From 8f831b2be35998d849a0d1ee9c7224174158a771 Mon Sep 17 00:00:00 2001 From: gepd Date: Mon, 6 Jun 2022 18:27:05 -0400 Subject: [PATCH 01/19] Allows to update permissions without payload --- app/controllers/api/database.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/app/controllers/api/database.php b/app/controllers/api/database.php index 0ed47d4b5f..228420f353 100644 --- a/app/controllers/api/database.php +++ b/app/controllers/api/database.php @@ -1992,8 +1992,8 @@ App::patch('/v1/database/collections/:collectionId/documents/:documentId') $data = (\is_string($data)) ? \json_decode($data, true) : $data; // Cast to JSON array - if (empty($data)) { - throw new Exception('Missing payload', 400); + if (empty($data) && empty($read) && empty($write)) { + throw new Exception('Missing payload or read/write permissions', 400); } if (!\is_array($data)) { From 3cf26d19bcd0b31175f283bf4fd2b53882648bbe Mon Sep 17 00:00:00 2001 From: gepd Date: Tue, 7 Jun 2022 21:08:11 -0400 Subject: [PATCH 02/19] make data optional --- app/controllers/api/database.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/controllers/api/database.php b/app/controllers/api/database.php index 1e67f4d4e6..2a36f2b5f7 100644 --- a/app/controllers/api/database.php +++ b/app/controllers/api/database.php @@ -1868,7 +1868,7 @@ App::patch('/v1/database/collections/:collectionId/documents/:documentId') ->inject('usage') ->inject('events') ->inject('mode') - ->action(function (string $collectionId, string $documentId, string|array $data, ?array $read, ?array $write, Response $response, Database $dbForProject, EventAudit $audits, Stats $usage, Event $events, string $mode) { + ->action(function (string $collectionId, string $documentId, string|array|null $data, ?array $read, ?array $write, Response $response, Database $dbForProject, EventAudit $audits, Stats $usage, Event $events, string $mode) { /** * Skip Authorization to get the collection. Needed in case of empty permissions for document level permissions. From 2e05afe35abe58c27cb3b90bee5866d1af27de15 Mon Sep 17 00:00:00 2001 From: gepd Date: Wed, 8 Jun 2022 20:49:27 -0400 Subject: [PATCH 03/19] Make param optional from utopia --- app/controllers/api/database.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/controllers/api/database.php b/app/controllers/api/database.php index 2a36f2b5f7..5e8a0a6b1d 100644 --- a/app/controllers/api/database.php +++ b/app/controllers/api/database.php @@ -1859,7 +1859,7 @@ App::patch('/v1/database/collections/:collectionId/documents/:documentId') ->label('sdk.response.model', Response::MODEL_DOCUMENT) ->param('collectionId', null, new UID(), 'Collection ID.') ->param('documentId', null, new UID(), 'Document ID.') - ->param('data', [], new JSON(), 'Document data as JSON object. Include only attribute and value pairs to be updated.') + ->param('data', [], new JSON(), 'Document data as JSON object. Include only attribute and value pairs to be updated.', true) ->param('read', null, new Permissions(), 'An array of strings with read permissions. By default inherits the existing read permissions. [learn more about permissions](https://appwrite.io/docs/permissions) and get a full list of available permissions.', true) ->param('write', null, new Permissions(), 'An array of strings with write permissions. By default inherits the existing write permissions. [learn more about permissions](https://appwrite.io/docs/permissions) and get a full list of available permissions.', true) ->inject('response') From d96b077d222e3a10cf5564ab401517531cb688b8 Mon Sep 17 00:00:00 2001 From: gepd Date: Thu, 9 Jun 2022 15:32:34 -0400 Subject: [PATCH 04/19] remove null as param is already nullable Co-authored-by: Everly Precia Suresh <77877486+everly-gif@users.noreply.github.com> --- app/controllers/api/database.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/controllers/api/database.php b/app/controllers/api/database.php index 5e8a0a6b1d..db5d743ed7 100644 --- a/app/controllers/api/database.php +++ b/app/controllers/api/database.php @@ -1868,7 +1868,7 @@ App::patch('/v1/database/collections/:collectionId/documents/:documentId') ->inject('usage') ->inject('events') ->inject('mode') - ->action(function (string $collectionId, string $documentId, string|array|null $data, ?array $read, ?array $write, Response $response, Database $dbForProject, EventAudit $audits, Stats $usage, Event $events, string $mode) { + ->action(function (string $collectionId, string $documentId, string|array $data, ?array $read, ?array $write, Response $response, Database $dbForProject, EventAudit $audits, Stats $usage, Event $events, string $mode) { /** * Skip Authorization to get the collection. Needed in case of empty permissions for document level permissions. From d1505917a311278863db48a2514afe94e02d3b4b Mon Sep 17 00:00:00 2001 From: gepd Date: Mon, 20 Jun 2022 12:18:00 -0400 Subject: [PATCH 05/19] committed suggested changes MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-authored-by: Matej Bačo --- app/controllers/api/database.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/controllers/api/database.php b/app/controllers/api/database.php index db5d743ed7..abd22d3faf 100644 --- a/app/controllers/api/database.php +++ b/app/controllers/api/database.php @@ -1901,7 +1901,7 @@ App::patch('/v1/database/collections/:collectionId/documents/:documentId') $data = (\is_string($data)) ? \json_decode($data, true) : $data; // Cast to JSON array if (empty($data) && empty($read) && empty($write)) { - throw new Exception('Missing payload or read/write permissions', 400); + throw new Exception('Missing payload or read/write permissions', 400, Exception::DOCUMENT_MISSING_PAYLOAD); } if (!\is_array($data)) { From 7b60a36eead964d880eda4283f79534b22a3e7ab Mon Sep 17 00:00:00 2001 From: gepd Date: Mon, 20 Jun 2022 13:49:34 -0400 Subject: [PATCH 06/19] added test to update permissions with empty payload --- tests/e2e/Services/Database/DatabaseBase.php | 60 ++++++++++++++++++++ 1 file changed, 60 insertions(+) diff --git a/tests/e2e/Services/Database/DatabaseBase.php b/tests/e2e/Services/Database/DatabaseBase.php index f59e5ad56b..0ea07f70bc 100644 --- a/tests/e2e/Services/Database/DatabaseBase.php +++ b/tests/e2e/Services/Database/DatabaseBase.php @@ -2160,6 +2160,66 @@ trait DatabaseBase $this->assertEquals(409, $duplicate['headers']['status-code']); + return $data; + } + + /** + * @depends testCreateIndexes + */ + public function testUpdatePermissionsWithEmptyPayload(array $data): array + { + $document1 = $this->client->call(Client::METHOD_POST, '/database/collections/' . $data['moviesId'] . '/documents', array_merge([ + 'content-type' => 'application/json', + 'x-appwrite-project' => $this->getProject()['$id'], + ], $this->getHeaders()), [ + 'documentId' => 'unique()', + 'data' => [ + 'title' => 'Captain America', + 'releaseYear' => 1944, + 'actors' => [ + 'Chris Evans', + 'Samuel Jackson', + ] + ], + 'read' => ['user:' . $this->getUser()['$id']], + 'write' => ['user:' . $this->getUser()['$id']], + ]); + + $id = $document['body']['$id']; + + $document2 = $this->client->call(Client::METHOD_PATCH, '/database/collections/' . $data['moviesId'] . '/documents/'.$id, array_merge([ + 'content-type' => 'application/json', + 'x-appwrite-project' => $this->getProject()['$id'], + ], $this->getHeaders()), [ + 'read' => [], + 'write' => [], + ]); + + $this->assertEquals($document1['headers']['status-code'], 201); + $this->assertEquals($document1['body']['title'], 'Captain America'); + $this->assertEquals($document1['body']['releaseYear'], 1944); + $this->assertIsArray($document1['body']['$read']); + $this->assertIsArray($document1['body']['$write']); + $this->assertCount(1, $document1['body']['$read']); + $this->assertCount(1, $document1['body']['$write']); + $this->assertCount(2, $document1['body']['actors']); + $this->assertEquals($document1['body']['actors'][0], 'Chris Evans'); + $this->assertEquals($document1['body']['actors'][1], 'Samuel Jackson'); + + if ($this->getSide() == 'client') { + $this->assertEquals($document2['headers']['status-code'], 401); + } + + if ($this->getSide() == 'server') { + $this->assertEquals($document2['headers']['status-code'], 200); + $this->assertEquals($document2['body']['title'], 'Captain America'); + $this->assertEquals($document2['body']['releaseYear'], 1944); + $this->assertCount(0, $document2['body']['$read']); + $this->assertCount(0, $document2['body']['$write']); + $this->assertEquals([], $document2['body']['$read']); + $this->assertEquals([], $document2['body']['$write']); + } + return $data; } } From ca455b380efcf63ea9c52510270af7797a4612d4 Mon Sep 17 00:00:00 2001 From: gepd Date: Mon, 20 Jun 2022 14:03:15 -0400 Subject: [PATCH 07/19] Fixed linting errors --- tests/e2e/Services/Database/DatabaseBase.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tests/e2e/Services/Database/DatabaseBase.php b/tests/e2e/Services/Database/DatabaseBase.php index 0ea07f70bc..17073bd894 100644 --- a/tests/e2e/Services/Database/DatabaseBase.php +++ b/tests/e2e/Services/Database/DatabaseBase.php @@ -2187,7 +2187,7 @@ trait DatabaseBase $id = $document['body']['$id']; - $document2 = $this->client->call(Client::METHOD_PATCH, '/database/collections/' . $data['moviesId'] . '/documents/'.$id, array_merge([ + $document2 = $this->client->call(Client::METHOD_PATCH, '/database/collections/' . $data['moviesId'] . '/documents/' . $id, array_merge([ 'content-type' => 'application/json', 'x-appwrite-project' => $this->getProject()['$id'], ], $this->getHeaders()), [ @@ -2206,7 +2206,7 @@ trait DatabaseBase $this->assertEquals($document1['body']['actors'][0], 'Chris Evans'); $this->assertEquals($document1['body']['actors'][1], 'Samuel Jackson'); - if ($this->getSide() == 'client') { + if ($this->getSide() == 'client') { $this->assertEquals($document2['headers']['status-code'], 401); } From 7cb19a725f79115b5737c84e0c224eca5ef72a23 Mon Sep 17 00:00:00 2001 From: gepd Date: Mon, 20 Jun 2022 14:24:49 -0400 Subject: [PATCH 08/19] fixed minor typo --- tests/e2e/Services/Database/DatabaseBase.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/e2e/Services/Database/DatabaseBase.php b/tests/e2e/Services/Database/DatabaseBase.php index 17073bd894..b0b02f103a 100644 --- a/tests/e2e/Services/Database/DatabaseBase.php +++ b/tests/e2e/Services/Database/DatabaseBase.php @@ -2185,7 +2185,7 @@ trait DatabaseBase 'write' => ['user:' . $this->getUser()['$id']], ]); - $id = $document['body']['$id']; + $id = $document1['body']['$id']; $document2 = $this->client->call(Client::METHOD_PATCH, '/database/collections/' . $data['moviesId'] . '/documents/' . $id, array_merge([ 'content-type' => 'application/json', From 0bade37a260d103628c449afabbabec5ad9ba32c Mon Sep 17 00:00:00 2001 From: gepd Date: Mon, 20 Jun 2022 15:15:49 -0400 Subject: [PATCH 09/19] updated test --- tests/e2e/Services/Database/DatabaseBase.php | 60 +++++++++++--------- 1 file changed, 32 insertions(+), 28 deletions(-) diff --git a/tests/e2e/Services/Database/DatabaseBase.php b/tests/e2e/Services/Database/DatabaseBase.php index b0b02f103a..202206e2ff 100644 --- a/tests/e2e/Services/Database/DatabaseBase.php +++ b/tests/e2e/Services/Database/DatabaseBase.php @@ -2168,7 +2168,7 @@ trait DatabaseBase */ public function testUpdatePermissionsWithEmptyPayload(array $data): array { - $document1 = $this->client->call(Client::METHOD_POST, '/database/collections/' . $data['moviesId'] . '/documents', array_merge([ + $document = $this->client->call(Client::METHOD_POST, '/database/collections/' . $data['moviesId'] . '/documents', array_merge([ 'content-type' => 'application/json', 'x-appwrite-project' => $this->getProject()['$id'], ], $this->getHeaders()), [ @@ -2176,18 +2176,35 @@ trait DatabaseBase 'data' => [ 'title' => 'Captain America', 'releaseYear' => 1944, - 'actors' => [ - 'Chris Evans', - 'Samuel Jackson', - ] + 'actors' => [], ], - 'read' => ['user:' . $this->getUser()['$id']], - 'write' => ['user:' . $this->getUser()['$id']], ]); - $id = $document1['body']['$id']; + $id = $document['body']['$id']; - $document2 = $this->client->call(Client::METHOD_PATCH, '/database/collections/' . $data['moviesId'] . '/documents/' . $id, array_merge([ + $this->assertEquals($document['headers']['status-code'], 201); + $this->assertEquals($document['body']['title'], 'Captain America'); + $this->assertEquals($document['body']['releaseYear'], 1944); + $this->assertIsArray($document['body']['$read']); + $this->assertIsArray($document['body']['$write']); + + if ($this->getSide() == 'client') { + $this->assertCount(1, $document['body']['$read']); + $this->assertCount(1, $document['body']['$write']); + $this->assertEquals(['user:' . $this->getUser()['$id']], $document['body']['$read']); + $this->assertEquals(['user:' . $this->getUser()['$id']], $document['body']['$write']); + } + + if ($this->getSide() == 'server') { + $this->assertCount(0, $document['body']['$read']); + $this->assertCount(0, $document['body']['$write']); + $this->assertEquals([], $document['body']['$read']); + $this->assertEquals([], $document['body']['$write']); + } + + // Reset Permissions + + $document = $this->client->call(Client::METHOD_PATCH, '/database/collections/' . $data['moviesId'] . '/documents/' . $id, array_merge([ 'content-type' => 'application/json', 'x-appwrite-project' => $this->getProject()['$id'], ], $this->getHeaders()), [ @@ -2195,29 +2212,16 @@ trait DatabaseBase 'write' => [], ]); - $this->assertEquals($document1['headers']['status-code'], 201); - $this->assertEquals($document1['body']['title'], 'Captain America'); - $this->assertEquals($document1['body']['releaseYear'], 1944); - $this->assertIsArray($document1['body']['$read']); - $this->assertIsArray($document1['body']['$write']); - $this->assertCount(1, $document1['body']['$read']); - $this->assertCount(1, $document1['body']['$write']); - $this->assertCount(2, $document1['body']['actors']); - $this->assertEquals($document1['body']['actors'][0], 'Chris Evans'); - $this->assertEquals($document1['body']['actors'][1], 'Samuel Jackson'); - if ($this->getSide() == 'client') { - $this->assertEquals($document2['headers']['status-code'], 401); + $this->assertEquals($document['headers']['status-code'], 401); } if ($this->getSide() == 'server') { - $this->assertEquals($document2['headers']['status-code'], 200); - $this->assertEquals($document2['body']['title'], 'Captain America'); - $this->assertEquals($document2['body']['releaseYear'], 1944); - $this->assertCount(0, $document2['body']['$read']); - $this->assertCount(0, $document2['body']['$write']); - $this->assertEquals([], $document2['body']['$read']); - $this->assertEquals([], $document2['body']['$write']); + $this->assertEquals($document['headers']['status-code'], 200); + $this->assertCount(0, $document['body']['$read']); + $this->assertCount(0, $document['body']['$write']); + $this->assertEquals([], $document['body']['$read']); + $this->assertEquals([], $document['body']['$write']); } return $data; From 52757ef89fddda43a488ec2442d0ad5e2bfa48aa Mon Sep 17 00:00:00 2001 From: gepd Date: Mon, 20 Jun 2022 15:53:41 -0400 Subject: [PATCH 10/19] updated test --- tests/e2e/Services/Database/DatabaseBase.php | 128 +++++++++---------- 1 file changed, 64 insertions(+), 64 deletions(-) diff --git a/tests/e2e/Services/Database/DatabaseBase.php b/tests/e2e/Services/Database/DatabaseBase.php index 202206e2ff..9843864150 100644 --- a/tests/e2e/Services/Database/DatabaseBase.php +++ b/tests/e2e/Services/Database/DatabaseBase.php @@ -1294,6 +1294,70 @@ trait DatabaseBase return []; } + /** + * @depends testCreateDocument + */ + public function testUpdatePermissionsWithEmptyPayload(array $data): array + { + $document = $this->client->call(Client::METHOD_POST, '/database/collections/' . $data['moviesId'] . '/documents', array_merge([ + 'content-type' => 'application/json', + 'x-appwrite-project' => $this->getProject()['$id'], + ], $this->getHeaders()), [ + 'documentId' => 'unique()', + 'data' => [ + 'title' => 'Captain America', + 'releaseYear' => 1944, + 'actors' => [], + ], + ]); + + $id = $document['body']['$id']; + + $this->assertEquals($document['headers']['status-code'], 201); + $this->assertEquals($document['body']['title'], 'Captain America'); + $this->assertEquals($document['body']['releaseYear'], 1944); + $this->assertIsArray($document['body']['$read']); + $this->assertIsArray($document['body']['$write']); + + if ($this->getSide() == 'client') { + $this->assertCount(1, $document['body']['$read']); + $this->assertCount(1, $document['body']['$write']); + $this->assertEquals(['user:' . $this->getUser()['$id']], $document['body']['$read']); + $this->assertEquals(['user:' . $this->getUser()['$id']], $document['body']['$write']); + } + + if ($this->getSide() == 'server') { + $this->assertCount(0, $document['body']['$read']); + $this->assertCount(0, $document['body']['$write']); + $this->assertEquals([], $document['body']['$read']); + $this->assertEquals([], $document['body']['$write']); + } + + // Reset Permissions + + $document = $this->client->call(Client::METHOD_PATCH, '/database/collections/' . $data['moviesId'] . '/documents/' . $id, array_merge([ + 'content-type' => 'application/json', + 'x-appwrite-project' => $this->getProject()['$id'], + ], $this->getHeaders()), [ + 'read' => [], + 'write' => [], + ]); + + if ($this->getSide() == 'client') { + $this->assertEquals($document['headers']['status-code'], 401); + } + + if ($this->getSide() == 'server') { + $this->assertEquals($document['headers']['status-code'], 200); + $this->assertCount(0, $document['body']['$read']); + $this->assertCount(0, $document['body']['$write']); + $this->assertEquals([], $document['body']['$read']); + $this->assertEquals([], $document['body']['$write']); + } + + return $data; + } + /** * @depends testCreateDocument */ @@ -2160,70 +2224,6 @@ trait DatabaseBase $this->assertEquals(409, $duplicate['headers']['status-code']); - return $data; - } - - /** - * @depends testCreateIndexes - */ - public function testUpdatePermissionsWithEmptyPayload(array $data): array - { - $document = $this->client->call(Client::METHOD_POST, '/database/collections/' . $data['moviesId'] . '/documents', array_merge([ - 'content-type' => 'application/json', - 'x-appwrite-project' => $this->getProject()['$id'], - ], $this->getHeaders()), [ - 'documentId' => 'unique()', - 'data' => [ - 'title' => 'Captain America', - 'releaseYear' => 1944, - 'actors' => [], - ], - ]); - - $id = $document['body']['$id']; - - $this->assertEquals($document['headers']['status-code'], 201); - $this->assertEquals($document['body']['title'], 'Captain America'); - $this->assertEquals($document['body']['releaseYear'], 1944); - $this->assertIsArray($document['body']['$read']); - $this->assertIsArray($document['body']['$write']); - - if ($this->getSide() == 'client') { - $this->assertCount(1, $document['body']['$read']); - $this->assertCount(1, $document['body']['$write']); - $this->assertEquals(['user:' . $this->getUser()['$id']], $document['body']['$read']); - $this->assertEquals(['user:' . $this->getUser()['$id']], $document['body']['$write']); - } - - if ($this->getSide() == 'server') { - $this->assertCount(0, $document['body']['$read']); - $this->assertCount(0, $document['body']['$write']); - $this->assertEquals([], $document['body']['$read']); - $this->assertEquals([], $document['body']['$write']); - } - - // Reset Permissions - - $document = $this->client->call(Client::METHOD_PATCH, '/database/collections/' . $data['moviesId'] . '/documents/' . $id, array_merge([ - 'content-type' => 'application/json', - 'x-appwrite-project' => $this->getProject()['$id'], - ], $this->getHeaders()), [ - 'read' => [], - 'write' => [], - ]); - - if ($this->getSide() == 'client') { - $this->assertEquals($document['headers']['status-code'], 401); - } - - if ($this->getSide() == 'server') { - $this->assertEquals($document['headers']['status-code'], 200); - $this->assertCount(0, $document['body']['$read']); - $this->assertCount(0, $document['body']['$write']); - $this->assertEquals([], $document['body']['$read']); - $this->assertEquals([], $document['body']['$write']); - } - return $data; } } From 43ed2591d0f81dce08854191cee0d075c8fb6323 Mon Sep 17 00:00:00 2001 From: gepd Date: Mon, 20 Jun 2022 16:28:45 -0400 Subject: [PATCH 11/19] added empty array as default --- tests/e2e/Services/Database/DatabaseBase.php | 1 + 1 file changed, 1 insertion(+) diff --git a/tests/e2e/Services/Database/DatabaseBase.php b/tests/e2e/Services/Database/DatabaseBase.php index 9843864150..7ca908e8a8 100644 --- a/tests/e2e/Services/Database/DatabaseBase.php +++ b/tests/e2e/Services/Database/DatabaseBase.php @@ -1339,6 +1339,7 @@ trait DatabaseBase 'content-type' => 'application/json', 'x-appwrite-project' => $this->getProject()['$id'], ], $this->getHeaders()), [ + 'data' => [], 'read' => [], 'write' => [], ]); From dab6f97a313899e830a6fe635413edc8a3d3e242 Mon Sep 17 00:00:00 2001 From: gepd Date: Mon, 20 Jun 2022 18:24:51 -0400 Subject: [PATCH 12/19] remove dependency --- tests/e2e/Services/Database/DatabaseBase.php | 127 +++++++++---------- 1 file changed, 62 insertions(+), 65 deletions(-) diff --git a/tests/e2e/Services/Database/DatabaseBase.php b/tests/e2e/Services/Database/DatabaseBase.php index 7ca908e8a8..dc9ab1cbd8 100644 --- a/tests/e2e/Services/Database/DatabaseBase.php +++ b/tests/e2e/Services/Database/DatabaseBase.php @@ -1294,71 +1294,6 @@ trait DatabaseBase return []; } - /** - * @depends testCreateDocument - */ - public function testUpdatePermissionsWithEmptyPayload(array $data): array - { - $document = $this->client->call(Client::METHOD_POST, '/database/collections/' . $data['moviesId'] . '/documents', array_merge([ - 'content-type' => 'application/json', - 'x-appwrite-project' => $this->getProject()['$id'], - ], $this->getHeaders()), [ - 'documentId' => 'unique()', - 'data' => [ - 'title' => 'Captain America', - 'releaseYear' => 1944, - 'actors' => [], - ], - ]); - - $id = $document['body']['$id']; - - $this->assertEquals($document['headers']['status-code'], 201); - $this->assertEquals($document['body']['title'], 'Captain America'); - $this->assertEquals($document['body']['releaseYear'], 1944); - $this->assertIsArray($document['body']['$read']); - $this->assertIsArray($document['body']['$write']); - - if ($this->getSide() == 'client') { - $this->assertCount(1, $document['body']['$read']); - $this->assertCount(1, $document['body']['$write']); - $this->assertEquals(['user:' . $this->getUser()['$id']], $document['body']['$read']); - $this->assertEquals(['user:' . $this->getUser()['$id']], $document['body']['$write']); - } - - if ($this->getSide() == 'server') { - $this->assertCount(0, $document['body']['$read']); - $this->assertCount(0, $document['body']['$write']); - $this->assertEquals([], $document['body']['$read']); - $this->assertEquals([], $document['body']['$write']); - } - - // Reset Permissions - - $document = $this->client->call(Client::METHOD_PATCH, '/database/collections/' . $data['moviesId'] . '/documents/' . $id, array_merge([ - 'content-type' => 'application/json', - 'x-appwrite-project' => $this->getProject()['$id'], - ], $this->getHeaders()), [ - 'data' => [], - 'read' => [], - 'write' => [], - ]); - - if ($this->getSide() == 'client') { - $this->assertEquals($document['headers']['status-code'], 401); - } - - if ($this->getSide() == 'server') { - $this->assertEquals($document['headers']['status-code'], 200); - $this->assertCount(0, $document['body']['$read']); - $this->assertCount(0, $document['body']['$write']); - $this->assertEquals([], $document['body']['$read']); - $this->assertEquals([], $document['body']['$write']); - } - - return $data; - } - /** * @depends testCreateDocument */ @@ -2227,4 +2162,66 @@ trait DatabaseBase return $data; } + + public function testUpdatePermissionsWithEmptyPayload(array $data): array + { + $document = $this->client->call(Client::METHOD_POST, '/database/collections/' . $data['moviesId'] . '/documents', array_merge([ + 'content-type' => 'application/json', + 'x-appwrite-project' => $this->getProject()['$id'], + ], $this->getHeaders()), [ + 'documentId' => 'unique()', + 'data' => [ + 'title' => 'Captain America', + 'releaseYear' => 1944, + 'actors' => [], + ], + ]); + + $id = $document['body']['$id']; + + $this->assertEquals($document['headers']['status-code'], 201); + $this->assertEquals($document['body']['title'], 'Captain America'); + $this->assertEquals($document['body']['releaseYear'], 1944); + $this->assertIsArray($document['body']['$read']); + $this->assertIsArray($document['body']['$write']); + + if ($this->getSide() == 'client') { + $this->assertCount(1, $document['body']['$read']); + $this->assertCount(1, $document['body']['$write']); + $this->assertEquals(['user:' . $this->getUser()['$id']], $document['body']['$read']); + $this->assertEquals(['user:' . $this->getUser()['$id']], $document['body']['$write']); + } + + if ($this->getSide() == 'server') { + $this->assertCount(0, $document['body']['$read']); + $this->assertCount(0, $document['body']['$write']); + $this->assertEquals([], $document['body']['$read']); + $this->assertEquals([], $document['body']['$write']); + } + + // Reset Permissions + + $document = $this->client->call(Client::METHOD_PATCH, '/database/collections/' . $data['moviesId'] . '/documents/' . $id, array_merge([ + 'content-type' => 'application/json', + 'x-appwrite-project' => $this->getProject()['$id'], + ], $this->getHeaders()), [ + 'data' => [], + 'read' => [], + 'write' => [], + ]); + + if ($this->getSide() == 'client') { + $this->assertEquals($document['headers']['status-code'], 401); + } + + if ($this->getSide() == 'server') { + $this->assertEquals($document['headers']['status-code'], 200); + $this->assertCount(0, $document['body']['$read']); + $this->assertCount(0, $document['body']['$write']); + $this->assertEquals([], $document['body']['$read']); + $this->assertEquals([], $document['body']['$write']); + } + + return $data; + } } From bfe3cdecc506e1125d5bd0e8a2169ff861dafe6b Mon Sep 17 00:00:00 2001 From: gepd Date: Mon, 20 Jun 2022 18:33:26 -0400 Subject: [PATCH 13/19] create collection and attribute --- tests/e2e/Services/Database/DatabaseBase.php | 41 ++++++++++++++++++-- 1 file changed, 38 insertions(+), 3 deletions(-) diff --git a/tests/e2e/Services/Database/DatabaseBase.php b/tests/e2e/Services/Database/DatabaseBase.php index dc9ab1cbd8..85933f29ff 100644 --- a/tests/e2e/Services/Database/DatabaseBase.php +++ b/tests/e2e/Services/Database/DatabaseBase.php @@ -2165,6 +2165,44 @@ trait DatabaseBase public function testUpdatePermissionsWithEmptyPayload(array $data): array { + // Create collection + $movies = $this->client->call(Client::METHOD_POST, '/database/collections', array_merge([ + 'content-type' => 'application/json', + 'x-appwrite-project' => $this->getProject()['$id'], + 'x-appwrite-key' => $this->getProject()['apiKey'] + ]), [ + 'collectionId' => 'unique()', + 'name' => 'Movies', + 'read' => [], + 'write' => [], + 'permission' => 'document', + ]); + + $this->assertEquals($movies['headers']['status-code'], 201); + $this->assertEquals($movies['body']['name'], 'Movies'); + + // create attribute + + $title = $this->client->call(Client::METHOD_POST, '/database/collections/' . $data['moviesId'] . '/attributes/string', array_merge([ + 'content-type' => 'application/json', + 'x-appwrite-project' => $this->getProject()['$id'], + 'x-appwrite-key' => $this->getProject()['apiKey'] + ]), [ + 'key' => 'title', + 'size' => 256, + 'required' => true, + ]); + + $this->assertEquals($title['headers']['status-code'], 201); + $this->assertEquals($title['body']['key'], 'title'); + $this->assertEquals($title['body']['type'], 'string'); + $this->assertEquals($title['body']['size'], 256); + $this->assertEquals($title['body']['required'], true); + + // wait for database worker to create attributes + sleep(2); + + // add document $document = $this->client->call(Client::METHOD_POST, '/database/collections/' . $data['moviesId'] . '/documents', array_merge([ 'content-type' => 'application/json', 'x-appwrite-project' => $this->getProject()['$id'], @@ -2172,8 +2210,6 @@ trait DatabaseBase 'documentId' => 'unique()', 'data' => [ 'title' => 'Captain America', - 'releaseYear' => 1944, - 'actors' => [], ], ]); @@ -2181,7 +2217,6 @@ trait DatabaseBase $this->assertEquals($document['headers']['status-code'], 201); $this->assertEquals($document['body']['title'], 'Captain America'); - $this->assertEquals($document['body']['releaseYear'], 1944); $this->assertIsArray($document['body']['$read']); $this->assertIsArray($document['body']['$write']); From 5067a4640bd1d2970ea4de3eddc3d9f64f02fe5b Mon Sep 17 00:00:00 2001 From: gepd Date: Mon, 20 Jun 2022 19:04:40 -0400 Subject: [PATCH 14/19] Remove $data argument --- tests/e2e/Services/Database/DatabaseBase.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/e2e/Services/Database/DatabaseBase.php b/tests/e2e/Services/Database/DatabaseBase.php index 85933f29ff..9049537988 100644 --- a/tests/e2e/Services/Database/DatabaseBase.php +++ b/tests/e2e/Services/Database/DatabaseBase.php @@ -2163,7 +2163,7 @@ trait DatabaseBase return $data; } - public function testUpdatePermissionsWithEmptyPayload(array $data): array + public function testUpdatePermissionsWithEmptyPayload(): array { // Create collection $movies = $this->client->call(Client::METHOD_POST, '/database/collections', array_merge([ From 9dab76f3577d476bf017e6a7b768f401b9eb937f Mon Sep 17 00:00:00 2001 From: gepd Date: Mon, 20 Jun 2022 19:32:24 -0400 Subject: [PATCH 15/19] get $id from response --- tests/e2e/Services/Database/DatabaseBase.php | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/tests/e2e/Services/Database/DatabaseBase.php b/tests/e2e/Services/Database/DatabaseBase.php index 9049537988..ccffbb2d77 100644 --- a/tests/e2e/Services/Database/DatabaseBase.php +++ b/tests/e2e/Services/Database/DatabaseBase.php @@ -2183,7 +2183,9 @@ trait DatabaseBase // create attribute - $title = $this->client->call(Client::METHOD_POST, '/database/collections/' . $data['moviesId'] . '/attributes/string', array_merge([ + $moviesId = $movies['body']['$id']; + + $title = $this->client->call(Client::METHOD_POST, '/database/collections/' . $moviesId . '/attributes/string', array_merge([ 'content-type' => 'application/json', 'x-appwrite-project' => $this->getProject()['$id'], 'x-appwrite-key' => $this->getProject()['apiKey'] @@ -2203,7 +2205,7 @@ trait DatabaseBase sleep(2); // add document - $document = $this->client->call(Client::METHOD_POST, '/database/collections/' . $data['moviesId'] . '/documents', array_merge([ + $document = $this->client->call(Client::METHOD_POST, '/database/collections/' . $moviesId . '/documents', array_merge([ 'content-type' => 'application/json', 'x-appwrite-project' => $this->getProject()['$id'], ], $this->getHeaders()), [ @@ -2236,7 +2238,7 @@ trait DatabaseBase // Reset Permissions - $document = $this->client->call(Client::METHOD_PATCH, '/database/collections/' . $data['moviesId'] . '/documents/' . $id, array_merge([ + $document = $this->client->call(Client::METHOD_PATCH, '/database/collections/' . $moviesId . '/documents/' . $id, array_merge([ 'content-type' => 'application/json', 'x-appwrite-project' => $this->getProject()['$id'], ], $this->getHeaders()), [ From c2ce37e6f3fa6a0e9cf345893923fe6d0b961a92 Mon Sep 17 00:00:00 2001 From: gepd Date: Mon, 20 Jun 2022 20:41:12 -0400 Subject: [PATCH 16/19] added read and write permissions --- tests/e2e/Services/Database/DatabaseBase.php | 2 ++ 1 file changed, 2 insertions(+) diff --git a/tests/e2e/Services/Database/DatabaseBase.php b/tests/e2e/Services/Database/DatabaseBase.php index ccffbb2d77..326a89beeb 100644 --- a/tests/e2e/Services/Database/DatabaseBase.php +++ b/tests/e2e/Services/Database/DatabaseBase.php @@ -2213,6 +2213,8 @@ trait DatabaseBase 'data' => [ 'title' => 'Captain America', ], + 'read' => ['user:' . $this->getUser()['$id']], + 'write' => ['user:' . $this->getUser()['$id']], ]); $id = $document['body']['$id']; From 6cc6928ce9b7376e6a5c488cc73b785f8d1f7a48 Mon Sep 17 00:00:00 2001 From: gepd Date: Mon, 20 Jun 2022 22:11:47 -0400 Subject: [PATCH 17/19] simplified test --- tests/e2e/Services/Database/DatabaseBase.php | 18 ++++-------------- 1 file changed, 4 insertions(+), 14 deletions(-) diff --git a/tests/e2e/Services/Database/DatabaseBase.php b/tests/e2e/Services/Database/DatabaseBase.php index 326a89beeb..042590ca35 100644 --- a/tests/e2e/Services/Database/DatabaseBase.php +++ b/tests/e2e/Services/Database/DatabaseBase.php @@ -2223,20 +2223,10 @@ trait DatabaseBase $this->assertEquals($document['body']['title'], 'Captain America'); $this->assertIsArray($document['body']['$read']); $this->assertIsArray($document['body']['$write']); - - if ($this->getSide() == 'client') { - $this->assertCount(1, $document['body']['$read']); - $this->assertCount(1, $document['body']['$write']); - $this->assertEquals(['user:' . $this->getUser()['$id']], $document['body']['$read']); - $this->assertEquals(['user:' . $this->getUser()['$id']], $document['body']['$write']); - } - - if ($this->getSide() == 'server') { - $this->assertCount(0, $document['body']['$read']); - $this->assertCount(0, $document['body']['$write']); - $this->assertEquals([], $document['body']['$read']); - $this->assertEquals([], $document['body']['$write']); - } + $this->assertCount(1, $document['body']['$read']); + $this->assertCount(1, $document['body']['$write']); + $this->assertEquals(['user:' . $this->getUser()['$id']], $document['body']['$read']); + $this->assertEquals(['user:' . $this->getUser()['$id']], $document['body']['$write']); // Reset Permissions From addfae2f46331a63e588ae6d43dd14c03ae261dc Mon Sep 17 00:00:00 2001 From: gepd Date: Wed, 22 Jun 2022 19:38:56 -0400 Subject: [PATCH 18/19] fix tests --- tests/e2e/Services/Database/DatabaseBase.php | 67 ++++++++++++-------- 1 file changed, 39 insertions(+), 28 deletions(-) diff --git a/tests/e2e/Services/Database/DatabaseBase.php b/tests/e2e/Services/Database/DatabaseBase.php index 042590ca35..13ec60bfb0 100644 --- a/tests/e2e/Services/Database/DatabaseBase.php +++ b/tests/e2e/Services/Database/DatabaseBase.php @@ -2180,11 +2180,10 @@ trait DatabaseBase $this->assertEquals($movies['headers']['status-code'], 201); $this->assertEquals($movies['body']['name'], 'Movies'); - - // create attribute - + $moviesId = $movies['body']['$id']; - + + // create attribute $title = $this->client->call(Client::METHOD_POST, '/database/collections/' . $moviesId . '/attributes/string', array_merge([ 'content-type' => 'application/json', 'x-appwrite-project' => $this->getProject()['$id'], @@ -2196,10 +2195,6 @@ trait DatabaseBase ]); $this->assertEquals($title['headers']['status-code'], 201); - $this->assertEquals($title['body']['key'], 'title'); - $this->assertEquals($title['body']['type'], 'string'); - $this->assertEquals($title['body']['size'], 256); - $this->assertEquals($title['body']['required'], true); // wait for database worker to create attributes sleep(2); @@ -2213,44 +2208,60 @@ trait DatabaseBase 'data' => [ 'title' => 'Captain America', ], - 'read' => ['user:' . $this->getUser()['$id']], - 'write' => ['user:' . $this->getUser()['$id']], + 'read' => ['role:all'], + 'write' => ['role:all'], ]); $id = $document['body']['$id']; $this->assertEquals($document['headers']['status-code'], 201); - $this->assertEquals($document['body']['title'], 'Captain America'); - $this->assertIsArray($document['body']['$read']); - $this->assertIsArray($document['body']['$write']); $this->assertCount(1, $document['body']['$read']); $this->assertCount(1, $document['body']['$write']); - $this->assertEquals(['user:' . $this->getUser()['$id']], $document['body']['$read']); - $this->assertEquals(['user:' . $this->getUser()['$id']], $document['body']['$write']); - - // Reset Permissions + $this->assertEquals(['role:all'], $document['body']['$read']); + $this->assertEquals(['role:all'], $document['body']['$write']); + // Send only read permission $document = $this->client->call(Client::METHOD_PATCH, '/database/collections/' . $moviesId . '/documents/' . $id, array_merge([ 'content-type' => 'application/json', 'x-appwrite-project' => $this->getProject()['$id'], - ], $this->getHeaders()), [ - 'data' => [], - 'read' => [], - 'write' => [], + ], $this->getHeaders()), [ + 'read' => ['user:' . $this->getUser()['$id']], ]); if ($this->getSide() == 'client') { - $this->assertEquals($document['headers']['status-code'], 401); + $this->assertEquals($document['headers']['status-code'], 200); } if ($this->getSide() == 'server') { $this->assertEquals($document['headers']['status-code'], 200); - $this->assertCount(0, $document['body']['$read']); - $this->assertCount(0, $document['body']['$write']); - $this->assertEquals([], $document['body']['$read']); - $this->assertEquals([], $document['body']['$write']); + $this->assertCount(1, $document['body']['$read']); + $this->assertCount(1, $document['body']['$write']); + $this->assertEquals(['user:' . $this->getUser()['$id']], $document['body']['$read']); + $this->assertEquals(['role:all'], $document['body']['$write']); } - return $data; + // send only write permission + $document = $this->client->call(Client::METHOD_PATCH, '/database/collections/' . $moviesId . '/documents/' . $id, array_merge([ + 'content-type' => 'application/json', + 'x-appwrite-project' => $this->getProject()['$id'], + ], $this->getHeaders()), [ + 'write' => ['user:' . $this->getUser()['$id']], + ]); + + if ($this->getSide() == 'server') { + $this->assertEquals($document['headers']['status-code'], 200); + $this->assertCount(1, $document['body']['$read']); + $this->assertCount(1, $document['body']['$write']); + $this->assertEquals(['user:' . $this->getUser()['$id']], $document['body']['$read']); + $this->assertEquals(['user:' . $this->getUser()['$id']], $document['body']['$write']); + } + + // remove collection + $this->client->call(Client::METHOD_DELETE, '/database/collections/' . $moviesId, array_merge([ + 'content-type' => 'application/json', + 'x-appwrite-project' => $this->getProject()['$id'], + ], $this->getHeaders())); + + return []; } -} +} \ No newline at end of file From 020e08143e516f6f38c5d7716a0d1d4c86443f67 Mon Sep 17 00:00:00 2001 From: gepd Date: Wed, 22 Jun 2022 20:45:33 -0400 Subject: [PATCH 19/19] fix linter --- tests/e2e/Services/Database/DatabaseBase.php | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/tests/e2e/Services/Database/DatabaseBase.php b/tests/e2e/Services/Database/DatabaseBase.php index 13ec60bfb0..1e31b9d188 100644 --- a/tests/e2e/Services/Database/DatabaseBase.php +++ b/tests/e2e/Services/Database/DatabaseBase.php @@ -2180,9 +2180,9 @@ trait DatabaseBase $this->assertEquals($movies['headers']['status-code'], 201); $this->assertEquals($movies['body']['name'], 'Movies'); - + $moviesId = $movies['body']['$id']; - + // create attribute $title = $this->client->call(Client::METHOD_POST, '/database/collections/' . $moviesId . '/attributes/string', array_merge([ 'content-type' => 'application/json', @@ -2264,4 +2264,4 @@ trait DatabaseBase return []; } -} \ No newline at end of file +}