CodeMirror/appwrite
1
0
Fork 0
mirror of synced 2024-10-03 02:37:40 +13:00
Code Issues Projects Releases Wiki Activity

Use plain param to allow validating against collection attributes

Browse source
This commit is contained in:
Jake Barnby 2023-03-23 17:32:44 +13:00
parent f9f7af8759
commit f974477ecc
No known key found for this signature in database
GPG key ID: C437A8CC85B96E9C
1 changed files with 8 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

11
app/controllers/api/databases.php
View file

@ -2800,14 +2800,12 @@ App::get('/v1/databases/:databaseId/collections/:collectionId/documents/:documen
->param('databaseId', '', new UID(), 'Database ID.')
->param('collectionId', '', new UID(), 'Collection ID. You can create a new collection using the Database service [server integration](https://appwrite.io/docs/server/databases#databasesCreateCollection).')
->param('documentId', '', new UID(), 'Document ID.')
->param('queries', [], new Queries(new Select()), 'Array of query strings generated using the Query class provided by the SDK. [Learn more about queries](https://appwrite.io/docs/databases#querying-documents). Only supported methods are limit and offset', true)
->param('queries', [], new ArrayList(new Text(APP_LIMIT_ARRAY_ELEMENT_SIZE), APP_LIMIT_ARRAY_PARAMS_SIZE), 'Array of query strings generated using the Query class provided by the SDK. [Learn more about queries](https://appwrite.io/docs/databases#querying-documents). Only method allowed is select.', true)
->inject('response')
->inject('dbForProject')
->inject('mode')
->action(function (string $databaseId, string $collectionId, string $documentId, array $queries, Response $response, Database $dbForProject, string $mode) {
var_dump($queries);
$database = Authorization::skip(fn () => $dbForProject->getDocument('databases', $databaseId));
if ($database->isEmpty()) {
@ -2822,6 +2820,13 @@ App::get('/v1/databases/:databaseId/collections/:collectionId/documents/:documen
}
}
// Validate queries
$queriesValidator = new Queries(new Select($collection->getAttribute('attributes')));
$validQueries = $queriesValidator->isValid($queries);
if (!$validQueries) {
throw new Exception(Exception::GENERAL_ARGUMENT_INVALID, $queriesValidator->getDescription());
}
$documentSecurity = $collection->getAttribute('documentSecurity', false);
$validator = new Authorization(Database::PERMISSION_READ);
$valid = $validator->isValid($collection->getRead());