Elgato_dark/appwrite
1
0
Fork 0
mirror of https://github.com/appwrite/appwrite synced 2026-05-24 09:28:40 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

Refactor: Update role retrieval to use authorization object in multiple files

Browse source
This commit is contained in:
shimon 2025-11-27 18:56:33 +02:00
parent 5da1f791a5
commit 67311fe5d6
4 changed files with 33 additions and 21 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
app/controllers/api/storage.php
View file

@ -2,6 +2,7 @@
use Ahc\Jwt\JWT;
use Ahc\Jwt\JWTException;
use Appwrite\Auth\Auth;
use Appwrite\ClamAV\Network;
use Appwrite\Event\Delete;
use Appwrite\Event\Event;
@ -1006,7 +1007,7 @@ App::get('/v1/storage/buckets/:bucketId/files/:fileId/preview')
}
if (!$resourceToken->isEmpty() && $resourceToken->getAttribute('fileInternalId') !== $file->getSequence()) {
throw new Exception(Exception::USER_UNAUTHORIZED, $authorization->getDescription());
throw new Exception(Exception::USER_UNAUTHORIZED);
}
if ($file->isEmpty()) {
@ -1495,7 +1496,7 @@ App::get('/v1/storage/buckets/:bucketId/files/:fileId/push')
try {
$decoded = $decoder->decode($jwt);
} catch (JWTException) {
throw new Exception(Exception::USER_UNAUTHORIZED, $authorization->getDescription());
throw new Exception(Exception::USER_UNAUTHORIZED);
}
if (
@ -1503,7 +1504,7 @@ App::get('/v1/storage/buckets/:bucketId/files/:fileId/push')
$decoded['bucketId'] !== $bucketId ||
$decoded['fileId'] !== $fileId
) {
throw new Exception(Exception::USER_UNAUTHORIZED, $authorization->getDescription());
throw new Exception(Exception::USER_UNAUTHORIZED);
}
$isInternal = $decoded['internal'] ?? false;
@ -1526,7 +1527,6 @@ App::get('/v1/storage/buckets/:bucketId/files/:fileId/push')
$mimes = Config::getParam('storage-mimes');
$path = $file->getAttribute('path', '');
if (!$deviceForFiles->exists($path)) {
throw new Exception(Exception::STORAGE_FILE_NOT_FOUND, 'File not found in ' . $path);
}

8
app/realtime.php
View file

@ -450,7 +450,7 @@ $server->onWorkerStart(function (int $workerId) use ($server, $register, $stats,
Console::error('Pub/sub failed (worker: ' . $workerId . ')');
}
$pubsub->subscribe(['realtime'], function (mixed $redis, string $channel, string $payload) use ($server, $workerId, $stats, $register, $realtime, $authorization) {
$pubsub->subscribe(['realtime'], function (mixed $redis, string $channel, string $payload) use ($server, $workerId, $stats, $register, $realtime) {
$event = json_decode($payload, true);
if ($event['permissionsChanged'] && isset($event['userId'])) {
@ -466,7 +466,7 @@ $server->onWorkerStart(function (int $workerId) use ($server, $register, $stats,
/** @var Appwrite\Utopia\Database\Documents\User $user */
$user = $database->getDocument('users', $userId);
$roles = $user->getRoles($authorization);
$roles = $user->getRoles($database->getAuthorization());
$channels = $realtime->connections[$connection]['channels'];
$realtime->unsubscribe($connection);
@ -571,7 +571,7 @@ $server->onOpen(function (int $connection, SwooleRequest $request) use ($server,
throw new Exception(Exception::REALTIME_POLICY_VIOLATION, $originValidator->getDescription());
}
$roles = $user->getRoles();
$roles = $user->getRoles($authorization);
$channels = Realtime::convertChannels($request->getQuery('channels', []), $user->getId());
@ -710,7 +710,7 @@ $server->onMessage(function (int $connection, string $message) use ($server, $re
throw new Exception(Exception::REALTIME_MESSAGE_FORMAT_INVALID, 'Session is not valid.');
}
$roles = $user->getRoles();
$roles = $user->getRoles($database->getAuthorization());
$channels = Realtime::convertChannels(array_flip($realtime->connections[$connection]['channels']), $user->getId());
$realtime->subscribe($realtime->connections[$connection]['projectId'], $connection, $roles, $channels);

4
tests/unit/Messaging/MessagingChannelsTest.php
View file

@ -79,7 +79,7 @@ class MessagingChannelsTest extends TestCase
]
]);
$roles = $user->getRoles();
$roles = $user->getRoles($this->getAuthorization());
$parsedChannels = Realtime::convertChannels([0 => $channel], $user->getId());
@ -103,7 +103,7 @@ class MessagingChannelsTest extends TestCase
'$id' => ''
]);
$roles = $user->getRoles();
$roles = $user->getRoles($this->getAuthorization());
$parsedChannels = Realtime::convertChannels([0 => $channel], $user->getId());

34
tests/unit/Utopia/Database/Documents/UserTest.php
View file

@ -14,13 +14,26 @@ use Utopia\Database\Validator\Roles;
class UserTest extends TestCase
{
private $authorization;
public function getAuthorization(): Authorization
{
if (isset($this->authorization)) {
return $this->authorization;
}
$this->authorization = new Authorization();
return $this->authorization;
}
/**
* Reset Roles
*/
public function tearDown(): void
{
Authorization::cleanRoles();
Authorization::setRole(Role::any()->toString());
$this->getAuthorization()->cleanRoles();
$this->getAuthorization()->addRole(Role::any()->toString());
}
public function testSessionVerify(): void
@ -197,7 +210,7 @@ class UserTest extends TestCase
'$id' => ''
]);
$roles = $user->getRoles();
$roles = $user->getRoles($this->getAuthorization());
$this->assertCount(1, $roles);
$this->assertContains(Role::guests()->toString(), $roles);
}
@ -233,7 +246,7 @@ class UserTest extends TestCase
]
]);
$roles = $user->getRoles();
$roles = $user->getRoles($this->getAuthorization());
$this->assertCount(13, $roles);
$this->assertContains(Role::users()->toString(), $roles);
@ -254,21 +267,21 @@ class UserTest extends TestCase
$user['emailVerification'] = false;
$user['phoneVerification'] = false;
$roles = $user->getRoles();
$roles = $user->getRoles($this->getAuthorization());
$this->assertContains(Role::users(Roles::DIMENSION_UNVERIFIED)->toString(), $roles);
$this->assertContains(Role::user(ID::custom('123'), Roles::DIMENSION_UNVERIFIED)->toString(), $roles);
// Enable single verification type
$user['emailVerification'] = true;
$roles = $user->getRoles();
$roles = $user->getRoles($this->getAuthorization() );
$this->assertContains(Role::users(Roles::DIMENSION_VERIFIED)->toString(), $roles);
$this->assertContains(Role::user(ID::custom('123'), Roles::DIMENSION_VERIFIED)->toString(), $roles);
}
public function testPrivilegedUserRoles(): void
{
Authorization::setRole(User::ROLE_OWNER);
$this->getAuthorization()->addRole(User::ROLE_OWNER);
$user = new User([
'$id' => ID::custom('123'),
'emailVerification' => true,
@ -293,8 +306,7 @@ class UserTest extends TestCase
]
]
]);
$roles = $user->getRoles();
$roles = $user->getRoles($this->getAuthorization());
$this->assertCount(7, $roles);
$this->assertNotContains(Role::users()->toString(), $roles);
@ -312,7 +324,7 @@ class UserTest extends TestCase
public function testAppUserRoles(): void
{
Authorization::setRole(User::ROLE_APPS);
$this->getAuthorization()->addRole(User::ROLE_APPS);
$user = new User([
'$id' => ID::custom('123'),
'memberships' => [
@ -336,7 +348,7 @@ class UserTest extends TestCase
]
]);
$roles = $user->getRoles();
$roles = $user->getRoles($this->getAuthorization());
$this->assertCount(7, $roles);
$this->assertNotContains(Role::users()->toString(), $roles);