From b69deb594d79c9f1379a1edfbc3fc15e54881547 Mon Sep 17 00:00:00 2001 From: Eldad Fux Date: Mon, 15 Mar 2021 00:33:59 +0200 Subject: [PATCH 1/2] Allow permission reset --- app/controllers/api/database.php | 12 ++---------- 1 file changed, 2 insertions(+), 10 deletions(-) diff --git a/app/controllers/api/database.php b/app/controllers/api/database.php index 77de5953ad..c386749ca9 100644 --- a/app/controllers/api/database.php +++ b/app/controllers/api/database.php @@ -535,20 +535,12 @@ App::patch('/v1/database/collections/:collectionId/documents/:documentId') throw new Exception('No document found', 404); } - //TODO check merge read write permissions - - if (!empty($read)) { // Overwrite permissions only when passed - $data['$permissions']['read'] = $read; - } - - if (!empty($write)) { // Overwrite permissions only when passed - $data['$permissions']['write'] = $write; - } - $data = \array_merge($document->getArrayCopy(), $data); $data['$collection'] = $collection->getId(); // Make sure user don't switch collectionID $data['$id'] = $document->getId(); // Make sure user don't switch document unique ID + $data['$permissions']['read'] = $read; + $data['$permissions']['write'] = $write; if (empty($data)) { throw new Exception('Missing payload', 400); From 92c3e622bdcb9c9cc8f7c2870008d52afdf4384f Mon Sep 17 00:00:00 2001 From: Eldad Fux Date: Mon, 15 Mar 2021 13:44:11 +0200 Subject: [PATCH 2/2] Updated tests --- CONTRIBUTING.md | 1 - tests/e2e/Services/Database/DatabaseBase.php | 4 +++- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index dd7217a9af..8d25b2578a 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -366,7 +366,6 @@ From time to time, our team will add tutorials that will help contributors find * [Appwrite Environment Variables](./docs/tutorials/environment-variables.md) * [Running in Production](./docs/tutorials/running-in-production.md) - ## Other Ways to Help Pull requests are great, but there are many other areas where you can help Appwrite. diff --git a/tests/e2e/Services/Database/DatabaseBase.php b/tests/e2e/Services/Database/DatabaseBase.php index 8285cb2076..2b93485f16 100644 --- a/tests/e2e/Services/Database/DatabaseBase.php +++ b/tests/e2e/Services/Database/DatabaseBase.php @@ -434,7 +434,9 @@ trait DatabaseBase ], $this->getHeaders()), [ 'data' => [ 'name' => 'Thor: Ragnarok' - ] + ], + 'read' => ['user:'.$this->getUser()['$id']], + 'write' => ['user:'.$this->getUser()['$id']], ]); $this->assertEquals($document['headers']['status-code'], 200);