Merge pull request #1142 from appwrite/feat-add-update-membership-endpoint
feat(teams): endpoint to update membership roles
This commit is contained in:
commit
dc003464fa
|
@ -22,6 +22,7 @@
|
|||
- Added a new env var named `_APP_LOCALE` that allow to change the default `en` locale value (#1056)
|
||||
- Updated all the console bottom control to be consistent. Dropped the `+` icon (#1062)
|
||||
- Added Response Models for Documents and Preferences (#1075, #1102)
|
||||
- Added new endpoint to update team membership roles (#1142)
|
||||
|
||||
## Bugs
|
||||
|
||||
|
|
|
@ -197,6 +197,11 @@ return [
|
|||
'model' => Response::MODEL_MEMBERSHIP,
|
||||
'note' => 'version >= 0.7',
|
||||
],
|
||||
'teams.memberships.update' => [
|
||||
'description' => 'This event triggers when a team membership is updated.',
|
||||
'model' => Response::MODEL_MEMBERSHIP,
|
||||
'note' => 'version >= 0.8',
|
||||
],
|
||||
'teams.memberships.update.status' => [
|
||||
'description' => 'This event triggers when a team memberships status is updated.',
|
||||
'model' => Response::MODEL_MEMBERSHIP,
|
||||
|
|
|
@ -449,7 +449,7 @@ App::post('/v1/teams/:teamId/memberships')
|
|||
->setParam('{{text-cta}}', '#ffffff')
|
||||
;
|
||||
|
||||
if (!$isPrivilegedUser && !$isAppUser) { // No need in comfirmation when in admin or app mode
|
||||
if (!$isPrivilegedUser && !$isAppUser) { // No need of confirmation when in admin or app mode
|
||||
$mails
|
||||
->setParam('event', 'teams.memberships.create')
|
||||
->setParam('from', ($project->getId() === 'console') ? '' : \sprintf($locale->getText('account.emails.team'), $project->getAttribute('name')))
|
||||
|
@ -476,6 +476,69 @@ App::post('/v1/teams/:teamId/memberships')
|
|||
;
|
||||
});
|
||||
|
||||
App::patch('/v1/teams/:teamId/memberships/:membershipId')
|
||||
->desc('Update Membership Roles')
|
||||
->groups(['api', 'teams'])
|
||||
->label('event', 'teams.memberships.update')
|
||||
->label('scope', 'teams.write')
|
||||
->label('sdk.auth', [APP_AUTH_TYPE_SESSION, APP_AUTH_TYPE_KEY, APP_AUTH_TYPE_JWT])
|
||||
->label('sdk.namespace', 'teams')
|
||||
->label('sdk.method', 'updateMembershipRoles')
|
||||
->label('sdk.description', '/docs/references/teams/update-team-membership-roles.md')
|
||||
->label('sdk.response.code', Response::STATUS_CODE_OK)
|
||||
->label('sdk.response.type', Response::CONTENT_TYPE_JSON)
|
||||
->label('sdk.response.model', Response::MODEL_MEMBERSHIP)
|
||||
->param('teamId', '', new UID(), 'Team unique ID.')
|
||||
->param('membershipId', '', new UID(), 'Membership ID.')
|
||||
->param('roles', [], new ArrayList(new Key()), 'Array of strings. Use this param to set the user roles in the team. A role can be any string. Learn more about [roles and permissions](/docs/permissions). Max length for each role is 32 chars.')
|
||||
->inject('request')
|
||||
->inject('response')
|
||||
->inject('user')
|
||||
->inject('projectDB')
|
||||
->inject('audits')
|
||||
->action(function ($teamId, $membershipId, $roles, $request, $response, $user, $projectDB,$audits) {
|
||||
/** @var Utopia\Swoole\Request $request */
|
||||
/** @var Appwrite\Utopia\Response $response */
|
||||
/** @var Appwrite\Database\Document $user */
|
||||
/** @var Appwrite\Database\Database $projectDB */
|
||||
/** @var Appwrite\Event\Event $audits */
|
||||
|
||||
$team = $projectDB->getDocument($teamId);
|
||||
if (empty($team->getId()) || Database::SYSTEM_COLLECTION_TEAMS != $team->getCollection()) {
|
||||
throw new Exception('Team not found', 404);
|
||||
}
|
||||
|
||||
$membership = $projectDB->getDocument($membershipId);
|
||||
if (empty($membership->getId()) || Database::SYSTEM_COLLECTION_MEMBERSHIPS != $membership->getCollection()) {
|
||||
throw new Exception('Membership not found', 404);
|
||||
}
|
||||
|
||||
|
||||
$isPrivilegedUser = Auth::isPrivilegedUser(Authorization::$roles);
|
||||
$isAppUser = Auth::isAppUser(Authorization::$roles);
|
||||
$isOwner = Authorization::isRole('team:'.$team->getId().'/owner');;
|
||||
|
||||
if (!$isOwner && !$isPrivilegedUser && !$isAppUser) { // Not owner, not admin, not app (server)
|
||||
throw new Exception('User is not allowed to modify roles', 401);
|
||||
}
|
||||
|
||||
// Update the roles
|
||||
$membership->setAttribute('roles', $roles);
|
||||
$membership = $projectDB->updateDocument($membership->getArrayCopy());
|
||||
|
||||
if (false === $membership) {
|
||||
throw new Exception('Failed updating membership', 500);
|
||||
}
|
||||
|
||||
$audits
|
||||
->setParam('userId', $user->getId())
|
||||
->setParam('event', 'teams.memberships.update')
|
||||
->setParam('resource', 'teams/'.$teamId)
|
||||
;
|
||||
|
||||
$response->dynamic(new Document($membership->getArrayCopy()), Response::MODEL_MEMBERSHIP);
|
||||
});
|
||||
|
||||
App::get('/v1/teams/:teamId/memberships')
|
||||
->desc('Get Team Memberships')
|
||||
->groups(['api', 'teams'])
|
||||
|
|
|
@ -154,4 +154,25 @@ trait ProjectCustom
|
|||
|
||||
return self::$project;
|
||||
}
|
||||
|
||||
public function getNewKey(array $scopes) {
|
||||
|
||||
$projectId = self::$project['$id'];
|
||||
|
||||
$key = $this->client->call(Client::METHOD_POST, '/projects/' . $projectId . '/keys', [
|
||||
'origin' => 'http://localhost',
|
||||
'content-type' => 'application/json',
|
||||
'cookie' => 'a_session_console=' . $this->getRoot()['session'],
|
||||
'x-appwrite-project' => 'console',
|
||||
], [
|
||||
'name' => 'Demo Project Key',
|
||||
'scopes' => $scopes,
|
||||
]);
|
||||
|
||||
$this->assertEquals(201, $key['headers']['status-code']);
|
||||
$this->assertNotEmpty($key['body']);
|
||||
$this->assertNotEmpty($key['body']['secret']);
|
||||
|
||||
return $key['body']['secret'];
|
||||
}
|
||||
}
|
||||
|
|
|
@ -157,7 +157,10 @@ trait TeamsBaseClient
|
|||
$this->assertIsInt($response['body']['joined']);
|
||||
$this->assertEquals(true, $response['body']['confirm']);
|
||||
$session = $this->client->parseCookie((string)$response['headers']['set-cookie'])['a_session_'.$this->getProject()['$id']];
|
||||
$data['session'] = $session;
|
||||
|
||||
|
||||
/** [START] TESTS TO CHECK PASSWORD UPDATE OF NEW USER CREATED USING TEAM INVITE */
|
||||
/**
|
||||
* New User tries to update password without old password -> SHOULD PASS
|
||||
*/
|
||||
|
@ -212,6 +215,8 @@ trait TeamsBaseClient
|
|||
$this->assertEquals($response['body']['email'], $email);
|
||||
$this->assertEquals($response['body']['name'], $name);
|
||||
|
||||
/** [END] TESTS TO CHECK PASSWORD UPDATE OF NEW USER CREATED USING TEAM INVITE */
|
||||
|
||||
/**
|
||||
* Test for FAILURE
|
||||
*/
|
||||
|
@ -265,6 +270,81 @@ trait TeamsBaseClient
|
|||
/**
|
||||
* @depends testUpdateTeamMembership
|
||||
*/
|
||||
public function testUpdateTeamMembershipRoles($data):array
|
||||
{
|
||||
$teamUid = $data['teamUid'] ?? '';
|
||||
$membershipUid = $data['membershipUid'] ?? '';
|
||||
$session = $data['session'] ?? '';
|
||||
|
||||
/**
|
||||
* Test for SUCCESS
|
||||
*/
|
||||
$roles = ['admin', 'editor', 'uncle'];
|
||||
$response = $this->client->call(Client::METHOD_PATCH, '/teams/'.$teamUid.'/memberships/'.$membershipUid, array_merge([
|
||||
'origin' => 'http://localhost',
|
||||
'content-type' => 'application/json',
|
||||
'x-appwrite-project' => $this->getProject()['$id'],
|
||||
], $this->getHeaders()), [
|
||||
'roles' => $roles
|
||||
]);
|
||||
|
||||
$this->assertEquals(200, $response['headers']['status-code']);
|
||||
$this->assertNotEmpty($response['body']['$id']);
|
||||
$this->assertNotEmpty($response['body']['userId']);
|
||||
$this->assertNotEmpty($response['body']['teamId']);
|
||||
$this->assertCount(count($roles), $response['body']['roles']);
|
||||
$this->assertEquals($roles[0], $response['body']['roles'][0]);
|
||||
$this->assertEquals($roles[1], $response['body']['roles'][1]);
|
||||
$this->assertEquals($roles[2], $response['body']['roles'][2]);
|
||||
|
||||
/**
|
||||
* Test for unknown team
|
||||
*/
|
||||
$response = $this->client->call(Client::METHOD_PATCH, '/teams/'.'abc'.'/memberships/'.$membershipUid, array_merge([
|
||||
'origin' => 'http://localhost',
|
||||
'content-type' => 'application/json',
|
||||
'x-appwrite-project' => $this->getProject()['$id'],
|
||||
], $this->getHeaders()), [
|
||||
'roles' => $roles
|
||||
]);
|
||||
|
||||
$this->assertEquals(404, $response['headers']['status-code']);
|
||||
|
||||
/**
|
||||
* Test for unknown membership ID
|
||||
*/
|
||||
$response = $this->client->call(Client::METHOD_PATCH, '/teams/'.$teamUid.'/memberships/'.'abc', array_merge([
|
||||
'origin' => 'http://localhost',
|
||||
'content-type' => 'application/json',
|
||||
'x-appwrite-project' => $this->getProject()['$id'],
|
||||
], $this->getHeaders()), [
|
||||
'roles' => $roles
|
||||
]);
|
||||
|
||||
$this->assertEquals(404, $response['headers']['status-code']);
|
||||
|
||||
|
||||
/**
|
||||
* Test for when a user other than the owner tries to update membership
|
||||
*/
|
||||
$response = $this->client->call(Client::METHOD_PATCH, '/teams/'.$teamUid.'/memberships/'.$membershipUid, [
|
||||
'origin' => 'http://localhost',
|
||||
'content-type' => 'application/json',
|
||||
'x-appwrite-project' => $this->getProject()['$id'],
|
||||
'cookie' => 'a_session_'.$this->getProject()['$id'].'=' . $session,
|
||||
], [
|
||||
'roles' => $roles
|
||||
]);
|
||||
|
||||
$this->assertEquals(401, $response['headers']['status-code']);
|
||||
$this->assertEquals('User is not allowed to modify roles', $response['body']['message']);
|
||||
|
||||
return $data;
|
||||
}
|
||||
|
||||
/**
|
||||
* @depends testUpdateTeamMembershipRoles
|
||||
*/
|
||||
public function testDeleteTeamMembership($data):array
|
||||
{
|
||||
$teamUid = $data['teamUid'] ?? '';
|
||||
|
@ -296,4 +376,5 @@ trait TeamsBaseClient
|
|||
|
||||
return [];
|
||||
}
|
||||
|
||||
}
|
|
@ -64,6 +64,7 @@ trait TeamsBaseServer
|
|||
$this->assertEquals(true, $response['body']['confirm']);
|
||||
|
||||
$userUid = $response['body']['userId'];
|
||||
$membershipUid = $response['body']['$id'];
|
||||
|
||||
// $response = $this->client->call(Client::METHOD_GET, '/users/'.$userUid, array_merge([
|
||||
// 'content-type' => 'application/json',
|
||||
|
@ -117,6 +118,55 @@ trait TeamsBaseServer
|
|||
return [
|
||||
'teamUid' => $teamUid,
|
||||
'userUid' => $userUid,
|
||||
'membershipUid' => $membershipUid
|
||||
];
|
||||
}
|
||||
|
||||
/**
|
||||
* @depends testCreateTeamMembership
|
||||
*/
|
||||
public function testUpdateMembershipRoles($data)
|
||||
{
|
||||
$teamUid = $data['teamUid'] ?? '';
|
||||
$membershipUid = $data['membershipUid'] ?? '';
|
||||
|
||||
/**
|
||||
* Test for SUCCESS
|
||||
*/
|
||||
$roles = ['admin', 'editor', 'uncle'];
|
||||
$response = $this->client->call(Client::METHOD_PATCH, '/teams/'.$teamUid.'/memberships/'.$membershipUid, array_merge([
|
||||
'origin' => 'http://localhost',
|
||||
'content-type' => 'application/json',
|
||||
'x-appwrite-project' => $this->getProject()['$id'],
|
||||
], $this->getHeaders()), [
|
||||
'roles' => $roles
|
||||
]);
|
||||
|
||||
$this->assertEquals(200, $response['headers']['status-code']);
|
||||
$this->assertNotEmpty($response['body']['$id']);
|
||||
$this->assertNotEmpty($response['body']['userId']);
|
||||
$this->assertNotEmpty($response['body']['teamId']);
|
||||
$this->assertCount(count($roles), $response['body']['roles']);
|
||||
$this->assertEquals($roles[0], $response['body']['roles'][0]);
|
||||
$this->assertEquals($roles[1], $response['body']['roles'][1]);
|
||||
$this->assertEquals($roles[2], $response['body']['roles'][2]);
|
||||
|
||||
|
||||
/**
|
||||
* Test for FAILURE
|
||||
*/
|
||||
$apiKey = $this->getNewKey(['teams.read']);
|
||||
$roles = ['admin', 'editor', 'uncle'];
|
||||
$response = $this->client->call(Client::METHOD_PATCH, '/teams/'.$teamUid.'/memberships/'.$membershipUid, [
|
||||
'origin' => 'http://localhost',
|
||||
'content-type' => 'application/json',
|
||||
'x-appwrite-project' => $this->getProject()['$id'],
|
||||
'x-appwrite-key' => $apiKey
|
||||
], [
|
||||
'roles' => $roles
|
||||
]);
|
||||
|
||||
$this->assertEquals(401, $response['headers']['status-code']);
|
||||
|
||||
}
|
||||
}
|
Loading…
Reference in a new issue