diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index dd7217a9af..8d25b2578a 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -366,7 +366,6 @@ From time to time, our team will add tutorials that will help contributors find * [Appwrite Environment Variables](./docs/tutorials/environment-variables.md) * [Running in Production](./docs/tutorials/running-in-production.md) - ## Other Ways to Help Pull requests are great, but there are many other areas where you can help Appwrite. diff --git a/app/controllers/api/database.php b/app/controllers/api/database.php index 77de5953ad..c386749ca9 100644 --- a/app/controllers/api/database.php +++ b/app/controllers/api/database.php @@ -535,20 +535,12 @@ App::patch('/v1/database/collections/:collectionId/documents/:documentId') throw new Exception('No document found', 404); } - //TODO check merge read write permissions - - if (!empty($read)) { // Overwrite permissions only when passed - $data['$permissions']['read'] = $read; - } - - if (!empty($write)) { // Overwrite permissions only when passed - $data['$permissions']['write'] = $write; - } - $data = \array_merge($document->getArrayCopy(), $data); $data['$collection'] = $collection->getId(); // Make sure user don't switch collectionID $data['$id'] = $document->getId(); // Make sure user don't switch document unique ID + $data['$permissions']['read'] = $read; + $data['$permissions']['write'] = $write; if (empty($data)) { throw new Exception('Missing payload', 400); diff --git a/tests/e2e/Services/Database/DatabaseBase.php b/tests/e2e/Services/Database/DatabaseBase.php index 8285cb2076..2b93485f16 100644 --- a/tests/e2e/Services/Database/DatabaseBase.php +++ b/tests/e2e/Services/Database/DatabaseBase.php @@ -434,7 +434,9 @@ trait DatabaseBase ], $this->getHeaders()), [ 'data' => [ 'name' => 'Thor: Ragnarok' - ] + ], + 'read' => ['user:'.$this->getUser()['$id']], + 'write' => ['user:'.$this->getUser()['$id']], ]); $this->assertEquals($document['headers']['status-code'], 200);