From 47f442b98e294446d3a29bfebb0f766753f00224 Mon Sep 17 00:00:00 2001
From: Steven Nguyen <1477010+stnguyen90@users.noreply.github.com>
Date: Wed, 20 Mar 2024 15:49:05 +0000
Subject: [PATCH] fix(functions): fix permissions for function domains

Execution via domain should be blocked if permissions does not contain
any and permissions does not contain guests.
---
 app/controllers/general.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app/controllers/general.php b/app/controllers/general.php
index 11fabe7550..13a86ac36b 100644
--- a/app/controllers/general.php
+++ b/app/controllers/general.php
@@ -167,7 +167,7 @@ function router(App $utopia, Database $dbForConsole, callable $getProjectDB, Swo
 
         $permissions = $function->getAttribute('execute');
 
-        if (!(\in_array('any', $permissions)) && (\in_array('guests', $permissions))) {
+        if (!(\in_array('any', $permissions)) && !(\in_array('guests', $permissions))) {
             throw new AppwriteException(AppwriteException::USER_UNAUTHORIZED, 'To execute function using domain, execute permissions must include "any" or "guests"');
         }