From b5846f5a79c2ed0849cdc0620432e056504788a1 Mon Sep 17 00:00:00 2001 From: Eldad Fux Date: Mon, 22 Mar 2021 00:17:20 +0200 Subject: [PATCH 1/3] Updated default permissions --- app/controllers/api/database.php | 28 ++++++++++++++++------------ app/controllers/api/storage.php | 12 +++++++----- 2 files changed, 23 insertions(+), 17 deletions(-) diff --git a/app/controllers/api/database.php b/app/controllers/api/database.php index c386749ca9..e12088e507 100644 --- a/app/controllers/api/database.php +++ b/app/controllers/api/database.php @@ -169,8 +169,8 @@ App::put('/v1/database/collections/:collectionId') ->label('sdk.response.model', Response::MODEL_COLLECTION) ->param('collectionId', '', new UID(), 'Collection unique ID.') ->param('name', null, new Text(128), 'Collection name. Max length: 128 chars.') - ->param('read', [], new ArrayList(new Text(64)), 'An array of strings with read permissions. By default no user is granted with any read permissions. [learn more about permissions(/docs/permissions) and get a full list of available permissions.') - ->param('write', [], new ArrayList(new Text(64)), 'An array of strings with write permissions. By default no user is granted with any write permissions. [learn more about permissions](/docs/permissions) and get a full list of available permissions.') + ->param('read', null, new ArrayList(new Text(64)), 'An array of strings with read permissions. By default inherits the existing read permissions. [learn more about permissions](/docs/permissions) and get a full list of available permissions.', true) + ->param('write', null, new ArrayList(new Text(64)), 'An array of strings with write permissions. By default inherits the existing write permissions. [learn more about permissions](/docs/permissions) and get a full list of available permissions.', true) ->param('rules', [], function ($projectDB) { return new ArrayList(new Collection($projectDB, [Database::SYSTEM_COLLECTION_RULES], ['$collection' => Database::SYSTEM_COLLECTION_RULES, '$permissions' => ['read' => [], 'write' => []]])); }, 'Array of [rule objects](/docs/rules). Each rule define a collection field name, data type and validation.', true, ['projectDB']) ->inject('response') ->inject('projectDB') @@ -187,6 +187,8 @@ App::put('/v1/database/collections/:collectionId') } $parsedRules = []; + $read = (is_null($read)) ? ($collection->getPermissions()['read'] ?? []) : $read; // By default inherit read permissions + $write = (is_null($write)) ? ($collection->getPermissions()['write'] ?? []) : $write; // By default inherit write permissions foreach ($rules as &$rule) { $parsedRules[] = \array_merge([ @@ -295,17 +297,19 @@ App::post('/v1/database/collections/:collectionId/documents') ->label('sdk.response.model', Response::MODEL_ANY) ->param('collectionId', null, new UID(), 'Collection unique ID. You can create a new collection with validation rules using the Database service [server integration](/docs/server/database#createCollection).') ->param('data', [], new JSON(), 'Document data as JSON object.') - ->param('read', [], new ArrayList(new Text(64)), 'An array of strings with read permissions. By default no user is granted with any read permissions. [learn more about permissions](/docs/permissions) and get a full list of available permissions.') - ->param('write', [], new ArrayList(new Text(64)), 'An array of strings with write permissions. By default no user is granted with any write permissions. [learn more about permissions](/docs/permissions) and get a full list of available permissions.') + ->param('read', null, new ArrayList(new Text(64)), 'An array of strings with read permissions. By default only the current user is granted with read permissions. [learn more about permissions](/docs/permissions) and get a full list of available permissions.', true) + ->param('write', null, new ArrayList(new Text(64)), 'An array of strings with write permissions. By default only the current user is granted with write permissions. [learn more about permissions](/docs/permissions) and get a full list of available permissions.', true) ->param('parentDocument', '', new UID(), 'Parent document unique ID. Use when you want your new document to be a child of a parent document.', true) ->param('parentProperty', '', new Key(), 'Parent document property name. Use when you want your new document to be a child of a parent document.', true) ->param('parentPropertyType', Document::SET_TYPE_ASSIGN, new WhiteList([Document::SET_TYPE_ASSIGN, Document::SET_TYPE_APPEND, Document::SET_TYPE_PREPEND], true), 'Parent document property connection type. You can set this value to **assign**, **append** or **prepend**, default value is assign. Use when you want your new document to be a child of a parent document.', true) ->inject('response') ->inject('projectDB') + ->inject('user') ->inject('audits') - ->action(function ($collectionId, $data, $read, $write, $parentDocument, $parentProperty, $parentPropertyType, $response, $projectDB, $audits) { + ->action(function ($collectionId, $data, $read, $write, $parentDocument, $parentProperty, $parentPropertyType, $response, $projectDB, $user, $audits) { /** @var Appwrite\Utopia\Response $response */ /** @var Appwrite\Database\Database $projectDB */ + /** @var Appwrite\Database\Document $user */ /** @var Appwrite\Event\Event $audits */ $data = (\is_string($data)) ? \json_decode($data, true) : $data; // Cast to JSON array @@ -326,8 +330,8 @@ App::post('/v1/database/collections/:collectionId/documents') $data['$collection'] = $collectionId; // Adding this param to make API easier for developers $data['$permissions'] = [ - 'read' => $read, - 'write' => $write, + 'read' => (is_null($read)) ? ['user:'.$user->getId()] : $read, // By default set read permissions for user + 'write' => (is_null($write)) ? ['user:'.$user->getId()] : $write, // By default set write permissions for user ]; // Read parent document + validate not 404 + validate read / write permission like patch method @@ -508,8 +512,8 @@ App::patch('/v1/database/collections/:collectionId/documents/:documentId') ->param('collectionId', null, new UID(), 'Collection unique ID. You can create a new collection with validation rules using the Database service [server integration](/docs/server/database#createCollection).') ->param('documentId', null, new UID(), 'Document unique ID.') ->param('data', [], new JSON(), 'Document data as JSON object.') - ->param('read', [], new ArrayList(new Text(64)), 'An array of strings with read permissions. By default no user is granted with any read permissions. [learn more about permissions](/docs/permissions) and get a full list of available permissions.') - ->param('write', [], new ArrayList(new Text(64)), 'An array of strings with write permissions. By default no user is granted with any write permissions. [learn more about permissions](/docs/permissions) and get a full list of available permissions.') + ->param('read', null, new ArrayList(new Text(64)), 'An array of strings with read permissions. By default inherits the existing read permissions. [learn more about permissions](/docs/permissions) and get a full list of available permissions.', true) + ->param('write', null, new ArrayList(new Text(64)), 'An array of strings with write permissions. By default inherits the existing write permissions. [learn more about permissions](/docs/permissions) and get a full list of available permissions.', true) ->inject('response') ->inject('projectDB') ->inject('audits') @@ -522,7 +526,7 @@ App::patch('/v1/database/collections/:collectionId/documents/:documentId') $document = $projectDB->getDocument($documentId, false); $data = (\is_string($data)) ? \json_decode($data, true) : $data; // Cast to JSON array - + if (!\is_array($data)) { throw new Exception('Data param should be a valid JSON object', 400); } @@ -539,8 +543,8 @@ App::patch('/v1/database/collections/:collectionId/documents/:documentId') $data['$collection'] = $collection->getId(); // Make sure user don't switch collectionID $data['$id'] = $document->getId(); // Make sure user don't switch document unique ID - $data['$permissions']['read'] = $read; - $data['$permissions']['write'] = $write; + $data['$permissions']['read'] = (is_null($read)) ? ($document->getPermissions()['read'] ?? []) : $read; // By default inherit read permissions + $data['$permissions']['write'] = (is_null($write)) ? ($document->getPermissions()['write'] ?? []) : $write; // By default inherit write permissions if (empty($data)) { throw new Exception('Missing payload', 400); diff --git a/app/controllers/api/storage.php b/app/controllers/api/storage.php index d4500e95aa..840d1ca4e0 100644 --- a/app/controllers/api/storage.php +++ b/app/controllers/api/storage.php @@ -38,17 +38,19 @@ App::post('/v1/storage/files') ->label('sdk.response.type', Response::CONTENT_TYPE_JSON) ->label('sdk.response.model', Response::MODEL_FILE) ->param('file', [], new File(), 'Binary file.', false) - ->param('read', [], new ArrayList(new Text(64)), 'An array of strings with read permissions. By default no user is granted with any read permissions. [learn more about permissions](/docs/permissions) and get a full list of available permissions.') - ->param('write', [], new ArrayList(new Text(64)), 'An array of strings with write permissions. By default no user is granted with any write permissions. [learn more about permissions](/docs/permissions) and get a full list of available permissions.') + ->param('read', null, new ArrayList(new Text(64)), 'An array of strings with read permissions. By default only the current user is granted with read permissions. [learn more about permissions](/docs/permissions) and get a full list of available permissions.', true) + ->param('write', null, new ArrayList(new Text(64)), 'An array of strings with write permissions. By default only the current user is granted with write permissions. [learn more about permissions](/docs/permissions) and get a full list of available permissions.', true) ->inject('request') ->inject('response') ->inject('projectDB') + ->inject('user') ->inject('audits') ->inject('usage') - ->action(function ($file, $read, $write, $request, $response, $projectDB, $audits, $usage) { + ->action(function ($file, $read, $write, $request, $response, $projectDB, $user, $audits, $usage) { /** @var Utopia\Swoole\Request $request */ /** @var Appwrite\Utopia\Response $response */ /** @var Appwrite\Database\Database $projectDB */ + /** @var Appwrite\Database\Document $user */ /** @var Appwrite\Event\Event $audits */ /** @var Appwrite\Event\Event $usage */ @@ -122,8 +124,8 @@ App::post('/v1/storage/files') $file = $projectDB->createDocument([ '$collection' => Database::SYSTEM_COLLECTION_FILES, '$permissions' => [ - 'read' => $read, - 'write' => $write, + 'read' => (is_null($read)) ? ['user:'.$user->getId()] : $read, // By default set read permissions for user + 'write' => (is_null($write)) ? ['user:'.$user->getId()] : $write, // By default write read permissions for user ], 'dateCreated' => \time(), 'folderId' => '', From e05da0ce3c9a030901f045aed0d176a2ae91a997 Mon Sep 17 00:00:00 2001 From: Eldad Fux Date: Mon, 22 Mar 2021 00:26:00 +0200 Subject: [PATCH 2/3] Fixed comments --- app/controllers/api/storage.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/controllers/api/storage.php b/app/controllers/api/storage.php index 840d1ca4e0..82f37f9f6b 100644 --- a/app/controllers/api/storage.php +++ b/app/controllers/api/storage.php @@ -125,7 +125,7 @@ App::post('/v1/storage/files') '$collection' => Database::SYSTEM_COLLECTION_FILES, '$permissions' => [ 'read' => (is_null($read)) ? ['user:'.$user->getId()] : $read, // By default set read permissions for user - 'write' => (is_null($write)) ? ['user:'.$user->getId()] : $write, // By default write read permissions for user + 'write' => (is_null($write)) ? ['user:'.$user->getId()] : $write, // By default set write permissions for user ], 'dateCreated' => \time(), 'folderId' => '', From 46c465b80e53eb3f78e6f9f42f91aade199e11c1 Mon Sep 17 00:00:00 2001 From: Eldad Fux Date: Mon, 22 Mar 2021 09:34:51 +0200 Subject: [PATCH 3/3] Added some fixes and dedicated tests --- app/controllers/api/database.php | 4 +- app/controllers/api/storage.php | 4 +- composer.lock | 122 +++++++++++++----- tests/e2e/Services/Database/DatabaseBase.php | 129 ++++++++++++++++++- 4 files changed, 223 insertions(+), 36 deletions(-) diff --git a/app/controllers/api/database.php b/app/controllers/api/database.php index e12088e507..2c32ae981e 100644 --- a/app/controllers/api/database.php +++ b/app/controllers/api/database.php @@ -330,8 +330,8 @@ App::post('/v1/database/collections/:collectionId/documents') $data['$collection'] = $collectionId; // Adding this param to make API easier for developers $data['$permissions'] = [ - 'read' => (is_null($read)) ? ['user:'.$user->getId()] : $read, // By default set read permissions for user - 'write' => (is_null($write)) ? ['user:'.$user->getId()] : $write, // By default set write permissions for user + 'read' => (is_null($read) && !$user->isEmpty()) ? ['user:'.$user->getId()] : $read ?? [], // By default set read permissions for user + 'write' => (is_null($write) && !$user->isEmpty()) ? ['user:'.$user->getId()] : $write ?? [], // By default set write permissions for user ]; // Read parent document + validate not 404 + validate read / write permission like patch method diff --git a/app/controllers/api/storage.php b/app/controllers/api/storage.php index 82f37f9f6b..f0ce2e4050 100644 --- a/app/controllers/api/storage.php +++ b/app/controllers/api/storage.php @@ -124,8 +124,8 @@ App::post('/v1/storage/files') $file = $projectDB->createDocument([ '$collection' => Database::SYSTEM_COLLECTION_FILES, '$permissions' => [ - 'read' => (is_null($read)) ? ['user:'.$user->getId()] : $read, // By default set read permissions for user - 'write' => (is_null($write)) ? ['user:'.$user->getId()] : $write, // By default set write permissions for user + 'read' => (is_null($read) && !$user->isEmpty()) ? ['user:'.$user->getId()] : $read ?? [], // By default set read permissions for user + 'write' => (is_null($write) && !$user->isEmpty()) ? ['user:'.$user->getId()] : $write ?? [], // By default set write permissions for user ], 'dateCreated' => \time(), 'folderId' => '', diff --git a/composer.lock b/composer.lock index 8b29ae44f8..3fa80281f1 100644 --- a/composer.lock +++ b/composer.lock @@ -364,18 +364,18 @@ "source": { "type": "git", "url": "https://github.com/guzzle/guzzle.git", - "reference": "01129f635f45659fd4764a533777d069a978bc9d" + "reference": "98eeb955cbbe0e5d6f3f818e940c84f66aba427b" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/guzzle/guzzle/zipball/01129f635f45659fd4764a533777d069a978bc9d", - "reference": "01129f635f45659fd4764a533777d069a978bc9d", + "url": "https://api.github.com/repos/guzzle/guzzle/zipball/98eeb955cbbe0e5d6f3f818e940c84f66aba427b", + "reference": "98eeb955cbbe0e5d6f3f818e940c84f66aba427b", "shasum": "" }, "require": { "ext-json": "*", "guzzlehttp/promises": "^1.4", - "guzzlehttp/psr7": "^1.7", + "guzzlehttp/psr7": "^1.7 || ^2.0", "php": "^7.2.5 || ^8.0", "psr/http-client": "^1.0" }, @@ -383,6 +383,7 @@ "psr/http-client-implementation": "1.0" }, "require-dev": { + "bamarni/composer-bin-plugin": "^1.4.1", "ext-curl": "*", "php-http/client-integration-tests": "^3.0", "phpunit/phpunit": "^8.5.5 || ^9.3.5", @@ -459,7 +460,7 @@ "type": "github" } ], - "time": "2021-03-15T07:56:29+00:00" + "time": "2021-03-21T18:42:29+00:00" }, { "name": "guzzlehttp/promises", @@ -519,46 +520,47 @@ }, { "name": "guzzlehttp/psr7", - "version": "1.x-dev", + "version": "dev-master", "source": { "type": "git", "url": "https://github.com/guzzle/psr7.git", - "reference": "a67cdbf85690e54a7b92fe91c297b20d2607c0b2" + "reference": "c0dcda9f54d145bd4d062a6d15f54931a67732f9" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/guzzle/psr7/zipball/a67cdbf85690e54a7b92fe91c297b20d2607c0b2", - "reference": "a67cdbf85690e54a7b92fe91c297b20d2607c0b2", + "url": "https://api.github.com/repos/guzzle/psr7/zipball/c0dcda9f54d145bd4d062a6d15f54931a67732f9", + "reference": "c0dcda9f54d145bd4d062a6d15f54931a67732f9", "shasum": "" }, "require": { - "php": ">=5.4.0", - "psr/http-message": "~1.0", - "ralouphie/getallheaders": "^2.0.5 || ^3.0.0" + "php": "^7.2.5 || ^8.0", + "psr/http-factory": "^1.0", + "psr/http-message": "^1.0", + "ralouphie/getallheaders": "^3.0" }, "provide": { + "psr/http-factory-implementation": "1.0", "psr/http-message-implementation": "1.0" }, "require-dev": { - "ext-zlib": "*", - "phpunit/phpunit": "~4.8.36 || ^5.7.27 || ^6.5.14 || ^7.5.20 || ^8.5.8 || ^9.3.10" + "bamarni/composer-bin-plugin": "^1.4.1", + "http-interop/http-factory-tests": "^0.9", + "phpunit/phpunit": "^8.5.8 || ^9.3.10" }, "suggest": { "laminas/laminas-httphandlerrunner": "Emit PSR-7 responses" }, + "default-branch": true, "type": "library", "extra": { "branch-alias": { - "dev-master": "1.7-dev" + "dev-master": "2.0-dev" } }, "autoload": { "psr-4": { "GuzzleHttp\\Psr7\\": "src/" - }, - "files": [ - "src/functions_include.php" - ] + } }, "notification-url": "https://packagist.org/downloads/", "license": [ @@ -573,6 +575,11 @@ { "name": "Tobias Schultze", "homepage": "https://github.com/Tobion" + }, + { + "name": "Márk Sági-Kazár", + "email": "mark.sagikazar@gmail.com", + "homepage": "https://sagikazarmark.hu" } ], "description": "PSR-7 message implementation that also provides common utility methods", @@ -588,9 +595,9 @@ ], "support": { "issues": "https://github.com/guzzle/psr7/issues", - "source": "https://github.com/guzzle/psr7/tree/1.x" + "source": "https://github.com/guzzle/psr7/tree/2.0.0-beta1" }, - "time": "2021-03-15T11:15:53+00:00" + "time": "2021-03-21T17:21:36+00:00" }, { "name": "influxdb/influxdb-php", @@ -906,6 +913,62 @@ }, "time": "2020-09-19T09:12:31+00:00" }, + { + "name": "psr/http-factory", + "version": "dev-master", + "source": { + "type": "git", + "url": "https://github.com/php-fig/http-factory.git", + "reference": "36fa03d50ff82abcae81860bdaf4ed9a1510c7cd" + }, + "dist": { + "type": "zip", + "url": "https://api.github.com/repos/php-fig/http-factory/zipball/36fa03d50ff82abcae81860bdaf4ed9a1510c7cd", + "reference": "36fa03d50ff82abcae81860bdaf4ed9a1510c7cd", + "shasum": "" + }, + "require": { + "php": ">=7.0.0", + "psr/http-message": "^1.0" + }, + "default-branch": true, + "type": "library", + "extra": { + "branch-alias": { + "dev-master": "1.0.x-dev" + } + }, + "autoload": { + "psr-4": { + "Psr\\Http\\Message\\": "src/" + } + }, + "notification-url": "https://packagist.org/downloads/", + "license": [ + "MIT" + ], + "authors": [ + { + "name": "PHP-FIG", + "homepage": "https://www.php-fig.org/" + } + ], + "description": "Common interfaces for PSR-7 HTTP message factories", + "keywords": [ + "factory", + "http", + "message", + "psr", + "psr-17", + "psr-7", + "request", + "response" + ], + "support": { + "source": "https://github.com/php-fig/http-factory/tree/master" + }, + "time": "2020-09-17T16:52:55+00:00" + }, { "name": "psr/http-message", "version": "dev-master", @@ -1643,16 +1706,16 @@ }, { "name": "utopia-php/framework", - "version": "0.12.1", + "version": "0.12.2", "source": { "type": "git", "url": "https://github.com/utopia-php/framework.git", - "reference": "ba17789a16527d24b4fb11ddc359901a295fbf2f" + "reference": "2264a3a3e212e50b9440b219fef3b4afcd2adf5b" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/utopia-php/framework/zipball/ba17789a16527d24b4fb11ddc359901a295fbf2f", - "reference": "ba17789a16527d24b4fb11ddc359901a295fbf2f", + "url": "https://api.github.com/repos/utopia-php/framework/zipball/2264a3a3e212e50b9440b219fef3b4afcd2adf5b", + "reference": "2264a3a3e212e50b9440b219fef3b4afcd2adf5b", "shasum": "" }, "require": { @@ -1686,9 +1749,9 @@ ], "support": { "issues": "https://github.com/utopia-php/framework/issues", - "source": "https://github.com/utopia-php/framework/tree/0.12.1" + "source": "https://github.com/utopia-php/framework/tree/0.12.2" }, - "time": "2021-03-17T22:14:05+00:00" + "time": "2021-03-22T07:26:11+00:00" }, { "name": "utopia-php/image", @@ -2304,7 +2367,6 @@ "require-dev": { "phpunit/phpunit": "^7.0" }, - "default-branch": true, "type": "library", "autoload": { "psr-4": { @@ -5959,9 +6021,7 @@ ], "aliases": [], "minimum-stability": "dev", - "stability-flags": { - "appwrite/sdk-generator": 20 - }, + "stability-flags": [], "prefer-stable": false, "prefer-lowest": false, "platform": { diff --git a/tests/e2e/Services/Database/DatabaseBase.php b/tests/e2e/Services/Database/DatabaseBase.php index 2b93485f16..eedd312fef 100644 --- a/tests/e2e/Services/Database/DatabaseBase.php +++ b/tests/e2e/Services/Database/DatabaseBase.php @@ -501,6 +501,133 @@ trait DatabaseBase $this->assertEquals($document['headers']['status-code'], 404); - return []; + return $data; + } + + /** + * @depends testDeleteDocument + */ + public function testDefaultPermissions(array $data):array + { + $document = $this->client->call(Client::METHOD_POST, '/database/collections/' . $data['moviesId'] . '/documents', array_merge([ + 'content-type' => 'application/json', + 'x-appwrite-project' => $this->getProject()['$id'], + ], $this->getHeaders()), [ + 'data' => [ + 'name' => 'Captain America', + 'releaseYear' => 1944, + 'actors' => [], + ], + ]); + + $id = $document['body']['$id']; + + $this->assertEquals($document['headers']['status-code'], 201); + $this->assertEquals($document['body']['$collection'], $data['moviesId']); + $this->assertEquals($document['body']['name'], 'Captain America'); + $this->assertEquals($document['body']['releaseYear'], 1944); + $this->assertIsArray($document['body']['$permissions']); + $this->assertIsArray($document['body']['$permissions']['read']); + $this->assertIsArray($document['body']['$permissions']['write']); + + if($this->getSide() == 'client') { + $this->assertCount(1, $document['body']['$permissions']['read']); + $this->assertCount(1, $document['body']['$permissions']['write']); + $this->assertEquals(['user:'.$this->getUser()['$id']], $document['body']['$permissions']['read']); + $this->assertEquals(['user:'.$this->getUser()['$id']], $document['body']['$permissions']['write']); + } + + if($this->getSide() == 'server') { + $this->assertCount(0, $document['body']['$permissions']['read']); + $this->assertCount(0, $document['body']['$permissions']['write']); + $this->assertEquals([], $document['body']['$permissions']['read']); + $this->assertEquals([], $document['body']['$permissions']['write']); + } + + // Updated and Inherit Permissions + + $document = $this->client->call(Client::METHOD_PATCH, '/database/collections/' . $data['moviesId'] . '/documents/' . $id, array_merge([ + 'content-type' => 'application/json', + 'x-appwrite-project' => $this->getProject()['$id'], + ], $this->getHeaders()), [ + 'data' => [ + 'name' => 'Captain America 2', + 'releaseYear' => 1945, + 'actors' => [], + ], + 'read' => ['*'], + ]); + + $this->assertEquals($document['headers']['status-code'], 200); + $this->assertEquals($document['body']['name'], 'Captain America 2'); + $this->assertEquals($document['body']['releaseYear'], 1945); + + if($this->getSide() == 'client') { + $this->assertCount(1, $document['body']['$permissions']['read']); + $this->assertCount(1, $document['body']['$permissions']['write']); + $this->assertEquals(['*'], $document['body']['$permissions']['read']); + $this->assertEquals(['user:'.$this->getUser()['$id']], $document['body']['$permissions']['write']); + } + + if($this->getSide() == 'server') { + $this->assertCount(1, $document['body']['$permissions']['read']); + $this->assertCount(0, $document['body']['$permissions']['write']); + $this->assertEquals(['*'], $document['body']['$permissions']['read']); + $this->assertEquals([], $document['body']['$permissions']['write']); + } + + $document = $this->client->call(Client::METHOD_GET, '/database/collections/' . $data['moviesId'] . '/documents/' . $id, array_merge([ + 'content-type' => 'application/json', + 'x-appwrite-project' => $this->getProject()['$id'], + ], $this->getHeaders())); + + $this->assertEquals($document['headers']['status-code'], 200); + $this->assertEquals($document['body']['name'], 'Captain America 2'); + $this->assertEquals($document['body']['releaseYear'], 1945); + + if($this->getSide() == 'client') { + $this->assertCount(1, $document['body']['$permissions']['read']); + $this->assertCount(1, $document['body']['$permissions']['write']); + $this->assertEquals(['*'], $document['body']['$permissions']['read']); + $this->assertEquals(['user:'.$this->getUser()['$id']], $document['body']['$permissions']['write']); + } + + if($this->getSide() == 'server') { + $this->assertCount(1, $document['body']['$permissions']['read']); + $this->assertCount(0, $document['body']['$permissions']['write']); + $this->assertEquals(['*'], $document['body']['$permissions']['read']); + $this->assertEquals([], $document['body']['$permissions']['write']); + } + + // Reset Permissions + + $document = $this->client->call(Client::METHOD_PATCH, '/database/collections/' . $data['moviesId'] . '/documents/' . $id, array_merge([ + 'content-type' => 'application/json', + 'x-appwrite-project' => $this->getProject()['$id'], + ], $this->getHeaders()), [ + 'data' => [ + 'name' => 'Captain America 3', + 'releaseYear' => 1946, + 'actors' => [], + ], + 'read' => [], + 'write' => [], + ]); + + if($this->getSide() == 'client') { + $this->assertEquals($document['headers']['status-code'], 401); + } + + if($this->getSide() == 'server') { + $this->assertEquals($document['headers']['status-code'], 200); + $this->assertEquals($document['body']['name'], 'Captain America 3'); + $this->assertEquals($document['body']['releaseYear'], 1946); + $this->assertCount(0, $document['body']['$permissions']['read']); + $this->assertCount(0, $document['body']['$permissions']['write']); + $this->assertEquals([], $document['body']['$permissions']['read']); + $this->assertEquals([], $document['body']['$permissions']['write']); + } + + return $data; } } \ No newline at end of file