From 76d3dc3d5a12e8d4223ba82ad27d98de15980e3c Mon Sep 17 00:00:00 2001 From: ArnabChatterjee20k Date: Thu, 2 Oct 2025 18:27:20 +0530 Subject: [PATCH] * added senstive var copying in `from` method * added tests --- src/Appwrite/Event/Event.php | 1 + .../Realtime/RealtimeCustomClientTest.php | 151 ++++++++++++++++++ 2 files changed, 152 insertions(+) diff --git a/src/Appwrite/Event/Event.php b/src/Appwrite/Event/Event.php index e9f3ccc2a2..16fe76bf8a 100644 --- a/src/Appwrite/Event/Event.php +++ b/src/Appwrite/Event/Event.php @@ -592,6 +592,7 @@ class Event $this->project = $event->getProject(); $this->user = $event->getUser(); $this->payload = $event->getPayload(); + $this->sensitive = $event->sensitive; $this->event = $event->getEvent(); $this->params = $event->getParams(); $this->context = $event->context; diff --git a/tests/e2e/Services/Realtime/RealtimeCustomClientTest.php b/tests/e2e/Services/Realtime/RealtimeCustomClientTest.php index 3e57c5e9bc..ef39908658 100644 --- a/tests/e2e/Services/Realtime/RealtimeCustomClientTest.php +++ b/tests/e2e/Services/Realtime/RealtimeCustomClientTest.php @@ -2507,4 +2507,155 @@ class RealtimeCustomClientTest extends Scope $client->close(); } + + public function testRelationshipPayloadHidesRelatedDoc() + { + $user = $this->getUser(); + $session = $user['session'] ?? ''; + $projectId = $this->getProject()['$id']; + + $client = $this->getWebsocket(['documents'], [ + 'origin' => 'http://localhost', + 'cookie' => 'a_session_' . $projectId . '=' . $session + ]); + + $response = json_decode($client->receive(), true); + $this->assertArrayHasKey('type', $response); + $this->assertEquals('connected', $response['type']); + + // Create database + $database = $this->client->call(Client::METHOD_POST, '/databases', array_merge([ + 'content-type' => 'application/json', + 'x-appwrite-project' => $projectId, + 'x-appwrite-key' => $this->getProject()['apiKey'] + ]), [ + 'databaseId' => ID::unique(), + 'name' => 'db-rel' + ]); + $databaseId = $database['body']['$id']; + + $level1 = $this->client->call(Client::METHOD_POST, "/databases/{$databaseId}/collections", array_merge([ + 'content-type' => 'application/json', + 'x-appwrite-project' => $projectId, + 'x-appwrite-key' => $this->getProject()['apiKey'] + ]), [ + 'collectionId' => ID::unique(), + 'name' => 'level1', + 'permissions' => [ + Permission::read(Role::any()), + Permission::create(Role::any()), + Permission::update(Role::any()), + Permission::delete(Role::any()), + ], + 'documentSecurity' => true, + ]); + $level1Id = $level1['body']['$id']; + + $level2 = $this->client->call(Client::METHOD_POST, "/databases/{$databaseId}/collections", array_merge([ + 'content-type' => 'application/json', + 'x-appwrite-project' => $projectId, + 'x-appwrite-key' => $this->getProject()['apiKey'] + ]), [ + 'collectionId' => ID::unique(), + 'name' => 'level2', + 'permissions' => [ + Permission::read(Role::any()), + Permission::create(Role::any()), + Permission::update(Role::any()), + Permission::delete(Role::any()), + ], + 'documentSecurity' => true, + ]); + $level2Id = $level2['body']['$id']; + + $this->client->call(Client::METHOD_POST, "/databases/{$databaseId}/collections/{$level1Id}/attributes/string", array_merge([ + 'content-type' => 'application/json', + 'x-appwrite-project' => $projectId, + 'x-appwrite-key' => $this->getProject()['apiKey'] + ]), [ + 'key' => 'name', + 'size' => 256, + 'required' => false, + ]); + + $this->client->call(Client::METHOD_POST, "/databases/{$databaseId}/collections/{$level2Id}/attributes/string", array_merge([ + 'content-type' => 'application/json', + 'x-appwrite-project' => $projectId, + 'x-appwrite-key' => $this->getProject()['apiKey'] + ]), [ + 'key' => 'name', + 'size' => 256, + 'required' => false, + ]); + + sleep(2); + + // two-way one-to-one relationship from level1 to level2 + $this->client->call(Client::METHOD_POST, "/databases/{$databaseId}/collections/{$level1Id}/attributes/relationship", array_merge([ + 'content-type' => 'application/json', + 'x-appwrite-project' => $projectId, + 'x-appwrite-key' => $this->getProject()['apiKey'] + ]), [ + 'relatedCollectionId' => $level2Id, + 'type' => 'oneToOne', + 'twoWay' => true, + 'key' => 'level2Ref', + 'onDelete' => 'cascade', + ]); + + sleep(2); + + $doc2 = $this->client->call(Client::METHOD_POST, "/databases/{$databaseId}/collections/{$level2Id}/documents", array_merge([ + 'content-type' => 'application/json', + 'x-appwrite-project' => $projectId, + ], $this->getHeaders()), [ + 'documentId' => ID::unique(), + 'data' => [ 'name' => 'L2' ], + 'permissions' => [ + Permission::read(Role::any()), + Permission::update(Role::any()), + Permission::delete(Role::any()), + ], + ]); + $doc2Id = $doc2['body']['$id']; + + $doc1 = $this->client->call(Client::METHOD_POST, "/databases/{$databaseId}/collections/{$level1Id}/documents", array_merge([ + 'content-type' => 'application/json', + 'x-appwrite-project' => $projectId, + ], $this->getHeaders()), [ + 'documentId' => ID::unique(), + 'data' => [ 'name' => 'L1' ], + 'permissions' => [ + Permission::read(Role::any()), + Permission::update(Role::any()), + Permission::delete(Role::any()), + ], + ]); + $doc1Id = $doc1['body']['$id']; + + json_decode($client->receive(), true); + + $this->client->call(Client::METHOD_PATCH, "/databases/{$databaseId}/collections/{$level1Id}/documents/{$doc1Id}", array_merge([ + 'content-type' => 'application/json', + 'x-appwrite-project' => $projectId, + 'x-appwrite-key' => $this->getProject()['apiKey'] + ]), [ + 'data' => [ + 'level2Ref' => $doc2Id, + ], + ]); + + // payload should not contain the relationship attribute 'level2Ref' + $event = json_decode($client->receive(), true); + $this->assertArrayHasKey('type', $event); + $this->assertEquals('event', $event['type']); + $this->assertArrayHasKey('data', $event); + $this->assertNotEmpty($event['data']); + $this->assertArrayHasKey('payload', $event['data']); + $this->assertArrayHasKey('$id', $event['data']['payload']); + $this->assertEquals($doc1Id, $event['data']['payload']['$id']); + $this->assertArrayNotHasKey('level2Ref', $event['data']['payload']); + + $client->close(); + } }