CodeMirror/appwrite
1
0
Fork 0
mirror of synced 2024-06-29 11:40:45 +12:00
Code Issues Projects Releases Wiki Activity

Merge branch '0.16.x' of https://github.com/appwrite/appwrite into feat-list-users-queries

Browse source
This commit is contained in:
Christy Jacob 2022-08-27 20:21:51 +00:00
parent 281eb2fafe 6dade9e758
commit f6e7d00b1e
20 changed files with 103 additions and 161 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
app/controllers/api/account.php
View file

@ -1484,7 +1484,7 @@ App::patch('/v1/account/password')
->action(function (string $password, string $oldPassword, Response $response, Document $user, Database $dbForProject, Event $events) {
// Check old password only if its an existing user.
if ($user->getAttribute('passwordUpdate') !== null && !Auth::passwordVerify($oldPassword, $user->getAttribute('password'), $user->getAttribute('hash'), $user->getAttribute('hashOptions'))) { // Double check user password
if (!empty($user->getAttribute('passwordUpdate')) && !Auth::passwordVerify($oldPassword, $user->getAttribute('password'), $user->getAttribute('hash'), $user->getAttribute('hashOptions'))) { // Double check user password
throw new Exception(Exception::USER_INVALID_CREDENTIALS);
}

12
app/controllers/api/databases.php
View file

@ -480,8 +480,8 @@ App::post('/v1/databases/:databaseId/collections')
->param('databaseId', '', new UID(), 'Database ID.')
->param('collectionId', '', new CustomId(), 'Unique Id. Choose your own unique ID or pass the string "unique()" to auto generate it. Valid chars are a-z, A-Z, 0-9, period, hyphen, and underscore. Can\'t start with a special char. Max length is 36 chars.')
->param('name', '', new Text(128), 'Collection name. Max length: 128 chars.')
->param('permissions', null, new Permissions(APP_LIMIT_ARRAY_PARAMS_SIZE), 'An array of permissions strings. By default no user is granted with any permissions. [Learn more about permissions](/docs/permissions) and get a full list of available permissions.')
->param('documentSecurity', false, new Boolean(true), 'Whether to enable document-level permissions, where each document\'s permissions will be merged with the collection\'s permissions to determine who has access to each document individually. [Learn more about permissions](/docs/permissions).')
->param('permissions', null, new Permissions(APP_LIMIT_ARRAY_PARAMS_SIZE), 'An array of permissions strings. By default no user is granted with any permissions. [Learn more about permissions](/docs/permissions).')
->param('documentSecurity', false, new Boolean(true), 'Enables configuring permissions for individual documents. A user needs one of document or collection level permissions to access a document. [Learn more about permissions](/docs/permissions).')
->inject('response')
->inject('dbForProject')
->inject('events')
@ -732,8 +732,8 @@ App::put('/v1/databases/:databaseId/collections/:collectionId')
->param('databaseId', '', new UID(), 'Database ID.')
->param('collectionId', '', new UID(), 'Collection ID.')
->param('name', null, new Text(128), 'Collection name. Max length: 128 chars.')
->param('permissions', null, new Permissions(APP_LIMIT_ARRAY_PARAMS_SIZE), 'An array of permission strings. By default the current permission are inherited. [Learn more about permissions](/docs/permissions) and get a full list of available permissions.', true)
->param('documentSecurity', false, new Boolean(true), 'Whether to enable document-level permissions, where each document\'s permissions will be merged with the collection\'s permissions to determine who has access to each document individually. [Learn more about permissions](/docs/permissions).')
->param('permissions', null, new Permissions(APP_LIMIT_ARRAY_PARAMS_SIZE), 'An array of permission strings. By default the current permission are inherited. [Learn more about permissions](/docs/permissions).', true)
->param('documentSecurity', false, new Boolean(true), 'Enables configuring permissions for individual documents. A user needs one of document or collection level permissions to access a document. [Learn more about permissions](/docs/permissions).')
->param('enabled', true, new Boolean(), 'Is collection enabled?', true)
->inject('response')
->inject('dbForProject')
@ -1817,7 +1817,7 @@ App::post('/v1/databases/:databaseId/collections/:collectionId/documents')
->param('documentId', '', new CustomId(), 'Document ID. Choose your own unique ID or pass the string "unique()" to auto generate it. Valid chars are a-z, A-Z, 0-9, period, hyphen, and underscore. Can\'t start with a special char. Max length is 36 chars.')
->param('collectionId', null, new UID(), 'Collection ID. You can create a new collection using the Database service [server integration](https://appwrite.io/docs/server/databases#databasesCreateCollection). Make sure to define attributes before creating documents.')
->param('data', [], new JSON(), 'Document data as JSON object.')
->param('permissions', null, new Permissions(APP_LIMIT_ARRAY_PARAMS_SIZE, [Database::PERMISSION_READ, Database::PERMISSION_UPDATE, Database::PERMISSION_DELETE]), 'An array of permissions strings. By default the current user is granted with all permissions. [Learn more about permissions](/docs/permissions) and get a full list of available permissions.', true)
->param('permissions', null, new Permissions(APP_LIMIT_ARRAY_PARAMS_SIZE, [Database::PERMISSION_READ, Database::PERMISSION_UPDATE, Database::PERMISSION_DELETE]), 'An array of permissions strings. By default the current user is granted with all permissions. [Learn more about permissions](/docs/permissions).', true)
->inject('response')
->inject('dbForProject')
->inject('user')
@ -2225,7 +2225,7 @@ App::patch('/v1/databases/:databaseId/collections/:collectionId/documents/:docum
->param('collectionId', null, new UID(), 'Collection ID.')
->param('documentId', null, new UID(), 'Document ID.')
->param('data', [], new JSON(), 'Document data as JSON object. Include only attribute and value pairs to be updated.', true)
->param('permissions', null, new Permissions(APP_LIMIT_ARRAY_PARAMS_SIZE), 'An array of permissions strings. By default the current permissions are inherited. [Learn more about permissions](/docs/permissions) and get a full list of available permissions.', true)
->param('permissions', null, new Permissions(APP_LIMIT_ARRAY_PARAMS_SIZE), 'An array of permissions strings. By default the current permissions are inherited. [Learn more about permissions](/docs/permissions).', true)
->inject('response')
->inject('dbForProject')
->inject('events')

4
app/controllers/api/functions.php
View file

@ -57,7 +57,7 @@ App::post('/v1/functions')
->label('sdk.response.model', Response::MODEL_FUNCTION)
->param('functionId', '', new CustomId(), 'Function ID. Choose your own unique ID or pass the string "unique()" to auto generate it. Valid chars are a-z, A-Z, 0-9, period, hyphen, and underscore. Can\'t start with a special char. Max length is 36 chars.')
->param('name', '', new Text(128), 'Function name. Max length: 128 chars.')
->param('execute', [], new Roles(APP_LIMIT_ARRAY_PARAMS_SIZE), 'An array of strings with execution roles. By default no user is granted with any execute permissions. [learn more about permissions](https://appwrite.io/docs/permissions) and get a full list of available permissions. Maximum of ' . APP_LIMIT_ARRAY_PARAMS_SIZE . ' scopes are allowed, each 64 characters long.')
->param('execute', [], new Roles(APP_LIMIT_ARRAY_PARAMS_SIZE), 'An array of strings with execution roles. By default no user is granted with any execute permissions. [learn more about permissions](https://appwrite.io/docs/permissions). Maximum of ' . APP_LIMIT_ARRAY_PARAMS_SIZE . ' roles are allowed, each 64 characters long.')
->param('runtime', '', new WhiteList(array_keys(Config::getParam('runtimes')), true), 'Execution runtime.')
->param('vars', [], new Assoc(), 'Key-value JSON object that will be passed to the function as environment variables.', true)
->param('events', [], new ArrayList(new ValidatorEvent(), APP_LIMIT_ARRAY_PARAMS_SIZE), 'Events list. Maximum of ' . APP_LIMIT_ARRAY_PARAMS_SIZE . ' events are allowed.', true)
@ -415,7 +415,7 @@ App::put('/v1/functions/:functionId')
->label('sdk.response.model', Response::MODEL_FUNCTION)
->param('functionId', '', new UID(), 'Function ID.')
->param('name', '', new Text(128), 'Function name. Max length: 128 chars.')
->param('execute', [], new Roles(APP_LIMIT_ARRAY_PARAMS_SIZE), 'An array of strings with execution roles. By default no user is granted with any execute permissions. [learn more about permissions](https://appwrite.io/docs/permissions) and get a full list of available permissions. Maximum of ' . APP_LIMIT_ARRAY_PARAMS_SIZE . ' scopes are allowed, each 64 characters long.')
->param('execute', [], new Roles(APP_LIMIT_ARRAY_PARAMS_SIZE), 'An array of strings with execution roles. By default no user is granted with any execute permissions. [learn more about permissions](https://appwrite.io/docs/permissions). Maximum of ' . APP_LIMIT_ARRAY_PARAMS_SIZE . ' roles are allowed, each 64 characters long.')
->param('vars', [], new Assoc(), 'Key-value JSON object that will be passed to the function as environment variables.', true)
->param('events', [], new ArrayList(new ValidatorEvent(), APP_LIMIT_ARRAY_PARAMS_SIZE), 'Events list. Maximum of ' . APP_LIMIT_ARRAY_PARAMS_SIZE . ' events are allowed.', true)
->param('schedule', '', new Cron(), 'Schedule CRON syntax.', true)

28
app/controllers/api/storage.php
View file

@ -59,8 +59,8 @@ App::post('/v1/storage/buckets')
->label('sdk.response.model', Response::MODEL_BUCKET)
->param('bucketId', '', new CustomId(), 'Unique Id. Choose your own unique ID or pass the string `unique()` to auto generate it. Valid chars are a-z, A-Z, 0-9, period, hyphen, and underscore. Can\'t start with a special char. Max length is 36 chars.')
->param('name', '', new Text(128), 'Bucket name')
->param('permissions', null, new Permissions(APP_LIMIT_ARRAY_PARAMS_SIZE), 'An array of permission strings. By default no user is granted with any permissions. [Learn more about permissions](/docs/permissions) and get a full list of available permissions.', true)
->param('fileSecurity', false, new Boolean(true), 'Whether to enable file-level permissions, where each file\'s permissions will be merged with the bucket\'s permissions to determine who has access to each file individually. [Learn more about permissions](/docs/permissions).')
->param('permissions', null, new Permissions(APP_LIMIT_ARRAY_PARAMS_SIZE), 'An array of permission strings. By default no user is granted with any permissions. [Learn more about permissions](/docs/permissions).', true)
->param('fileSecurity', false, new Boolean(true), 'Enables configuring permissions for individual file. A user needs one of file or bucket level permissions to access a file. [Learn more about permissions](/docs/permissions).')
->param('enabled', true, new Boolean(true), 'Is bucket enabled?', true)
->param('maximumFileSize', (int) App::getEnv('_APP_STORAGE_LIMIT', 0), new Range(1, (int) App::getEnv('_APP_STORAGE_LIMIT', 0)), 'Maximum file size allowed in bytes. Maximum allowed value is ' . Storage::human(App::getEnv('_APP_STORAGE_LIMIT', 0), 0) . '. For self-hosted setups you can change the max limit by changing the `_APP_STORAGE_LIMIT` environment variable. [Learn more about storage environment variables](docs/environment-variables#storage)', true)
->param('allowedFileExtensions', [], new ArrayList(new Text(64), APP_LIMIT_ARRAY_PARAMS_SIZE), 'Allowed file extensions. Maximum of ' . APP_LIMIT_ARRAY_PARAMS_SIZE . ' extensions are allowed, each 64 characters long.', true)
@ -116,10 +116,10 @@ App::post('/v1/storage/buckets')
'name' => $name,
'maximumFileSize' => $maximumFileSize,
'allowedFileExtensions' => $allowedFileExtensions,
'fileSecurity' => (bool) filter_var($fileSecurity, FILTER_VALIDATE_BOOLEAN),
'enabled' => (bool) filter_var($enabled, FILTER_VALIDATE_BOOLEAN),
'encryption' => (bool) filter_var($encryption, FILTER_VALIDATE_BOOLEAN),
'antivirus' => (bool) filter_var($antivirus, FILTER_VALIDATE_BOOLEAN),
'fileSecurity' => $fileSecurity,
'enabled' => $enabled,
'encryption' => $encryption,
'antivirus' => $antivirus,
'search' => implode(' ', [$bucketId, $name]),
]));
@ -228,8 +228,8 @@ App::put('/v1/storage/buckets/:bucketId')
->label('sdk.response.model', Response::MODEL_BUCKET)
->param('bucketId', '', new UID(), 'Bucket unique ID.')
->param('name', null, new Text(128), 'Bucket name', false)
->param('permissions', null, new Permissions(APP_LIMIT_ARRAY_PARAMS_SIZE), 'An array of permission strings. By default the current permissions are inherited. [Learn more about permissions](/docs/permissions) and get a full list of available permissions.', true)
->param('fileSecurity', false, new Boolean(true), 'Whether to enable file-level permissions, where each file\'s permissions will be merged with the bucket\'s permissions to determine who has access to each file individually. [Learn more about permissions](/docs/permissions).')
->param('permissions', null, new Permissions(APP_LIMIT_ARRAY_PARAMS_SIZE), 'An array of permission strings. By default the current permissions are inherited. [Learn more about permissions](/docs/permissions).', true)
->param('fileSecurity', false, new Boolean(true), 'Enables configuring permissions for individual file. A user needs one of file or bucket level permissions to access a file. [Learn more about permissions](/docs/permissions).')
->param('enabled', true, new Boolean(true), 'Is bucket enabled?', true)
->param('maximumFileSize', null, new Range(1, (int) App::getEnv('_APP_STORAGE_LIMIT', 0)), 'Maximum file size allowed in bytes. Maximum allowed value is ' . Storage::human((int)App::getEnv('_APP_STORAGE_LIMIT', 0), 0) . '. For self hosted version you can change the limit by changing _APP_STORAGE_LIMIT environment variable. [Learn more about storage environment variables](docs/environment-variables#storage)', true)
->param('allowedFileExtensions', [], new ArrayList(new Text(64), APP_LIMIT_ARRAY_PARAMS_SIZE), 'Allowed file extensions. Maximum of ' . APP_LIMIT_ARRAY_PARAMS_SIZE . ' extensions are allowed, each 64 characters long.', true)
@ -264,10 +264,10 @@ App::put('/v1/storage/buckets/:bucketId')
->setAttribute('$permissions', $permissions)
->setAttribute('maximumFileSize', $maximumFileSize)
->setAttribute('allowedFileExtensions', $allowedFileExtensions)
->setAttribute('fileSecurity', (bool) filter_var($fileSecurity, FILTER_VALIDATE_BOOLEAN))
->setAttribute('enabled', (bool) filter_var($enabled, FILTER_VALIDATE_BOOLEAN))
->setAttribute('encryption', (bool) filter_var($encryption, FILTER_VALIDATE_BOOLEAN))
->setAttribute('antivirus', (bool) filter_var($antivirus, FILTER_VALIDATE_BOOLEAN)));
->setAttribute('fileSecurity', $fileSecurity)
->setAttribute('enabled', $enabled)
->setAttribute('encryption', $encryption)
->setAttribute('antivirus', $antivirus));
$events
->setParam('bucketId', $bucket->getId())
@ -338,7 +338,7 @@ App::post('/v1/storage/buckets/:bucketId/files')
->param('bucketId', null, new UID(), 'Storage bucket unique ID. You can create a new storage bucket using the Storage service [server integration](/docs/server/storage#createBucket).')
->param('fileId', '', new CustomId(), 'File ID. Choose your own unique ID or pass the string "unique()" to auto generate it. Valid chars are a-z, A-Z, 0-9, period, hyphen, and underscore. Can\'t start with a special char. Max length is 36 chars.')
->param('file', [], new File(), 'Binary file.', false)
->param('permissions', null, new Permissions(APP_LIMIT_ARRAY_PARAMS_SIZE, [Database::PERMISSION_READ, Database::PERMISSION_UPDATE, Database::PERMISSION_DELETE]), 'An array of permission strings. By default the current user is granted with all permissions. [Learn more about permissions](/docs/permissions) and get a full list of available permissions.', true)
->param('permissions', null, new Permissions(APP_LIMIT_ARRAY_PARAMS_SIZE, [Database::PERMISSION_READ, Database::PERMISSION_UPDATE, Database::PERMISSION_DELETE]), 'An array of permission strings. By default the current user is granted with all permissions. [Learn more about permissions](/docs/permissions).', true)
->inject('request')
->inject('response')
->inject('dbForProject')
@ -1213,7 +1213,7 @@ App::put('/v1/storage/buckets/:bucketId/files/:fileId')
->label('sdk.response.model', Response::MODEL_FILE)
->param('bucketId', null, new UID(), 'Storage bucket unique ID. You can create a new storage bucket using the Storage service [server integration](/docs/server/storage#createBucket).')
->param('fileId', '', new UID(), 'File unique ID.')
->param('permissions', null, new Permissions(APP_LIMIT_ARRAY_PARAMS_SIZE), 'An array of permission string. By default the current permissions are inherited. [Learn more about permissions](/docs/permissions) and get a full list of available permissions.', true)
->param('permissions', null, new Permissions(APP_LIMIT_ARRAY_PARAMS_SIZE), 'An array of permission string. By default the current permissions are inherited. [Learn more about permissions](/docs/permissions).', true)
->inject('response')
->inject('dbForProject')
->inject('user')

69
app/views/console/settings/index.phtml
View file

@ -1,4 +1,8 @@
<?php
use Utopia\Database\Permission;
use Utopia\Database\Role;
$services = $this->getParam('services', []);
$customDomainsEnabled = $this->getParam('customDomainsEnabled', false);
$customDomainsTarget = $this->getParam('customDomainsTarget', false);
@ -57,24 +61,11 @@ $smtpEnabled = $this->getParam('smtpEnabled', false);
<label for="logo">Project Logo</label>
<div class="text-align-center clear">
<input type="hidden" name="logo" data-ls-bind="{{console-project.logo}}" data-read="<?php echo $this->escape(json_encode(['any'])); ?>" data-write="<?php echo $this->escape(json_encode(['team:{{console-project.teamId}}'])); ?>" data-accept="image/*" data-forms-upload="" data-label-button="Upload" data-preview-alt="Project Logo" data-scope="console" data-default="">
<input type="hidden" name="logo" data-ls-bind="{{console-project.logo}}" data-permissions="<?php echo $this->escape(\json_encode([Permission::read(Role::any()), Permission::update(Role::team('{{console-project.teamId}}')), Permission::delete(Role::team('{{console-project.teamId}}'))])); ?>" data-accept="image/*" data-forms-upload="" data-label-button="Upload" data-preview-alt="Project Logo" data-scope="console" data-default="">
</div>
<hr />
<!-- <div data-ls-if="0 !== {{console-domains|activeDomainsCount}}">
<label for="name">Custom API Endpoints</label>
<ul data-ls-loop="console-domains" data-ls-as="domain">
<li>
<div class="input-copy" data-ls-if="true === {{domain.verification}} && {{domain.certificateId}}">
<input data-forms-copy type="text" disabled data-ls-bind="{{env.PROTOCOL}}://{{domain.domain}}/v1" />
</div>
</li>
</ul>
</div> -->
<button class="" type="submit">Update</button>
</form>
</div>
@ -144,57 +135,7 @@ $smtpEnabled = $this->getParam('smtpEnabled', false);
</div>
</div>
</li>
<!-- <li data-state="/console/settings/privacy?project={{router.params.project}}">
<form
data-service="projects.update"
data-scope="console"
data-event="submit"
data-param-project-id="{{router.params.project}}"
data-success="alert,trigger"
data-success-param-alert-text="Updated project successfully"
data-success-param-trigger-events="projects.update"
data-failure="alert"
data-failure-param-alert-text="Failed to update project"
data-failure-param-alert-classname="error">
<h2>Privacy & Legal</h2>
<div class="box margin-bottom">
<input name="$id" type="hidden" data-ls-bind="{{console-project.$id}}" />
<div class="row thin">
<div class="col span-6">
<label for="legalName">Legal Name</label>
<input name="legalName" id="legalName" type="text" autocomplete="off" data-ls-bind="{{console-project.legalName}}" data-forms-text-direction>
<label for="legalCountry">Country</label>
<select id="legalCountry" name="legalCountry" data-ls-bind="{{console-project.legalCountry}}" data-ls-loop="locale-countries" data-ls-as="option">
<option data-ls-attrs="value={{$index}}" data-ls-bind="{{option}}"></option>
</select>
<label for="legalCity">City</label>
<input name="legalCity" id="legalCity" type="text" autocomplete="off" data-ls-bind="{{console-project.legalCity}}" data-forms-text-direction>
</div>
<div class="col span-6">
<label for="legalTaxId">Tax ID</label>
<input name="legalTaxId" id="legalTaxId" type="text" autocomplete="off" data-ls-bind="{{console-project.legalTaxId}}" data-forms-text-direction>
<label for="legalState">State</label>
<input name="legalState" id="legalState" type="text" autocomplete="off" data-ls-bind="{{console-project.legalState}}" data-forms-text-direction>
<label for="legalAddress">Address</label>
<input name="legalAddress" id="legalAddress" type="text" autocomplete="off" data-ls-bind="{{console-project.legalAddress}}" data-forms-text-direction>
</div>
</div>
<hr />
<button class="" type="submit">Update</button>
</div>
</form>
</li> -->
<li data-state="/console/settings/services?project={{router.params.project}}">
<h2>Services</h2>

6
composer.json
View file

@ -45,13 +45,13 @@
"appwrite/php-runtimes": "0.11.*",
"utopia-php/framework": "0.21.*",
"utopia-php/logger": "0.3.*",
"utopia-php/abuse": "0.11.*",
"utopia-php/abuse": "0.12.*",
"utopia-php/analytics": "0.2.*",
"utopia-php/audit": "0.12.*",
"utopia-php/audit": "0.13.*",
"utopia-php/cache": "0.6.*",
"utopia-php/cli": "0.13.*",
"utopia-php/config": "0.2.*",
"utopia-php/database": "dev-refactor-permissions as 0.23.0",
"utopia-php/database": "0.24.*",
"utopia-php/locale": "0.4.*",
"utopia-php/registry": "0.5.*",
"utopia-php/preloader": "0.2.*",

49
composer.lock generated
View file

@ -4,7 +4,7 @@
"Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies",
"This file is @generated automatically"
],
"content-hash": "64351ec59c6d50023ef9f6195777709b",
"content-hash": "1145ff29befcc4aa21b5002da0b8319c",
"packages": [
{
"name": "adhocore/jwt",
@ -1733,23 +1733,23 @@
},
{
"name": "utopia-php/abuse",
"version": "0.11.0",
"version": "0.12.0",
"source": {
"type": "git",
"url": "https://github.com/utopia-php/abuse.git",
"reference": "f1096b92a8c47b19b0c55096775c186cab0b0a97"
"reference": "aa1e1aae163ecf8ea81d48857ff55c241dcb695f"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/utopia-php/abuse/zipball/f1096b92a8c47b19b0c55096775c186cab0b0a97",
"reference": "f1096b92a8c47b19b0c55096775c186cab0b0a97",
"url": "https://api.github.com/repos/utopia-php/abuse/zipball/aa1e1aae163ecf8ea81d48857ff55c241dcb695f",
"reference": "aa1e1aae163ecf8ea81d48857ff55c241dcb695f",
"shasum": ""
},
"require": {
"ext-curl": "*",
"ext-pdo": "*",
"php": ">=8.0",
"utopia-php/database": "0.23.0"
"utopia-php/database": "0.24.0"
},
"require-dev": {
"phpunit/phpunit": "^9.4",
@ -1781,9 +1781,9 @@
],
"support": {
"issues": "https://github.com/utopia-php/abuse/issues",
"source": "https://github.com/utopia-php/abuse/tree/0.11.0"
"source": "https://github.com/utopia-php/abuse/tree/0.12.0"
},
"time": "2022-08-19T08:47:17+00:00"
"time": "2022-08-27T09:50:09+00:00"
},
{
"name": "utopia-php/analytics",
@ -1842,22 +1842,22 @@
},
{
"name": "utopia-php/audit",
"version": "0.12.0",
"version": "0.13.0",
"source": {
"type": "git",
"url": "https://github.com/utopia-php/audit.git",
"reference": "fe5d2372d9c7f0e1abcf85eaf59ebeaa6f572168"
"reference": "a2f30ccfba7a61b1718b9ebd4557ed0d8a4dcb5b"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/utopia-php/audit/zipball/fe5d2372d9c7f0e1abcf85eaf59ebeaa6f572168",
"reference": "fe5d2372d9c7f0e1abcf85eaf59ebeaa6f572168",
"url": "https://api.github.com/repos/utopia-php/audit/zipball/a2f30ccfba7a61b1718b9ebd4557ed0d8a4dcb5b",
"reference": "a2f30ccfba7a61b1718b9ebd4557ed0d8a4dcb5b",
"shasum": ""
},
"require": {
"ext-pdo": "*",
"php": ">=8.0",
"utopia-php/database": "0.23.0"
"utopia-php/database": "0.24.0"
},
"require-dev": {
"phpunit/phpunit": "^9.3",
@ -1889,9 +1889,9 @@
],
"support": {
"issues": "https://github.com/utopia-php/audit/issues",
"source": "https://github.com/utopia-php/audit/tree/0.12.0"
"source": "https://github.com/utopia-php/audit/tree/0.13.0"
},
"time": "2022-08-19T08:47:16+00:00"
"time": "2022-08-27T09:18:57+00:00"
},
{
"name": "utopia-php/cache",
@ -2052,16 +2052,16 @@
},
{
"name": "utopia-php/database",
"version": "dev-refactor-permissions",
"version": "0.24.0",
"source": {
"type": "git",
"url": "https://github.com/utopia-php/database.git",
"reference": "336df0d08d8bd875acd6b2b87d7b24133aa016f5"
"reference": "7da841d65d87e9f2c242589e58c38880def44dd8"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/utopia-php/database/zipball/336df0d08d8bd875acd6b2b87d7b24133aa016f5",
"reference": "336df0d08d8bd875acd6b2b87d7b24133aa016f5",
"url": "https://api.github.com/repos/utopia-php/database/zipball/7da841d65d87e9f2c242589e58c38880def44dd8",
"reference": "7da841d65d87e9f2c242589e58c38880def44dd8",
"shasum": ""
},
"require": {
@ -2110,9 +2110,9 @@
],
"support": {
"issues": "https://github.com/utopia-php/database/issues",
"source": "https://github.com/utopia-php/database/tree/refactor-permissions"
"source": "https://github.com/utopia-php/database/tree/0.24.0"
},
"time": "2022-08-25T08:19:47+00:00"
"time": "2022-08-27T09:16:05+00:00"
},
{
"name": "utopia-php/domains",
@ -5354,17 +5354,10 @@
"version": "9999999-dev",
"alias": "0.19.5",
"alias_normalized": "0.19.5.0"
},
{
"package": "utopia-php/database",
"version": "dev-refactor-permissions",
"alias": "0.23.0",
"alias_normalized": "0.23.0.0"
}
],
"minimum-stability": "stable",
"stability-flags": {
"utopia-php/database": 20,
"appwrite/sdk-generator": 20
},
"prefer-stable": false,

2
phpunit.xml
View file

@ -13,7 +13,7 @@
</extensions>
<testsuites>
<testsuite name="unit">
<directory>./tests/unit/</directory>
<directory>./tests/unit</directory>
</testsuite>
<testsuite name="e2e">
<file>./tests/e2e/Client.php</file>

2
src/Appwrite/Utopia/Response/Model/Bucket.php
View file

@ -30,7 +30,7 @@ class Bucket extends Model
])
->addRule('$permissions', [
'type' => self::TYPE_STRING,
'description' => 'File permissions. [Learn more about permissions](/docs/permissions) and get a full list of available permissions.',
'description' => 'Bucket permissions. [Learn more about permissions](/docs/permissions).',
'default' => [],
'example' => ['read("any")'],
'array' => true,

2
src/Appwrite/Utopia/Response/Model/Collection.php
View file

@ -30,7 +30,7 @@ class Collection extends Model
])
->addRule('$permissions', [
'type' => self::TYPE_STRING,
'description' => 'Collection permissions. [Learn more about permissions](/docs/permissions) and get a full list of available permissions.',
'description' => 'Collection permissions. [Learn more about permissions](/docs/permissions).',
'default' => '',
'example' => ['read("any")'],
'array' => true

2
src/Appwrite/Utopia/Response/Model/Document.php
View file

@ -56,7 +56,7 @@ class Document extends Any
])
->addRule('$permissions', [
'type' => self::TYPE_STRING,
'description' => 'Document permissions. [Learn more about permissions](/docs/permissions) and get a full list of available permissions.',
'description' => 'Document permissions. [Learn more about permissions](/docs/permissions).',
'default' => '',
'example' => ['read("any")'],
'array' => true,

2
src/Appwrite/Utopia/Response/Model/File.php
View file

@ -36,7 +36,7 @@ class File extends Model
])
->addRule('$permissions', [
'type' => self::TYPE_STRING,
'description' => 'File permissions. [Learn more about permissions](/docs/permissions) and get a full list of available permissions.',
'description' => 'File permissions. [Learn more about permissions](/docs/permissions).',
'default' => [],
'example' => ['read("any")'],
'array' => true,

20
tests/e2e/Services/Databases/DatabasesBase.php
View file

@ -50,10 +50,7 @@ trait DatabasesBase
'name' => 'Movies',
'documentSecurity' => true,
'permissions' => [
Permission::read(Role::any()),
Permission::create(Role::any()),
Permission::update(Role::any()),
Permission::delete(Role::any()),
Permission::create(Role::user($this->getUser()['$id'])),
],
]);
@ -1604,8 +1601,8 @@ trait DatabasesBase
],
'permissions' => [
Permission::read(Role::user($this->getUser()['$id'])),
Permission::update(Role::user(ID::custom($this->getUser()['$id']))),
Permission::delete(Role::user(ID::custom($this->getUser()['$id']))),
Permission::update(Role::user($this->getUser()['$id'])),
Permission::delete(Role::user($this->getUser()['$id'])),
]
]);
@ -2289,13 +2286,20 @@ trait DatabasesBase
$this->assertCount(0, $document['body']['$permissions']);
$this->assertEquals([], $document['body']['$permissions']);
// Check user can still read document due to collection permissions of read("any")
// Check client side can no longer read the document.
$document = $this->client->call(Client::METHOD_GET, '/databases/' . $databaseId . '/collections/' . $data['moviesId'] . '/documents/' . $id, array_merge([
'content-type' => 'application/json',
'x-appwrite-project' => $this->getProject()['$id'],
], $this->getHeaders()));
$this->assertEquals(200, $document['headers']['status-code']);
switch ($this->getSide()) {
case 'client':
$this->assertEquals(404, $document['headers']['status-code']);
break;
case 'server':
$this->assertEquals(200, $document['headers']['status-code']);
break;
}
return $data;
}

6
tests/e2e/Services/Databases/DatabasesPermissionsMemberTest.php
View file

@ -95,6 +95,12 @@ class DatabasesPermissionsMemberTest extends Scope
'users' => 11,
'doconly' => 6,
],
[
'permissions' => [Permission::read(Role::users()), Permission::update(Role::users()), Permission::delete(Role::users())],
'any' => 12,
'users' => 12,
'doconly' => 7,
],
];
}

3
tests/e2e/Services/Functions/FunctionsConsoleClientTest.php
View file

@ -7,6 +7,7 @@ use Tests\E2E\Scopes\ProjectCustom;
use Tests\E2E\Client;
use Tests\E2E\Scopes\SideConsole;
use Utopia\Database\ID;
use Utopia\Database\Role;
class FunctionsConsoleClientTest extends Scope
{
@ -21,7 +22,7 @@ class FunctionsConsoleClientTest extends Scope
], $this->getHeaders()), [
'functionId' => ID::unique(),
'name' => 'Test',
'execute' => ["user:{$this->getUser()['$id']}"],
'execute' => [Role::user($this->getUser()['$id'])->toString()],
'runtime' => 'php-8.0',
'vars' => [
'funcKey1' => 'funcValue1',

2
tests/e2e/Services/Functions/FunctionsCustomClientTest.php
View file

@ -59,7 +59,7 @@ class FunctionsCustomClientTest extends Scope
], [
'functionId' => ID::unique(),
'name' => 'Test',
'execute' => ["user:{$this->getUser()['$id']}"],
'execute' => [Role::user($this->getUser()['$id'])->toString()],
'runtime' => 'php-8.0',
'vars' => [
'funcKey1' => 'funcValue1',

2
tests/e2e/Services/Projects/ProjectsConsoleClientTest.php
View file

@ -396,7 +396,7 @@ class ProjectsConsoleClientTest extends Scope
'x-appwrite-project' => $this->getProject()['$id'],
], $this->getHeaders()), [
'provider' => 'unknown',
'appId' => ID::custom('AppId'),
'appId' => 'AppId',
'secret' => 'Secret',
]);

5
tests/e2e/Services/Realtime/RealtimeCustomClientTest.php
View file

@ -648,10 +648,7 @@ class RealtimeCustomClientTest extends Scope
'collectionId' => ID::unique(),
'name' => 'Actors',
'permissions' => [
Permission::read(Role::users()),
Permission::create(Role::users()),
Permission::update(Role::users()),
Permission::delete(Role::users()),
Permission::create(Role::user($this->getUser()['$id'])),
],
'documentSecurity' => true,
]);

42
tests/unit/Auth/AuthTest.php
View file

@ -371,13 +371,13 @@ class AuthTest extends TestCase
$roles = Auth::getRoles($user);
$this->assertCount(7, $roles);
$this->assertContains('users', $roles);
$this->assertContains('user:123', $roles);
$this->assertContains('team:abc', $roles);
$this->assertContains('team:abc/administrator', $roles);
$this->assertContains('team:abc/moderator', $roles);
$this->assertContains('team:def', $roles);
$this->assertContains('team:def/guest', $roles);
$this->assertContains(Role::users()->toString(), $roles);
$this->assertContains(Role::user(ID::custom('123'))->toString(), $roles);
$this->assertContains(Role::team(ID::custom('abc'))->toString(), $roles);
$this->assertContains(Role::team(ID::custom('abc'), 'administrator')->toString(), $roles);
$this->assertContains(Role::team(ID::custom('abc'), 'moderator')->toString(), $roles);
$this->assertContains(Role::team(ID::custom('def'))->toString(), $roles);
$this->assertContains(Role::team(ID::custom('def'), 'guest')->toString(), $roles);
}
public function testPrivilegedUserRoles(): void
@ -405,13 +405,13 @@ class AuthTest extends TestCase
$roles = Auth::getRoles($user);
$this->assertCount(5, $roles);
$this->assertNotContains('users', $roles);
$this->assertNotContains('user:123', $roles);
$this->assertContains('team:abc', $roles);
$this->assertContains('team:abc/administrator', $roles);
$this->assertContains('team:abc/moderator', $roles);
$this->assertContains('team:def', $roles);
$this->assertContains('team:def/guest', $roles);
$this->assertNotContains(Role::users()->toString(), $roles);
$this->assertNotContains(Role::user(ID::custom('123'))->toString(), $roles);
$this->assertContains(Role::team(ID::custom('abc'))->toString(), $roles);
$this->assertContains(Role::team(ID::custom('abc'), 'administrator')->toString(), $roles);
$this->assertContains(Role::team(ID::custom('abc'), 'moderator')->toString(), $roles);
$this->assertContains(Role::team(ID::custom('def'))->toString(), $roles);
$this->assertContains(Role::team(ID::custom('def'), 'guest')->toString(), $roles);
}
public function testAppUserRoles(): void
@ -439,12 +439,12 @@ class AuthTest extends TestCase
$roles = Auth::getRoles($user);
$this->assertCount(5, $roles);
$this->assertNotContains('users', $roles);
$this->assertNotContains('user:123', $roles);
$this->assertContains('team:abc', $roles);
$this->assertContains('team:abc/administrator', $roles);
$this->assertContains('team:abc/moderator', $roles);
$this->assertContains('team:def', $roles);
$this->assertContains('team:def/guest', $roles);
$this->assertNotContains(Role::users()->toString(), $roles);
$this->assertNotContains(Role::user(ID::custom('123'))->toString(), $roles);
$this->assertContains(Role::team(ID::custom('abc'))->toString(), $roles);
$this->assertContains(Role::team(ID::custom('abc'), 'administrator')->toString(), $roles);
$this->assertContains(Role::team(ID::custom('abc'), 'moderator')->toString(), $roles);
$this->assertContains(Role::team(ID::custom('def'))->toString(), $roles);
$this->assertContains(Role::team(ID::custom('def'), 'guest')->toString(), $roles);
}
}

4
tests/unit/Messaging/MessagingChannelsTest.php
View file

@ -58,7 +58,7 @@ class MessagingChannelsTest extends TestCase
'roles' => [
empty($index % 2)
? Auth::USER_ROLE_ADMIN
: Role::users()->toString(),
: 'member',
]
]
]
@ -288,7 +288,7 @@ class MessagingChannelsTest extends TestCase
ID::custom('team' . $index),
(empty($index % 2)
? Auth::USER_ROLE_ADMIN
: Role::users()->toString())
: 'member')
)->toString()
];