
'description' => 'Execution permissions.',
|
||||||
'default' => '',
|
'default' => '',
|
||||||
'example' => 'role:all',
|
'example' => 'role:all',
|
||||||
'array' => true,
|
'array' => true,
|
||||||
|
|
|
||||||
|
|
@ -67,10 +67,8 @@ trait WebhooksBase
|
||||||
$this->assertEquals(empty($webhook['headers']['X-Appwrite-Webhook-User-Id'] ?? ''), true);
|
$this->assertEquals(empty($webhook['headers']['X-Appwrite-Webhook-User-Id'] ?? ''), true);
|
||||||
$this->assertNotEmpty($webhook['data']['$id']);
|
$this->assertNotEmpty($webhook['data']['$id']);
|
||||||
$this->assertEquals($webhook['data']['name'], 'Actors');
|
$this->assertEquals($webhook['data']['name'], 'Actors');
|
||||||
$this->assertIsArray($webhook['data']['$read']);
|
$this->assertIsArray($webhook['data']['$permissions']);
|
||||||
$this->assertIsArray($webhook['data']['$write']);
|
$this->assertCount(2, $webhook['data']['$permissions']);
|
||||||
$this->assertCount(1, $webhook['data']['$read']);
|
|
||||||
$this->assertCount(1, $webhook['data']['$write']);
|
|
||||||
|
|
||||||
return array_merge(['actorsId' => $actorsId, 'databaseId' => $databaseId]);
|
return array_merge(['actorsId' => $actorsId, 'databaseId' => $databaseId]);
|
||||||
}
|
}
|
||||||
|
|
@ -224,10 +222,8 @@ trait WebhooksBase
|
||||||
$this->assertNotEmpty($webhook['data']['$id']);
|
$this->assertNotEmpty($webhook['data']['$id']);
|
||||||
$this->assertEquals($webhook['data']['firstName'], 'Chris');
|
$this->assertEquals($webhook['data']['firstName'], 'Chris');
|
||||||
$this->assertEquals($webhook['data']['lastName'], 'Evans');
|
$this->assertEquals($webhook['data']['lastName'], 'Evans');
|
||||||
$this->assertIsArray($webhook['data']['$read']);
|
$this->assertIsArray($webhook['data']['$permissions']);
|
||||||
$this->assertIsArray($webhook['data']['$write']);
|
$this->assertCount(2, $webhook['data']['$permissions']);
|
||||||
$this->assertCount(1, $webhook['data']['$read']);
|
|
||||||
$this->assertCount(1, $webhook['data']['$write']);
|
|
||||||
|
|
||||||
$data['documentId'] = $document['body']['$id'];
|
$data['documentId'] = $document['body']['$id'];
|
||||||
|
|
||||||
|
|
@ -285,10 +281,8 @@ trait WebhooksBase
|
||||||
$this->assertNotEmpty($webhook['data']['$id']);
|
$this->assertNotEmpty($webhook['data']['$id']);
|
||||||
$this->assertEquals($webhook['data']['firstName'], 'Chris1');
|
$this->assertEquals($webhook['data']['firstName'], 'Chris1');
|
||||||
$this->assertEquals($webhook['data']['lastName'], 'Evans2');
|
$this->assertEquals($webhook['data']['lastName'], 'Evans2');
|
||||||
$this->assertIsArray($webhook['data']['$read']);
|
$this->assertIsArray($webhook['data']['$permissions']);
|
||||||
$this->assertIsArray($webhook['data']['$write']);
|
$this->assertCount(2, $webhook['data']['$permissions']);
|
||||||
$this->assertCount(1, $webhook['data']['$read']);
|
|
||||||
$this->assertCount(1, $webhook['data']['$write']);
|
|
||||||
|
|
||||||
return $data;
|
return $data;
|
||||||
}
|
}
|
||||||
|
|
@ -353,10 +347,8 @@ trait WebhooksBase
|
||||||
$this->assertNotEmpty($webhook['data']['$id']);
|
$this->assertNotEmpty($webhook['data']['$id']);
|
||||||
$this->assertEquals($webhook['data']['firstName'], 'Bradly');
|
$this->assertEquals($webhook['data']['firstName'], 'Bradly');
|
||||||
$this->assertEquals($webhook['data']['lastName'], 'Cooper');
|
$this->assertEquals($webhook['data']['lastName'], 'Cooper');
|
||||||
$this->assertIsArray($webhook['data']['$read']);
|
$this->assertIsArray($webhook['data']['$permissions']);
|
||||||
$this->assertIsArray($webhook['data']['$write']);
|
$this->assertCount(2, $webhook['data']['$permissions']);
|
||||||
$this->assertCount(1, $webhook['data']['$read']);
|
|
||||||
$this->assertCount(1, $webhook['data']['$write']);
|
|
||||||
|
|
||||||
return $data;
|
return $data;
|
||||||
}
|
}
|
||||||
|
|
@ -401,8 +393,7 @@ trait WebhooksBase
|
||||||
$this->assertNotEmpty($webhook['data']['$id']);
|
$this->assertNotEmpty($webhook['data']['$id']);
|
||||||
$this->assertEquals('Test Bucket', $webhook['data']['name']);
|
$this->assertEquals('Test Bucket', $webhook['data']['name']);
|
||||||
$this->assertEquals(true, $webhook['data']['enabled']);
|
$this->assertEquals(true, $webhook['data']['enabled']);
|
||||||
$this->assertIsArray($webhook['data']['$read']);
|
$this->assertIsArray($webhook['data']['$permissions']);
|
||||||
$this->assertIsArray($webhook['data']['$write']);
|
|
||||||
|
|
||||||
return array_merge(['bucketId' => $bucketId]);
|
return array_merge(['bucketId' => $bucketId]);
|
||||||
}
|
}
|
||||||
|
|
@ -447,8 +438,7 @@ trait WebhooksBase
|
||||||
$this->assertNotEmpty($webhook['data']['$id']);
|
$this->assertNotEmpty($webhook['data']['$id']);
|
||||||
$this->assertEquals('Test Bucket Updated', $webhook['data']['name']);
|
$this->assertEquals('Test Bucket Updated', $webhook['data']['name']);
|
||||||
$this->assertEquals(false, $webhook['data']['enabled']);
|
$this->assertEquals(false, $webhook['data']['enabled']);
|
||||||
$this->assertIsArray($webhook['data']['$read']);
|
$this->assertIsArray($webhook['data']['$permissions']);
|
||||||
$this->assertIsArray($webhook['data']['$write']);
|
|
||||||
|
|
||||||
return array_merge(['bucketId' => $bucket['body']['$id']]);
|
return array_merge(['bucketId' => $bucket['body']['$id']]);
|
||||||
}
|
}
|
||||||
|
|
@ -512,8 +502,7 @@ trait WebhooksBase
|
||||||
$this->assertEquals($webhook['headers']['X-Appwrite-Webhook-Project-Id'] ?? '', $this->getProject()['$id']);
|
$this->assertEquals($webhook['headers']['X-Appwrite-Webhook-Project-Id'] ?? '', $this->getProject()['$id']);
|
||||||
$this->assertEquals(empty($webhook['headers']['X-Appwrite-Webhook-User-Id'] ?? ''), ('server' === $this->getSide()));
|
$this->assertEquals(empty($webhook['headers']['X-Appwrite-Webhook-User-Id'] ?? ''), ('server' === $this->getSide()));
|
||||||
$this->assertNotEmpty($webhook['data']['$id']);
|
$this->assertNotEmpty($webhook['data']['$id']);
|
||||||
$this->assertIsArray($webhook['data']['$read']);
|
$this->assertIsArray($webhook['data']['$permissions']);
|
||||||
$this->assertIsArray($webhook['data']['$write']);
|
|
||||||
$this->assertEquals($webhook['data']['name'], 'logo.png');
|
$this->assertEquals($webhook['data']['name'], 'logo.png');
|
||||||
$this->assertIsInt($webhook['data']['$createdAt']);
|
$this->assertIsInt($webhook['data']['$createdAt']);
|
||||||
$this->assertNotEmpty($webhook['data']['signature']);
|
$this->assertNotEmpty($webhook['data']['signature']);
|
||||||
|
|
@ -568,8 +557,7 @@ trait WebhooksBase
|
||||||
$this->assertEquals($webhook['headers']['X-Appwrite-Webhook-Project-Id'] ?? '', $this->getProject()['$id']);
|
$this->assertEquals($webhook['headers']['X-Appwrite-Webhook-Project-Id'] ?? '', $this->getProject()['$id']);
|
||||||
$this->assertEquals(empty($webhook['headers']['X-Appwrite-Webhook-User-Id'] ?? ''), ('server' === $this->getSide()));
|
$this->assertEquals(empty($webhook['headers']['X-Appwrite-Webhook-User-Id'] ?? ''), ('server' === $this->getSide()));
|
||||||
$this->assertNotEmpty($webhook['data']['$id']);
|
$this->assertNotEmpty($webhook['data']['$id']);
|
||||||
$this->assertIsArray($webhook['data']['$read']);
|
$this->assertIsArray($webhook['data']['$permissions']);
|
||||||
$this->assertIsArray($webhook['data']['$write']);
|
|
||||||
$this->assertEquals($webhook['data']['name'], 'logo.png');
|
$this->assertEquals($webhook['data']['name'], 'logo.png');
|
||||||
$this->assertIsInt($webhook['data']['$createdAt']);
|
$this->assertIsInt($webhook['data']['$createdAt']);
|
||||||
$this->assertNotEmpty($webhook['data']['signature']);
|
$this->assertNotEmpty($webhook['data']['signature']);
|
||||||
|
|
@ -619,8 +607,7 @@ trait WebhooksBase
|
||||||
$this->assertEquals($webhook['headers']['X-Appwrite-Webhook-Project-Id'] ?? '', $this->getProject()['$id']);
|
$this->assertEquals($webhook['headers']['X-Appwrite-Webhook-Project-Id'] ?? '', $this->getProject()['$id']);
|
||||||
$this->assertEquals(empty($webhook['headers']['X-Appwrite-Webhook-User-Id'] ?? ''), ('server' === $this->getSide()));
|
$this->assertEquals(empty($webhook['headers']['X-Appwrite-Webhook-User-Id'] ?? ''), ('server' === $this->getSide()));
|
||||||
$this->assertNotEmpty($webhook['data']['$id']);
|
$this->assertNotEmpty($webhook['data']['$id']);
|
||||||
$this->assertIsArray($webhook['data']['$read']);
|
$this->assertIsArray($webhook['data']['$permissions']);
|
||||||
$this->assertIsArray($webhook['data']['$write']);
|
|
||||||
$this->assertEquals($webhook['data']['name'], 'logo.png');
|
$this->assertEquals($webhook['data']['name'], 'logo.png');
|
||||||
$this->assertIsInt($webhook['data']['$createdAt']);
|
$this->assertIsInt($webhook['data']['$createdAt']);
|
||||||
$this->assertNotEmpty($webhook['data']['signature']);
|
$this->assertNotEmpty($webhook['data']['signature']);
|
||||||
|
|
@ -665,8 +652,7 @@ trait WebhooksBase
|
||||||
$this->assertNotEmpty($webhook['data']['$id']);
|
$this->assertNotEmpty($webhook['data']['$id']);
|
||||||
$this->assertEquals('Test Bucket Updated', $webhook['data']['name']);
|
$this->assertEquals('Test Bucket Updated', $webhook['data']['name']);
|
||||||
$this->assertEquals(true, $webhook['data']['enabled']);
|
$this->assertEquals(true, $webhook['data']['enabled']);
|
||||||
$this->assertIsArray($webhook['data']['$read']);
|
$this->assertIsArray($webhook['data']['$permissions']);
|
||||||
$this->assertIsArray($webhook['data']['$write']);
|
|
||||||
}
|
}
|
||||||
|
|
||||||
public function testCreateTeam(): array
|
public function testCreateTeam(): array
|
||||||
|
|
|
||||||
|
|
@ -54,10 +54,8 @@ class WebhooksCustomServerTest extends Scope
|
||||||
$this->assertEquals(empty($webhook['headers']['X-Appwrite-Webhook-User-Id'] ?? ''), true);
|
$this->assertEquals(empty($webhook['headers']['X-Appwrite-Webhook-User-Id'] ?? ''), true);
|
||||||
$this->assertNotEmpty($webhook['data']['$id']);
|
$this->assertNotEmpty($webhook['data']['$id']);
|
||||||
$this->assertEquals($webhook['data']['name'], 'Actors1');
|
$this->assertEquals($webhook['data']['name'], 'Actors1');
|
||||||
$this->assertIsArray($webhook['data']['$read']);
|
$this->assertIsArray($webhook['data']['$permissions']);
|
||||||
$this->assertIsArray($webhook['data']['$write']);
|
$this->assertCount(2, $webhook['data']['$permissions']);
|
||||||
$this->assertCount(1, $webhook['data']['$read']);
|
|
||||||
$this->assertCount(1, $webhook['data']['$write']);
|
|
||||||
|
|
||||||
return array_merge(['actorsId' => $actors['body']['$id']]);
|
return array_merge(['actorsId' => $actors['body']['$id']]);
|
||||||
}
|
}
|
||||||
|
|
@ -193,10 +191,8 @@ class WebhooksCustomServerTest extends Scope
|
||||||
$this->assertEquals(empty($webhook['headers']['X-Appwrite-Webhook-User-Id'] ?? ''), true);
|
$this->assertEquals(empty($webhook['headers']['X-Appwrite-Webhook-User-Id'] ?? ''), true);
|
||||||
$this->assertNotEmpty($webhook['data']['$id']);
|
$this->assertNotEmpty($webhook['data']['$id']);
|
||||||
$this->assertEquals($webhook['data']['name'], 'Demo');
|
$this->assertEquals($webhook['data']['name'], 'Demo');
|
||||||
$this->assertIsArray($webhook['data']['$read']);
|
$this->assertIsArray($webhook['data']['$permissions']);
|
||||||
$this->assertIsArray($webhook['data']['$write']);
|
$this->assertCount(2, $webhook['data']['$permissions']);
|
||||||
$this->assertCount(1, $webhook['data']['$read']);
|
|
||||||
$this->assertCount(1, $webhook['data']['$write']);
|
|
||||||
|
|
||||||
return [];
|
return [];
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -206,14 +206,17 @@ class MessagingTest extends TestCase
|
||||||
payload: new Document([
|
payload: new Document([
|
||||||
'$id' => 'test',
|
'$id' => 'test',
|
||||||
'$collection' => 'collection',
|
'$collection' => 'collection',
|
||||||
'$read' => ['role:admin'],
|
'$permissions' => [
|
||||||
'$write' => ['role:admin']
|
'read(admin)',
|
||||||
|
'write(admin)',
|
||||||
|
],
|
||||||
]),
|
]),
|
||||||
collection: new Document([
|
collection: new Document([
|
||||||
'$id' => 'collection',
|
'$id' => 'collection',
|
||||||
'$read' => ['role:all'],
|
'$permissions' => [
|
||||||
'$write' => ['role:all'],
|
'read(any)',
|
||||||
'permission' => 'collection'
|
'write(any)',
|
||||||
|
],
|
||||||
]),
|
]),
|
||||||
database: new Document([
|
database: new Document([
|
||||||
'$id' => 'database',
|
'$id' => 'database',
|
||||||
|
|
@ -231,14 +234,18 @@ class MessagingTest extends TestCase
|
||||||
payload: new Document([
|
payload: new Document([
|
||||||
'$id' => 'test',
|
'$id' => 'test',
|
||||||
'$collection' => 'collection',
|
'$collection' => 'collection',
|
||||||
'$read' => ['role:all'],
|
'$permissions' => [
|
||||||
'$write' => ['role:all']
|
'read(any)',
|
||||||
|
'write(any)',
|
||||||
|
],
|
||||||
]),
|
]),
|
||||||
collection: new Document([
|
collection: new Document([
|
||||||
'$id' => 'collection',
|
'$id' => 'collection',
|
||||||
'$read' => ['role:admin'],
|
'$permissions' => [
|
||||||
'$write' => ['role:admin'],
|
'read(admin)',
|
||||||
'permission' => 'document'
|
'write(admin)',
|
||||||
|
],
|
||||||
|
'documentSecurity' => true,
|
||||||
]),
|
]),
|
||||||
database: new Document([
|
database: new Document([
|
||||||
'$id' => 'database',
|
'$id' => 'database',
|
||||||
|
|
@ -259,14 +266,17 @@ class MessagingTest extends TestCase
|
||||||
payload: new Document([
|
payload: new Document([
|
||||||
'$id' => 'test',
|
'$id' => 'test',
|
||||||
'$collection' => 'bucket',
|
'$collection' => 'bucket',
|
||||||
'$read' => ['role:admin'],
|
'$permissions' => [
|
||||||
'$write' => ['role:admin']
|
'read(admin)',
|
||||||
|
'write(admin)',
|
||||||
|
],
|
||||||
]),
|
]),
|
||||||
bucket: new Document([
|
bucket: new Document([
|
||||||
'$id' => 'bucket',
|
'$id' => 'bucket',
|
||||||
'$read' => ['role:all'],
|
'$permissions' => [
|
||||||
'$write' => ['role:all'],
|
'read(any)',
|
||||||
'permission' => 'bucket'
|
'write(any)',
|
||||||
|
],
|
||||||
])
|
])
|
||||||
);
|
);
|
||||||
|
|
||||||
|
|
@ -281,14 +291,18 @@ class MessagingTest extends TestCase
|
||||||
payload: new Document([
|
payload: new Document([
|
||||||
'$id' => 'test',
|
'$id' => 'test',
|
||||||
'$collection' => 'bucket',
|
'$collection' => 'bucket',
|
||||||
'$read' => ['role:all'],
|
'$permissions' => [
|
||||||
'$write' => ['role:all']
|
'read(any)',
|
||||||
|
'write(any)',
|
||||||
|
],
|
||||||
]),
|
]),
|
||||||
bucket: new Document([
|
bucket: new Document([
|
||||||
'$id' => 'bucket',
|
'$id' => 'bucket',
|
||||||
'$read' => ['role:admin'],
|
'$permissions' => [
|
||||||
'$write' => ['role:admin'],
|
'read(admin)',
|
||||||
'permission' => 'file'
|
'write(admin)',
|
||||||
|
],
|
||||||
|
'documentSecurity' => 'true'
|
||||||
])
|
])
|
||||||
);
|
);
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue