8f14f5aa21
* database response model * database collection config * new database scopes * database service update * database execption codes * remove read write permission from database model * updating tests and fixing some bugs * server side tests are now passing * databases api * tests for database endpoint * composer update * fix error * formatting * formatting fixes * get database test * more updates to events and usage * more usage updates * fix delete type * fix test * delete database * more fixes * databaseId in attributes and indexes * more fixes * fix issues * fix index subquery * fix console scope and index query * updating tests as required * fix phpcs errors and warnings * updates to review suggestions * UI progress * ui updates and cleaning up * fix type * rework database events * update tests * update types * event generation fixed * events config updated * updating context to support multiple * realtime updates * fix ids * update context * validator updates * fix naming conflict * fix tests * fix lint errors * fix wprler and realtime tests * fix webhooks test * fix event validator and other tests * formatting fixes * removing leftover var_dumps * remove leftover comment * update usage params * usage metrics updates * update database usage * fix usage * specs update * updates to usage * fix UI and usage * fix lints * internal id fixes * fixes for internal Id * renaming services and related files * rename tests * rename doc link * rename readme * fix test name * tests: fixes for 0.15.x sync Co-authored-by: Torsten Dittmann <torsten.dittmann@googlemail.com>
131 lines
5.6 KiB
PHP
131 lines
5.6 KiB
PHP
<?php
|
|
|
|
namespace Tests\E2E\Services\Databases;
|
|
|
|
use Tests\E2E\Client;
|
|
use Tests\E2E\Scopes\Scope;
|
|
use Tests\E2E\Scopes\ProjectCustom;
|
|
use Tests\E2E\Scopes\SideClient;
|
|
|
|
class DatabasesCustomClientTest extends Scope
|
|
{
|
|
use DatabasesBase;
|
|
use ProjectCustom;
|
|
use SideClient;
|
|
|
|
public function testUpdateWithoutPermission(): array
|
|
{
|
|
// If document has been created by server and client tried to update it without adjusting permissions, permission validation should be skipped
|
|
|
|
// As a part of preparation, we get ID of currently logged-in user
|
|
$response = $this->client->call(Client::METHOD_GET, '/account', array_merge([
|
|
'content-type' => 'application/json',
|
|
'x-appwrite-project' => $this->getProject()['$id'],
|
|
'x-appwrite-key' => $this->getProject()['apiKey']
|
|
], $this->getHeaders()));
|
|
$this->assertEquals(200, $response['headers']['status-code']);
|
|
|
|
$userId = $response['body']['$id'];
|
|
|
|
$database = $this->client->call(Client::METHOD_POST, '/databases', array_merge([
|
|
'content-type' => 'application/json',
|
|
'x-appwrite-project' => $this->getProject()['$id'],
|
|
'x-appwrite-key' => $this->getProject()['apiKey']
|
|
]), [
|
|
'databaseId' => 'permissionCheckDatabase',
|
|
'name' => 'Test Database',
|
|
]);
|
|
$this->assertEquals(201, $database['headers']['status-code']);
|
|
$this->assertEquals('Test Database', $database['body']['name']);
|
|
|
|
$databaseId = $database['body']['$id'];
|
|
// Create collection
|
|
$response = $this->client->call(Client::METHOD_POST, '/databases/' . $databaseId . '/collections', array_merge([
|
|
'content-type' => 'application/json',
|
|
'x-appwrite-project' => $this->getProject()['$id'],
|
|
'x-appwrite-key' => $this->getProject()['apiKey']
|
|
]), [
|
|
'collectionId' => 'permissionCheck',
|
|
'name' => 'permissionCheck',
|
|
'read' => [],
|
|
'write' => [],
|
|
'permission' => 'document'
|
|
]);
|
|
$this->assertEquals(201, $response['headers']['status-code']);
|
|
|
|
// Add attribute to collection
|
|
$response = $this->client->call(Client::METHOD_POST, '/databases/' . $databaseId . '/collections/permissionCheck/attributes/string', array_merge([
|
|
'content-type' => 'application/json',
|
|
'x-appwrite-project' => $this->getProject()['$id'],
|
|
'x-appwrite-key' => $this->getProject()['apiKey']
|
|
]), [
|
|
'key' => 'name',
|
|
'size' => 255,
|
|
'required' => true,
|
|
]);
|
|
$this->assertEquals(201, $response['headers']['status-code']);
|
|
|
|
// Wait for database worker to finish creating attributes
|
|
sleep(2);
|
|
|
|
// Creating document by server, give read permission to our user + some other user
|
|
$response = $this->client->call(Client::METHOD_POST, '/databases/' . $databaseId . '/collections/permissionCheck/documents', array_merge([
|
|
'content-type' => 'application/json',
|
|
'x-appwrite-project' => $this->getProject()['$id'],
|
|
'x-appwrite-key' => $this->getProject()['apiKey']
|
|
]), [
|
|
'documentId' => 'permissionCheckDocument',
|
|
'data' => [
|
|
'name' => 'AppwriteBeginner',
|
|
],
|
|
'read' => ['user:' . $userId, 'user:user2'],
|
|
'write' => ['user:' . $userId],
|
|
]);
|
|
$this->assertEquals(201, $response['headers']['status-code']);
|
|
|
|
// Update document
|
|
// This is the point of this test. We should be allowed to do this action, and it should not fail on permission check
|
|
$response = $this->client->call(Client::METHOD_PATCH, '/databases/' . $databaseId . '/collections/permissionCheck/documents/permissionCheckDocument', array_merge([
|
|
'content-type' => 'application/json',
|
|
'x-appwrite-project' => $this->getProject()['$id'],
|
|
], $this->getHeaders()), [
|
|
'data' => [
|
|
'name' => 'AppwriteExpert',
|
|
]
|
|
]);
|
|
$this->assertEquals(200, $response['headers']['status-code']);
|
|
|
|
// Get name of the document, should be the new one
|
|
$response = $this->client->call(Client::METHOD_GET, '/databases/' . $databaseId . '/collections/permissionCheck/documents/permissionCheckDocument', array_merge([
|
|
'content-type' => 'application/json',
|
|
'x-appwrite-project' => $this->getProject()['$id'],
|
|
], $this->getHeaders()));
|
|
$this->assertEquals(200, $response['headers']['status-code']);
|
|
$this->assertEquals("AppwriteExpert", $response['body']['name']);
|
|
|
|
// Cleanup to prevent collision with other tests
|
|
// Delete collection
|
|
$response = $this->client->call(Client::METHOD_DELETE, '/databases/' . $databaseId . '/collections/permissionCheck', array_merge([
|
|
'content-type' => 'application/json',
|
|
'x-appwrite-project' => $this->getProject()['$id'],
|
|
'x-appwrite-key' => $this->getProject()['apiKey']
|
|
]));
|
|
|
|
$this->assertEquals(204, $response['headers']['status-code']);
|
|
|
|
|
|
// Wait for database worker to finish deleting collection
|
|
sleep(2);
|
|
|
|
// Make sure collection has been deleted
|
|
$response = $this->client->call(Client::METHOD_GET, '/databases/' . $databaseId . '/collections/permissionCheck', array_merge([
|
|
'content-type' => 'application/json',
|
|
'x-appwrite-project' => $this->getProject()['$id'],
|
|
'x-appwrite-key' => $this->getProject()['apiKey']
|
|
]));
|
|
$this->assertEquals(404, $response['headers']['status-code']);
|
|
|
|
return [];
|
|
}
|
|
}
|