diff --git a/app/controllers/api/databases.php b/app/controllers/api/databases.php index 825c149952..4a340af58c 100644 --- a/app/controllers/api/databases.php +++ b/app/controllers/api/databases.php @@ -2604,21 +2604,15 @@ App::post('/v1/databases/:databaseId/collections/:collectionId/documents') $isAPIKey = Auth::isAppUser(Authorization::getRoles()); $isPrivilegedUser = Auth::isPrivilegedUser(Authorization::getRoles()); - $isAdminMode = $mode === APP_MODE_ADMIN; - $isConsole = $isAdminMode && $isPrivilegedUser; - if ($database->isEmpty() || !$database->getAttribute('enabled')) { - if (!$isConsole && !$isAPIKey) { - throw new Exception(Exception::DATABASE_NOT_FOUND); - } + if ($database->isEmpty() || (!$database->getAttribute('enabled', false) && !$isAPIKey && !$isPrivilegedUser)) { + throw new Exception(Exception::DATABASE_NOT_FOUND); } $collection = Authorization::skip(fn() => $dbForProject->getDocument('database_' . $database->getInternalId(), $collectionId)); - if ($collection->isEmpty() || !$collection->getAttribute('enabled')) { - if (!$isConsole && !$isAPIKey) { - throw new Exception(Exception::COLLECTION_NOT_FOUND); - } + if ($collection->isEmpty() || (!$collection->getAttribute('enabled', false) && !$isAPIKey && !$isPrivilegedUser)) { + throw new Exception(Exception::COLLECTION_NOT_FOUND); } $allowedPermissions = [ @@ -2641,8 +2635,7 @@ App::post('/v1/databases/:databaseId/collections/:collectionId/documents') } // Users can only manage their own roles, API keys and Admin users can manage any - $roles = Authorization::getRoles(); - if (!Auth::isAppUser($roles) && !Auth::isPrivilegedUser($roles)) { + if (!$isAPIKey && !$isPrivilegedUser) { foreach (Database::PERMISSIONS as $type) { foreach ($permissions as $permission) { $permission = Permission::parse($permission); @@ -2823,42 +2816,19 @@ App::get('/v1/databases/:databaseId/collections/:collectionId/documents') ->inject('dbForProject') ->inject('mode') ->action(function (string $databaseId, string $collectionId, array $queries, Response $response, Database $dbForProject, string $mode) { - $database = Authorization::skip(fn() => $dbForProject->getDocument('databases', $databaseId)); $isAPIKey = Auth::isAppUser(Authorization::getRoles()); $isPrivilegedUser = Auth::isPrivilegedUser(Authorization::getRoles()); - $isAdminMode = $mode === APP_MODE_ADMIN; - $isConsole = $isAdminMode && $isPrivilegedUser; - if ($database->isEmpty() || !$database->getAttribute('enabled')) { - if (!$isConsole && !$isAPIKey) { - throw new Exception(Exception::DATABASE_NOT_FOUND); - } + if ($database->isEmpty() || (!$database->getAttribute('enabled', false) && !$isAPIKey && !$isPrivilegedUser)) { + throw new Exception(Exception::DATABASE_NOT_FOUND); } $collection = Authorization::skip(fn() => $dbForProject->getDocument('database_' . $database->getInternalId(), $collectionId)); - if (!($isAdminMode && ($isAPIKey || $isPrivilegedUser))) { - if (!$collection->getAttribute('documentSecurity', false)) { - $validator = new Authorization(Database::PERMISSION_READ); - if (!$validator->isValid($collection->getRead())) { - $collection = new Document(); - } - } - } - - if ($collection->isEmpty() || !$collection->getAttribute('enabled')) { - if (!$isConsole && !$isAPIKey) { - throw new Exception(Exception::COLLECTION_NOT_FOUND); - } - } - - // Validate queries - $queriesValidator = new Documents($collection->getAttribute('attributes'), $collection->getAttribute('indexes')); - $validQueries = $queriesValidator->isValid($queries); - if (!$validQueries) { - throw new Exception(Exception::GENERAL_ARGUMENT_INVALID, $queriesValidator->getDescription()); + if ($collection->isEmpty() || (!$collection->getAttribute('enabled', false) && !$isAPIKey && !$isPrivilegedUser)) { + throw new Exception(Exception::COLLECTION_NOT_FOUND); } $queries = Query::parseQueries($queries); @@ -2878,13 +2848,13 @@ App::get('/v1/databases/:databaseId/collections/:collectionId/documents') $cursor->setValue($cursorDocument); } - $filterQueries = Query::groupByType($queries)['filters']; + $filters = Query::groupByType($queries)['filters']; $documents = $dbForProject->find('database_' . $database->getInternalId() . '_collection_' . $collection->getInternalId(), $queries); - $total = $dbForProject->count('database_' . $database->getInternalId() . '_collection_' . $collection->getInternalId(), $filterQueries, APP_LIMIT_COUNT); + $total = $dbForProject->count('database_' . $database->getInternalId() . '_collection_' . $collection->getInternalId(), $filters, APP_LIMIT_COUNT); // Add $collectionId and $databaseId for all documents - $processDocument = function (Document $collection, Document $document) use (&$processDocument, $dbForProject, $database): bool { + $processDocument = (function (Document $collection, Document $document) use (&$processDocument, $dbForProject, $database): bool { if ($document->isEmpty()) { return false; } @@ -2929,12 +2899,12 @@ App::get('/v1/databases/:databaseId/collections/:collectionId/documents') } return true; - }; + }); // The linter is forcing this indentation - foreach ($documents as $document) { - $processDocument($collection, $document); - } + foreach ($documents as $document) { + $processDocument($collection, $document); + } $response->dynamic(new Document([ 'total' => $total, @@ -2964,27 +2934,19 @@ App::get('/v1/databases/:databaseId/collections/:collectionId/documents/:documen ->inject('dbForProject') ->inject('mode') ->action(function (string $databaseId, string $collectionId, string $documentId, array $queries, Response $response, Database $dbForProject, string $mode) { - $database = Authorization::skip(fn() => $dbForProject->getDocument('databases', $databaseId)); $isAPIKey = Auth::isAppUser(Authorization::getRoles()); $isPrivilegedUser = Auth::isPrivilegedUser(Authorization::getRoles()); - $isAdminMode = $mode === APP_MODE_ADMIN; - $isConsole = $isAdminMode && $isPrivilegedUser; - - if ($database->isEmpty() || !$database->getAttribute('enabled')) { - if (!$isConsole && !$isAPIKey) { - throw new Exception(Exception::DATABASE_NOT_FOUND); - } + if ($database->isEmpty() || (!$database->getAttribute('enabled', false) && !$isAPIKey && !$isPrivilegedUser)) { + throw new Exception(Exception::DATABASE_NOT_FOUND); } $collection = Authorization::skip(fn() => $dbForProject->getDocument('database_' . $database->getInternalId(), $collectionId)); - if ($collection->isEmpty() || !$collection->getAttribute('enabled')) { - if (!$isConsole && !$isAPIKey) { - throw new Exception(Exception::COLLECTION_NOT_FOUND); - } + if ($collection->isEmpty() || (!$collection->getAttribute('enabled', false) && !$isAPIKey && !$isPrivilegedUser)) { + throw new Exception(Exception::COLLECTION_NOT_FOUND); } // Validate queries @@ -3185,22 +3147,15 @@ App::patch('/v1/databases/:databaseId/collections/:collectionId/documents/:docum $isAPIKey = Auth::isAppUser(Authorization::getRoles()); $isPrivilegedUser = Auth::isPrivilegedUser(Authorization::getRoles()); - $isAdminMode = $mode === APP_MODE_ADMIN; - $isConsole = $isAdminMode && $isPrivilegedUser; - - if ($database->isEmpty() || !$database->getAttribute('enabled')) { - if (!$isConsole && !$isAPIKey) { - throw new Exception(Exception::DATABASE_NOT_FOUND); - } + if ($database->isEmpty() || (!$database->getAttribute('enabled', false) && !$isAPIKey && !$isPrivilegedUser)) { + throw new Exception(Exception::DATABASE_NOT_FOUND); } $collection = Authorization::skip(fn() => $dbForProject->getDocument('database_' . $database->getInternalId(), $collectionId)); - if ($collection->isEmpty() || !$collection->getAttribute('enabled')) { - if (!$isConsole && !$isAPIKey) { - throw new Exception(Exception::COLLECTION_NOT_FOUND); - } + if ($collection->isEmpty() || (!$collection->getAttribute('enabled', false) && !$isAPIKey && !$isPrivilegedUser)) { + throw new Exception(Exception::COLLECTION_NOT_FOUND); } // Read permission should not be required for update @@ -3220,7 +3175,7 @@ App::patch('/v1/databases/:databaseId/collections/:collectionId/documents/:docum // Users can only manage their own roles, API keys and Admin users can manage any $roles = Authorization::getRoles(); - if (!Auth::isAppUser($roles) && !Auth::isPrivilegedUser($roles) && !\is_null($permissions)) { + if (!$isAPIKey && !$isPrivilegedUser && !\is_null($permissions)) { foreach (Database::PERMISSIONS as $type) { foreach ($permissions as $permission) { $permission = Permission::parse($permission); @@ -3424,27 +3379,19 @@ App::delete('/v1/databases/:databaseId/collections/:collectionId/documents/:docu ->inject('deletes') ->inject('mode') ->action(function (string $databaseId, string $collectionId, string $documentId, ?\DateTime $requestTimestamp, Response $response, Database $dbForProject, Event $events, Delete $deletes, string $mode) { - $database = Authorization::skip(fn() => $dbForProject->getDocument('databases', $databaseId)); $isAPIKey = Auth::isAppUser(Authorization::getRoles()); $isPrivilegedUser = Auth::isPrivilegedUser(Authorization::getRoles()); - $isAdminMode = $mode === APP_MODE_ADMIN; - $isConsole = $isAdminMode && $isPrivilegedUser; - - if ($database->isEmpty() || !$database->getAttribute('enabled')) { - if (!$isConsole && !$isAPIKey) { - throw new Exception(Exception::DATABASE_NOT_FOUND); - } + if ($database->isEmpty() || (!$database->getAttribute('enabled', false) && !$isAPIKey && !$isPrivilegedUser)) { + throw new Exception(Exception::DATABASE_NOT_FOUND); } $collection = Authorization::skip(fn() => $dbForProject->getDocument('database_' . $database->getInternalId(), $collectionId)); - if ($collection->isEmpty() || !$collection->getAttribute('enabled')) { - if (!$isConsole && !$isAPIKey) { - throw new Exception(Exception::COLLECTION_NOT_FOUND); - } + if ($collection->isEmpty() || (!$collection->getAttribute('enabled', false) && !$isAPIKey && !$isPrivilegedUser)) { + throw new Exception(Exception::COLLECTION_NOT_FOUND); } // Read permission should not be required for delete diff --git a/app/controllers/api/functions.php b/app/controllers/api/functions.php index 94bf716bfe..f7148ca93c 100644 --- a/app/controllers/api/functions.php +++ b/app/controllers/api/functions.php @@ -998,18 +998,13 @@ App::post('/v1/functions/:functionId/executions') ->inject('queueForFunctions') ->inject('queueForUsage') ->action(function (string $functionId, string $data, bool $async, Response $response, Document $project, Database $dbForProject, Document $user, Event $events, string $mode, Func $queueForFunctions, Usage $queueForUsage) { - $function = Authorization::skip(fn () => $dbForProject->getDocument('functions', $functionId)); - if ($function->isEmpty() || !$function->getAttribute('enabled')) { - $isAPIKey = Auth::isAppUser(Authorization::getRoles()); - $isPrivilegedUser = Auth::isPrivilegedUser(Authorization::getRoles()); - $isAdminMode = $mode === APP_MODE_ADMIN; - $isConsole = $isAdminMode && $isPrivilegedUser; + $isAPIKey = Auth::isAppUser(Authorization::getRoles()); + $isPrivilegedUser = Auth::isPrivilegedUser(Authorization::getRoles()); - if (!$isConsole && !$isAPIKey) { - throw new Exception(Exception::FUNCTION_NOT_FOUND); - } + if ($function->isEmpty() || (!$function->getAttribute('enabled') && !$isAPIKey && !$isPrivilegedUser)) { + throw new Exception(Exception::FUNCTION_NOT_FOUND); } $runtimes = Config::getParam('runtimes', []); @@ -1197,18 +1192,13 @@ App::get('/v1/functions/:functionId/executions') ->inject('dbForProject') ->inject('mode') ->action(function (string $functionId, array $queries, string $search, Response $response, Database $dbForProject, string $mode) { - $function = Authorization::skip(fn () => $dbForProject->getDocument('functions', $functionId)); - if ($function->isEmpty() || !$function->getAttribute('enabled')) { - $isAPIKey = Auth::isAppUser(Authorization::getRoles()); - $isPrivilegedUser = Auth::isPrivilegedUser(Authorization::getRoles()); - $isAdminMode = $mode === APP_MODE_ADMIN; - $isConsole = $isAdminMode && $isPrivilegedUser; + $isAPIKey = Auth::isAppUser(Authorization::getRoles()); + $isPrivilegedUser = Auth::isPrivilegedUser(Authorization::getRoles()); - if (!$isConsole && !$isAPIKey) { - throw new Exception(Exception::FUNCTION_NOT_FOUND); - } + if ($function->isEmpty() || (!$function->getAttribute('enabled') && !$isAPIKey && !$isPrivilegedUser)) { + throw new Exception(Exception::FUNCTION_NOT_FOUND); } $queries = Query::parseQueries($queries); @@ -1274,18 +1264,13 @@ App::get('/v1/functions/:functionId/executions/:executionId') ->inject('dbForProject') ->inject('mode') ->action(function (string $functionId, string $executionId, Response $response, Database $dbForProject, string $mode) { - $function = Authorization::skip(fn () => $dbForProject->getDocument('functions', $functionId)); - if ($function->isEmpty() || !$function->getAttribute('enabled')) { - $isAPIKey = Auth::isAppUser(Authorization::getRoles()); - $isPrivilegedUser = Auth::isPrivilegedUser(Authorization::getRoles()); - $isAdminMode = $mode === APP_MODE_ADMIN; - $isConsole = $isAdminMode && $isPrivilegedUser; + $isAPIKey = Auth::isAppUser(Authorization::getRoles()); + $isPrivilegedUser = Auth::isPrivilegedUser(Authorization::getRoles()); - if (!$isConsole && !$isAPIKey) { - throw new Exception(Exception::FUNCTION_NOT_FOUND); - } + if ($function->isEmpty() || (!$function->getAttribute('enabled') && !$isAPIKey && !$isPrivilegedUser)) { + throw new Exception(Exception::FUNCTION_NOT_FOUND); } $execution = $dbForProject->getDocument('executions', $executionId); diff --git a/app/controllers/api/storage.php b/app/controllers/api/storage.php index d4d402d4d7..4d907e24ba 100644 --- a/app/controllers/api/storage.php +++ b/app/controllers/api/storage.php @@ -354,18 +354,13 @@ App::post('/v1/storage/buckets/:bucketId/files') ->inject('deviceFiles') ->inject('deviceLocal') ->action(function (string $bucketId, string $fileId, mixed $file, ?array $permissions, Request $request, Response $response, Database $dbForProject, Document $user, Event $events, string $mode, Device $deviceFiles, Device $deviceLocal) { - $bucket = Authorization::skip(fn () => $dbForProject->getDocument('buckets', $bucketId)); - if ($bucket->isEmpty() || !$bucket->getAttribute('enabled')) { - $isAPIKey = Auth::isAppUser(Authorization::getRoles()); - $isPrivilegedUser = Auth::isPrivilegedUser(Authorization::getRoles()); - $isAdminMode = $mode === APP_MODE_ADMIN; - $isConsole = $isAdminMode && $isPrivilegedUser; + $isAPIKey = Auth::isAppUser(Authorization::getRoles()); + $isPrivilegedUser = Auth::isPrivilegedUser(Authorization::getRoles()); - if (!$isConsole && !$isAPIKey) { - throw new Exception(Exception::STORAGE_BUCKET_NOT_FOUND); - } + if ($bucket->isEmpty() || (!$bucket->getAttribute('enabled') && !$isAPIKey && !$isPrivilegedUser)) { + throw new Exception(Exception::STORAGE_BUCKET_NOT_FOUND); } $validator = new Authorization(Database::PERMISSION_CREATE); @@ -689,18 +684,13 @@ App::get('/v1/storage/buckets/:bucketId/files') ->inject('dbForProject') ->inject('mode') ->action(function (string $bucketId, array $queries, string $search, Response $response, Database $dbForProject, string $mode) { - $bucket = Authorization::skip(fn () => $dbForProject->getDocument('buckets', $bucketId)); - if ($bucket->isEmpty() || !$bucket->getAttribute('enabled')) { - $isAPIKey = Auth::isAppUser(Authorization::getRoles()); - $isPrivilegedUser = Auth::isPrivilegedUser(Authorization::getRoles()); - $isAdminMode = $mode === APP_MODE_ADMIN; - $isConsole = $isAdminMode && $isPrivilegedUser; + $isAPIKey = Auth::isAppUser(Authorization::getRoles()); + $isPrivilegedUser = Auth::isPrivilegedUser(Authorization::getRoles()); - if (!$isConsole && !$isAPIKey) { - throw new Exception(Exception::STORAGE_BUCKET_NOT_FOUND); - } + if ($bucket->isEmpty() || (!$bucket->getAttribute('enabled') && !$isAPIKey && !$isPrivilegedUser)) { + throw new Exception(Exception::STORAGE_BUCKET_NOT_FOUND); } $fileSecurity = $bucket->getAttribute('fileSecurity', false); @@ -770,18 +760,13 @@ App::get('/v1/storage/buckets/:bucketId/files/:fileId') ->inject('dbForProject') ->inject('mode') ->action(function (string $bucketId, string $fileId, Response $response, Database $dbForProject, string $mode) { - $bucket = Authorization::skip(fn () => $dbForProject->getDocument('buckets', $bucketId)); - if ($bucket->isEmpty() || !$bucket->getAttribute('enabled')) { - $isAPIKey = Auth::isAppUser(Authorization::getRoles()); - $isPrivilegedUser = Auth::isPrivilegedUser(Authorization::getRoles()); - $isAdminMode = $mode === APP_MODE_ADMIN; - $isConsole = $isAdminMode && $isPrivilegedUser; + $isAPIKey = Auth::isAppUser(Authorization::getRoles()); + $isPrivilegedUser = Auth::isPrivilegedUser(Authorization::getRoles()); - if (!$isConsole && !$isAPIKey) { - throw new Exception(Exception::STORAGE_BUCKET_NOT_FOUND); - } + if ($bucket->isEmpty() || (!$bucket->getAttribute('enabled') && !$isAPIKey && !$isPrivilegedUser)) { + throw new Exception(Exception::STORAGE_BUCKET_NOT_FOUND); } $fileSecurity = $bucket->getAttribute('fileSecurity', false); @@ -847,15 +832,11 @@ App::get('/v1/storage/buckets/:bucketId/files/:fileId/preview') $bucket = Authorization::skip(fn () => $dbForProject->getDocument('buckets', $bucketId)); - if ($bucket->isEmpty() || !$bucket->getAttribute('enabled')) { - $isAPIKey = Auth::isAppUser(Authorization::getRoles()); - $isPrivilegedUser = Auth::isPrivilegedUser(Authorization::getRoles()); - $isAdminMode = $mode === APP_MODE_ADMIN; - $isConsole = $isAdminMode && $isPrivilegedUser; + $isAPIKey = Auth::isAppUser(Authorization::getRoles()); + $isPrivilegedUser = Auth::isPrivilegedUser(Authorization::getRoles()); - if (!$isConsole && !$isAPIKey) { - throw new Exception(Exception::STORAGE_BUCKET_NOT_FOUND); - } + if ($bucket->isEmpty() || (!$bucket->getAttribute('enabled') && !$isAPIKey && !$isPrivilegedUser)) { + throw new Exception(Exception::STORAGE_BUCKET_NOT_FOUND); } $fileSecurity = $bucket->getAttribute('fileSecurity', false); @@ -998,15 +979,11 @@ App::get('/v1/storage/buckets/:bucketId/files/:fileId/download') $bucket = Authorization::skip(fn () => $dbForProject->getDocument('buckets', $bucketId)); - if ($bucket->isEmpty() || !$bucket->getAttribute('enabled')) { - $isAPIKey = Auth::isAppUser(Authorization::getRoles()); - $isPrivilegedUser = Auth::isPrivilegedUser(Authorization::getRoles()); - $isAdminMode = $mode === APP_MODE_ADMIN; - $isConsole = $isAdminMode && $isPrivilegedUser; + $isAPIKey = Auth::isAppUser(Authorization::getRoles()); + $isPrivilegedUser = Auth::isPrivilegedUser(Authorization::getRoles()); - if (!$isConsole && !$isAPIKey) { - throw new Exception(Exception::STORAGE_BUCKET_NOT_FOUND); - } + if ($bucket->isEmpty() || (!$bucket->getAttribute('enabled') && !$isAPIKey && !$isPrivilegedUser)) { + throw new Exception(Exception::STORAGE_BUCKET_NOT_FOUND); } $fileSecurity = $bucket->getAttribute('fileSecurity', false); @@ -1140,18 +1117,13 @@ App::get('/v1/storage/buckets/:bucketId/files/:fileId/view') ->inject('mode') ->inject('deviceFiles') ->action(function (string $bucketId, string $fileId, Response $response, Request $request, Database $dbForProject, string $mode, Device $deviceFiles) { - $bucket = Authorization::skip(fn () => $dbForProject->getDocument('buckets', $bucketId)); - if ($bucket->isEmpty() || !$bucket->getAttribute('enabled')) { - $isAPIKey = Auth::isAppUser(Authorization::getRoles()); - $isPrivilegedUser = Auth::isPrivilegedUser(Authorization::getRoles()); - $isAdminMode = $mode === APP_MODE_ADMIN; - $isConsole = $isAdminMode && $isPrivilegedUser; + $isAPIKey = Auth::isAppUser(Authorization::getRoles()); + $isPrivilegedUser = Auth::isPrivilegedUser(Authorization::getRoles()); - if (!$isConsole && !$isAPIKey) { - throw new Exception(Exception::STORAGE_BUCKET_NOT_FOUND); - } + if ($bucket->isEmpty() || (!$bucket->getAttribute('enabled') && !$isAPIKey && !$isPrivilegedUser)) { + throw new Exception(Exception::STORAGE_BUCKET_NOT_FOUND); } $fileSecurity = $bucket->getAttribute('fileSecurity', false); @@ -1304,18 +1276,13 @@ App::put('/v1/storage/buckets/:bucketId/files/:fileId') ->inject('mode') ->inject('events') ->action(function (string $bucketId, string $fileId, ?string $name, ?array $permissions, Response $response, Database $dbForProject, Document $user, string $mode, Event $events) { - $bucket = Authorization::skip(fn () => $dbForProject->getDocument('buckets', $bucketId)); - if ($bucket->isEmpty() || !$bucket->getAttribute('enabled')) { - $isAPIKey = Auth::isAppUser(Authorization::getRoles()); - $isPrivilegedUser = Auth::isPrivilegedUser(Authorization::getRoles()); - $isAdminMode = $mode === APP_MODE_ADMIN; - $isConsole = $isAdminMode && $isPrivilegedUser; + $isAPIKey = Auth::isAppUser(Authorization::getRoles()); + $isPrivilegedUser = Auth::isPrivilegedUser(Authorization::getRoles()); - if (!$isConsole && !$isAPIKey) { - throw new Exception(Exception::STORAGE_BUCKET_NOT_FOUND); - } + if ($bucket->isEmpty() || (!$bucket->getAttribute('enabled') && !$isAPIKey && !$isPrivilegedUser)) { + throw new Exception(Exception::STORAGE_BUCKET_NOT_FOUND); } $fileSecurity = $bucket->getAttributes('fileSecurity', false); @@ -1417,15 +1384,11 @@ App::delete('/v1/storage/buckets/:bucketId/files/:fileId') ->action(function (string $bucketId, string $fileId, Response $response, Database $dbForProject, Event $events, string $mode, Device $deviceFiles, Delete $deletes) { $bucket = Authorization::skip(fn () => $dbForProject->getDocument('buckets', $bucketId)); - if ($bucket->isEmpty() || !$bucket->getAttribute('enabled')) { - $isAPIKey = Auth::isAppUser(Authorization::getRoles()); - $isPrivilegedUser = Auth::isPrivilegedUser(Authorization::getRoles()); - $isAdminMode = $mode === APP_MODE_ADMIN; - $isConsole = $isAdminMode && $isPrivilegedUser; + $isAPIKey = Auth::isAppUser(Authorization::getRoles()); + $isPrivilegedUser = Auth::isPrivilegedUser(Authorization::getRoles()); - if (!$isConsole && !$isAPIKey) { - throw new Exception(Exception::STORAGE_BUCKET_NOT_FOUND); - } + if ($bucket->isEmpty() || (!$bucket->getAttribute('enabled') && !$isAPIKey && !$isPrivilegedUser)) { + throw new Exception(Exception::STORAGE_BUCKET_NOT_FOUND); } $fileSecurity = $bucket->getAttributes('fileSecurity', false); diff --git a/app/controllers/shared/api.php b/app/controllers/shared/api.php index d1297b3458..f0a56b7c27 100644 --- a/app/controllers/shared/api.php +++ b/app/controllers/shared/api.php @@ -281,15 +281,11 @@ App::init() $bucket = Authorization::skip(fn () => $dbForProject->getDocument('buckets', $bucketId)); - if ($bucket->isEmpty() || !$bucket->getAttribute('enabled')) { - $isAPIKey = Auth::isAppUser(Authorization::getRoles()); - $isPrivilegedUser = Auth::isPrivilegedUser(Authorization::getRoles()); - $isAdminMode = $mode === APP_MODE_ADMIN; - $isConsole = $isAdminMode && $isPrivilegedUser; + $isAPIKey = Auth::isAppUser(Authorization::getRoles()); + $isPrivilegedUser = Auth::isPrivilegedUser(Authorization::getRoles()); - if (!$isConsole && !$isAPIKey) { - throw new Exception(Exception::STORAGE_BUCKET_NOT_FOUND); - } + if ($bucket->isEmpty() || (!$bucket->getAttribute('enabled') && !$isAPIKey && !$isPrivilegedUser)) { + throw new Exception(Exception::STORAGE_BUCKET_NOT_FOUND); } $fileSecurity = $bucket->getAttribute('fileSecurity', false);