From 67311fe5d6717dfaf38df5ce667c8f2f2e923dba Mon Sep 17 00:00:00 2001 From: shimon Date: Thu, 27 Nov 2025 18:56:33 +0200 Subject: [PATCH] Refactor: Update role retrieval to use authorization object in multiple files --- app/controllers/api/storage.php | 8 ++--- app/realtime.php | 8 ++--- .../unit/Messaging/MessagingChannelsTest.php | 4 +-- .../Utopia/Database/Documents/UserTest.php | 34 +++++++++++++------ 4 files changed, 33 insertions(+), 21 deletions(-) diff --git a/app/controllers/api/storage.php b/app/controllers/api/storage.php index 1353906635..32ad32b888 100644 --- a/app/controllers/api/storage.php +++ b/app/controllers/api/storage.php @@ -2,6 +2,7 @@ use Ahc\Jwt\JWT; use Ahc\Jwt\JWTException; +use Appwrite\Auth\Auth; use Appwrite\ClamAV\Network; use Appwrite\Event\Delete; use Appwrite\Event\Event; @@ -1006,7 +1007,7 @@ App::get('/v1/storage/buckets/:bucketId/files/:fileId/preview') } if (!$resourceToken->isEmpty() && $resourceToken->getAttribute('fileInternalId') !== $file->getSequence()) { - throw new Exception(Exception::USER_UNAUTHORIZED, $authorization->getDescription()); + throw new Exception(Exception::USER_UNAUTHORIZED); } if ($file->isEmpty()) { @@ -1495,7 +1496,7 @@ App::get('/v1/storage/buckets/:bucketId/files/:fileId/push') try { $decoded = $decoder->decode($jwt); } catch (JWTException) { - throw new Exception(Exception::USER_UNAUTHORIZED, $authorization->getDescription()); + throw new Exception(Exception::USER_UNAUTHORIZED); } if ( @@ -1503,7 +1504,7 @@ App::get('/v1/storage/buckets/:bucketId/files/:fileId/push') $decoded['bucketId'] !== $bucketId || $decoded['fileId'] !== $fileId ) { - throw new Exception(Exception::USER_UNAUTHORIZED, $authorization->getDescription()); + throw new Exception(Exception::USER_UNAUTHORIZED); } $isInternal = $decoded['internal'] ?? false; @@ -1526,7 +1527,6 @@ App::get('/v1/storage/buckets/:bucketId/files/:fileId/push') $mimes = Config::getParam('storage-mimes'); $path = $file->getAttribute('path', ''); - if (!$deviceForFiles->exists($path)) { throw new Exception(Exception::STORAGE_FILE_NOT_FOUND, 'File not found in ' . $path); } diff --git a/app/realtime.php b/app/realtime.php index e020546a02..20e6a6096e 100644 --- a/app/realtime.php +++ b/app/realtime.php @@ -450,7 +450,7 @@ $server->onWorkerStart(function (int $workerId) use ($server, $register, $stats, Console::error('Pub/sub failed (worker: ' . $workerId . ')'); } - $pubsub->subscribe(['realtime'], function (mixed $redis, string $channel, string $payload) use ($server, $workerId, $stats, $register, $realtime, $authorization) { + $pubsub->subscribe(['realtime'], function (mixed $redis, string $channel, string $payload) use ($server, $workerId, $stats, $register, $realtime) { $event = json_decode($payload, true); if ($event['permissionsChanged'] && isset($event['userId'])) { @@ -466,7 +466,7 @@ $server->onWorkerStart(function (int $workerId) use ($server, $register, $stats, /** @var Appwrite\Utopia\Database\Documents\User $user */ $user = $database->getDocument('users', $userId); - $roles = $user->getRoles($authorization); + $roles = $user->getRoles($database->getAuthorization()); $channels = $realtime->connections[$connection]['channels']; $realtime->unsubscribe($connection); @@ -571,7 +571,7 @@ $server->onOpen(function (int $connection, SwooleRequest $request) use ($server, throw new Exception(Exception::REALTIME_POLICY_VIOLATION, $originValidator->getDescription()); } - $roles = $user->getRoles(); + $roles = $user->getRoles($authorization); $channels = Realtime::convertChannels($request->getQuery('channels', []), $user->getId()); @@ -710,7 +710,7 @@ $server->onMessage(function (int $connection, string $message) use ($server, $re throw new Exception(Exception::REALTIME_MESSAGE_FORMAT_INVALID, 'Session is not valid.'); } - $roles = $user->getRoles(); + $roles = $user->getRoles($database->getAuthorization()); $channels = Realtime::convertChannels(array_flip($realtime->connections[$connection]['channels']), $user->getId()); $realtime->subscribe($realtime->connections[$connection]['projectId'], $connection, $roles, $channels); diff --git a/tests/unit/Messaging/MessagingChannelsTest.php b/tests/unit/Messaging/MessagingChannelsTest.php index 29d29ed219..7df5b8d1e6 100644 --- a/tests/unit/Messaging/MessagingChannelsTest.php +++ b/tests/unit/Messaging/MessagingChannelsTest.php @@ -79,7 +79,7 @@ class MessagingChannelsTest extends TestCase ] ]); - $roles = $user->getRoles(); + $roles = $user->getRoles($this->getAuthorization()); $parsedChannels = Realtime::convertChannels([0 => $channel], $user->getId()); @@ -103,7 +103,7 @@ class MessagingChannelsTest extends TestCase '$id' => '' ]); - $roles = $user->getRoles(); + $roles = $user->getRoles($this->getAuthorization()); $parsedChannels = Realtime::convertChannels([0 => $channel], $user->getId()); diff --git a/tests/unit/Utopia/Database/Documents/UserTest.php b/tests/unit/Utopia/Database/Documents/UserTest.php index 4675e8d73f..a1f4a207e8 100644 --- a/tests/unit/Utopia/Database/Documents/UserTest.php +++ b/tests/unit/Utopia/Database/Documents/UserTest.php @@ -14,13 +14,26 @@ use Utopia\Database\Validator\Roles; class UserTest extends TestCase { + + private $authorization; + + public function getAuthorization(): Authorization + { + if (isset($this->authorization)) { + return $this->authorization; + } + + $this->authorization = new Authorization(); + return $this->authorization; + } + /** * Reset Roles */ public function tearDown(): void { - Authorization::cleanRoles(); - Authorization::setRole(Role::any()->toString()); + $this->getAuthorization()->cleanRoles(); + $this->getAuthorization()->addRole(Role::any()->toString()); } public function testSessionVerify(): void @@ -197,7 +210,7 @@ class UserTest extends TestCase '$id' => '' ]); - $roles = $user->getRoles(); + $roles = $user->getRoles($this->getAuthorization()); $this->assertCount(1, $roles); $this->assertContains(Role::guests()->toString(), $roles); } @@ -233,7 +246,7 @@ class UserTest extends TestCase ] ]); - $roles = $user->getRoles(); + $roles = $user->getRoles($this->getAuthorization()); $this->assertCount(13, $roles); $this->assertContains(Role::users()->toString(), $roles); @@ -254,21 +267,21 @@ class UserTest extends TestCase $user['emailVerification'] = false; $user['phoneVerification'] = false; - $roles = $user->getRoles(); + $roles = $user->getRoles($this->getAuthorization()); $this->assertContains(Role::users(Roles::DIMENSION_UNVERIFIED)->toString(), $roles); $this->assertContains(Role::user(ID::custom('123'), Roles::DIMENSION_UNVERIFIED)->toString(), $roles); // Enable single verification type $user['emailVerification'] = true; - $roles = $user->getRoles(); + $roles = $user->getRoles($this->getAuthorization() ); $this->assertContains(Role::users(Roles::DIMENSION_VERIFIED)->toString(), $roles); $this->assertContains(Role::user(ID::custom('123'), Roles::DIMENSION_VERIFIED)->toString(), $roles); } public function testPrivilegedUserRoles(): void { - Authorization::setRole(User::ROLE_OWNER); + $this->getAuthorization()->addRole(User::ROLE_OWNER); $user = new User([ '$id' => ID::custom('123'), 'emailVerification' => true, @@ -293,8 +306,7 @@ class UserTest extends TestCase ] ] ]); - - $roles = $user->getRoles(); + $roles = $user->getRoles($this->getAuthorization()); $this->assertCount(7, $roles); $this->assertNotContains(Role::users()->toString(), $roles); @@ -312,7 +324,7 @@ class UserTest extends TestCase public function testAppUserRoles(): void { - Authorization::setRole(User::ROLE_APPS); + $this->getAuthorization()->addRole(User::ROLE_APPS); $user = new User([ '$id' => ID::custom('123'), 'memberships' => [ @@ -336,7 +348,7 @@ class UserTest extends TestCase ] ]); - $roles = $user->getRoles(); + $roles = $user->getRoles($this->getAuthorization()); $this->assertCount(7, $roles); $this->assertNotContains(Role::users()->toString(), $roles);