From 6b77fcf21f775c28ab328b43650300c3cfeccc9a Mon Sep 17 00:00:00 2001 From: Matej Baco Date: Wed, 12 Jan 2022 20:51:13 +0100 Subject: [PATCH 1/5] FIxed 409 for createCollection --- app/controllers/api/database.php | 4 ++-- .../Database/DatabaseCustomServerTest.php | 16 ++++++++++++++++ 2 files changed, 18 insertions(+), 2 deletions(-) diff --git a/app/controllers/api/database.php b/app/controllers/api/database.php index c6fb149700..00e951030f 100644 --- a/app/controllers/api/database.php +++ b/app/controllers/api/database.php @@ -166,8 +166,6 @@ App::post('/v1/database/collections') $collectionId = $collectionId == 'unique()' ? $dbForProject->getId() : $collectionId; try { - $dbForProject->createCollection('collection_' . $collectionId); - $collection = $dbForProject->createDocument('collections', new Document([ '$id' => $collectionId, '$read' => $read ?? [], // Collection permissions for collection documents (based on permission model) @@ -183,6 +181,8 @@ App::post('/v1/database/collections') throw new Exception('Collection already exists', 409); } + $dbForProject->createCollection('collection_' . $collectionId); + $audits ->setParam('event', 'database.collections.create') ->setParam('resource', 'collection/'.$collectionId) diff --git a/tests/e2e/Services/Database/DatabaseCustomServerTest.php b/tests/e2e/Services/Database/DatabaseCustomServerTest.php index 659839debe..cd14974c6c 100644 --- a/tests/e2e/Services/Database/DatabaseCustomServerTest.php +++ b/tests/e2e/Services/Database/DatabaseCustomServerTest.php @@ -7,6 +7,7 @@ use Tests\E2E\Scopes\Scope; use Tests\E2E\Scopes\SideServer; use Tests\E2E\Client; use Utopia\Database\Database; +use function array_merge; class DatabaseCustomServerTest extends Scope { @@ -136,6 +137,21 @@ class DatabaseCustomServerTest extends Scope ]); $this->assertEquals($response['headers']['status-code'], 400); + + // This collection already exists + $response = $this->client->call(Client::METHOD_POST, '/database/collections', array_merge([ + 'content-type' => 'application/json', + 'x-appwrite-project' => $this->getProject()['$id'], + 'x-appwrite-key' => $this->getProject()['apiKey'] + ]), [ + 'name' => 'Test 1', + 'collectionId' => 'first', + 'read' => ['role:all'], + 'write' => ['role:all'], + 'permission' => 'document' + ]); + + $this->assertEquals($response['headers']['status-code'], 409); } public function testDeleteAttribute(): array From 2f75f9d13de1f056d28996c4921f1dc5e8d7c9fd Mon Sep 17 00:00:00 2001 From: Matej Baco Date: Wed, 12 Jan 2022 20:54:19 +0100 Subject: [PATCH 2/5] Removed leftover --- tests/e2e/Services/Database/DatabaseCustomServerTest.php | 1 - 1 file changed, 1 deletion(-) diff --git a/tests/e2e/Services/Database/DatabaseCustomServerTest.php b/tests/e2e/Services/Database/DatabaseCustomServerTest.php index cd14974c6c..117ca960d4 100644 --- a/tests/e2e/Services/Database/DatabaseCustomServerTest.php +++ b/tests/e2e/Services/Database/DatabaseCustomServerTest.php @@ -7,7 +7,6 @@ use Tests\E2E\Scopes\Scope; use Tests\E2E\Scopes\SideServer; use Tests\E2E\Client; use Utopia\Database\Database; -use function array_merge; class DatabaseCustomServerTest extends Scope { From 88f43c32a4350640675a47d0e2a59b7d9780241c Mon Sep 17 00:00:00 2001 From: Steven Nguyen Date: Tue, 7 Dec 2021 00:01:09 -0800 Subject: [PATCH 3/5] Fix non-owner not able to delete their membership --- app/controllers/api/teams.php | 9 ++- tests/e2e/Services/Teams/TeamsBaseClient.php | 71 ++++++++++++++++++-- 2 files changed, 73 insertions(+), 7 deletions(-) diff --git a/app/controllers/api/teams.php b/app/controllers/api/teams.php index ab5534edc6..b319bb04d6 100644 --- a/app/controllers/api/teams.php +++ b/app/controllers/api/teams.php @@ -16,6 +16,7 @@ use Utopia\Validator\ArrayList; use Utopia\Validator\WhiteList; use Utopia\Database\Database; use Utopia\Database\Document; +use Utopia\Database\Exception\Authorization as AuthorizationException; use Utopia\Database\Exception\Duplicate; use Utopia\Database\Query; use Utopia\Database\Validator\Authorization; @@ -761,7 +762,11 @@ App::delete('/v1/teams/:teamId/memberships/:membershipId') throw new Exception('Team not found', 404); } - if (!$dbForProject->deleteDocument('memberships', $membership->getId())) { + try { + $dbForProject->deleteDocument('memberships', $membership->getId()); + } catch (AuthorizationException $exception) { + throw new Exception('Unauthorized permissions', 401); + } catch (\Exception $exception) { throw new Exception('Failed to remove membership from DB', 500); } @@ -782,7 +787,7 @@ App::delete('/v1/teams/:teamId/memberships/:membershipId') if ($membership->getAttribute('confirm')) { // Count only confirmed members $team->setAttribute('sum', \max($team->getAttribute('sum', 0) - 1, 0)); - $team = $dbForProject->updateDocument('teams', $team->getId(), $team); + Authorization::skip(fn() => $dbForProject->updateDocument('teams', $team->getId(), $team)); } $audits diff --git a/tests/e2e/Services/Teams/TeamsBaseClient.php b/tests/e2e/Services/Teams/TeamsBaseClient.php index 89ac02da74..e03ce89a9c 100644 --- a/tests/e2e/Services/Teams/TeamsBaseClient.php +++ b/tests/e2e/Services/Teams/TeamsBaseClient.php @@ -391,11 +391,75 @@ trait TeamsBaseClient { $teamUid = $data['teamUid'] ?? ''; $membershipUid = $data['membershipUid'] ?? ''; + $session = $data['session'] ?? ''; + + $response = $this->client->call(Client::METHOD_GET, '/teams/'.$teamUid.'/memberships', array_merge([ + 'content-type' => 'application/json', + 'x-appwrite-project' => $this->getProject()['$id'], + ], $this->getHeaders())); + + $this->assertEquals(200, $response['headers']['status-code']); + $this->assertEquals(2, $response['body']['sum']); + $ownerMembershipUid = $response['body']['memberships'][0]['$id']; + + /** + * Test for FAILURE + */ + + /** + * Test deleting a membership that does not exists + */ + $response = $this->client->call(Client::METHOD_DELETE, '/teams/'.$teamUid.'/memberships/dne', [ + 'origin' => 'http://localhost', + 'content-type' => 'application/json', + 'x-appwrite-project' => $this->getProject()['$id'], + 'cookie' => 'a_session_'.$this->getProject()['$id'].'='.$session, + ]); + + $this->assertEquals(404, $response['headers']['status-code']); + + /** + * Test deleting another user's membership + */ + $response = $this->client->call(Client::METHOD_DELETE, '/teams/'.$teamUid.'/memberships/'.$ownerMembershipUid, [ + 'origin' => 'http://localhost', + 'content-type' => 'application/json', + 'x-appwrite-project' => $this->getProject()['$id'], + 'cookie' => 'a_session_'.$this->getProject()['$id'].'='.$session, + ]); + + $this->assertEquals(401, $response['headers']['status-code']); + /** * Test for SUCCESS */ - $response = $this->client->call(Client::METHOD_DELETE, '/teams/'.$teamUid.'/memberships/'.$membershipUid, array_merge([ + + /** + * Test for when a user other than the owner tries to delete their membership + */ + $response = $this->client->call(Client::METHOD_DELETE, '/teams/'.$teamUid.'/memberships/'.$membershipUid, [ + 'origin' => 'http://localhost', + 'content-type' => 'application/json', + 'x-appwrite-project' => $this->getProject()['$id'], + 'cookie' => 'a_session_'.$this->getProject()['$id'].'='.$session, + ]); + + $this->assertEquals(204, $response['headers']['status-code']); + $this->assertEmpty($response['body']); + + $response = $this->client->call(Client::METHOD_GET, '/teams/'.$teamUid.'/memberships', array_merge([ + 'content-type' => 'application/json', + 'x-appwrite-project' => $this->getProject()['$id'], + ], $this->getHeaders())); + + $this->assertEquals(200, $response['headers']['status-code']); + $this->assertEquals(1, $response['body']['sum']); + + /** + * Test for when the owner tries to delete their membership + */ + $response = $this->client->call(Client::METHOD_DELETE, '/teams/'.$teamUid.'/memberships/'.$ownerMembershipUid, array_merge([ 'origin' => 'http://localhost', 'content-type' => 'application/json', 'x-appwrite-project' => $this->getProject()['$id'], @@ -404,10 +468,7 @@ trait TeamsBaseClient $this->assertEquals(204, $response['headers']['status-code']); $this->assertEmpty($response['body']); - /** - * Test for FAILURE - */ - $response = $this->client->call(Client::METHOD_GET, '/teams/'.$teamUid.'/memberships/'.$membershipUid, array_merge([ + $response = $this->client->call(Client::METHOD_GET, '/teams/'.$teamUid.'/memberships/'.$ownerMembershipUid, array_merge([ 'origin' => 'http://localhost', 'content-type' => 'application/json', 'x-appwrite-project' => $this->getProject()['$id'], From 85630df661a0c5b28046dc1775c999c7391f7b1a Mon Sep 17 00:00:00 2001 From: Matej Baco Date: Mon, 24 Jan 2022 09:20:02 +0100 Subject: [PATCH 4/5] PR review changes --- app/controllers/api/database.php | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/app/controllers/api/database.php b/app/controllers/api/database.php index 00e951030f..a1fc91207d 100644 --- a/app/controllers/api/database.php +++ b/app/controllers/api/database.php @@ -177,12 +177,14 @@ App::post('/v1/database/collections') 'name' => $name, 'search' => implode(' ', [$collectionId, $name]), ])); + + $dbForProject->createCollection('collection_' . $collectionId); } catch (DuplicateException $th) { throw new Exception('Collection already exists', 409); + } catch (LimitException $th) { + throw new Exception('Collection limit exceeded', 400); } - $dbForProject->createCollection('collection_' . $collectionId); - $audits ->setParam('event', 'database.collections.create') ->setParam('resource', 'collection/'.$collectionId) From 5ae1da65e39db0022f31535e3d22fcc5acf48338 Mon Sep 17 00:00:00 2001 From: Vincent Ge Date: Tue, 25 Jan 2022 17:50:41 -0500 Subject: [PATCH 5/5] moved translation links to a more visible location --- README-CN.md | 11 +++-------- README.md | 11 +++-------- 2 files changed, 6 insertions(+), 16 deletions(-) diff --git a/README-CN.md b/README-CN.md index cdc5d90bfc..5c4ce54433 100644 --- a/README-CN.md +++ b/README-CN.md @@ -1,6 +1,3 @@ -

- 🌍 其他语言 -


Appwrite Logo @@ -19,6 +16,8 @@ [![翻译](https://img.shields.io/badge/translate-f02e65?style=flat-square)](docs/tutorials/add-translations.md) [![周边商店](https://img.shields.io/badge/swag%20store-f02e65?style=flat-square)](https://store.appwrite.io) +[English](README.md) | 简体中文 + Appwrite是一个基于dcoker的端到端开发者平台,其容器化的微服务库可应用于网页端,移动端,以及后端。Appwrite 通过视觉化界面极简了从零编写 API 的繁琐过程,在保证软件安全的前提下为开发者创造了一个高效的开发环境。 Appwrite 可以提供给开发者用户验证,外部授权,用户数据读写检索,文件储存, 图像处理,云函数计算,[等多种服务](https:/ /appwrite.io/docs)。 @@ -169,8 +168,4 @@ Appwrite API 界面层利用后台缓存和任务委派来提供极速的响应 ## 版权说明 -版权详情,访问 [BSD 3-Clause License](./LICENSE)。 - -## 其他语言 -- [English](README.md) -- [简体中文](README-CN.md) \ No newline at end of file +版权详情,访问 [BSD 3-Clause License](./LICENSE)。 \ No newline at end of file diff --git a/README.md b/README.md index 71196afdc2..3d1a0db74f 100644 --- a/README.md +++ b/README.md @@ -1,6 +1,3 @@ -

- 🌍 Translations -


Appwrite Logo @@ -19,6 +16,8 @@ [![Translate](https://img.shields.io/badge/translate-f02e65?style=flat-square)](docs/tutorials/add-translations.md) [![Swag Store](https://img.shields.io/badge/swag%20store-f02e65?style=flat-square)](https://store.appwrite.io) +English | [简体中文](README-CN.md) + [**Appwrite 0.12 has been released! Learn what's new!**](https://dev.to/appwrite/its-here-announcing-the-release-of-appwrite-012-5c8b) Appwrite is an end-to-end backend server for Web, Mobile, Native, or Backend apps packaged as a set of Docker microservices. Appwrite abstracts the complexity and repetitiveness required to build a modern backend API from scratch and allows you to build secure apps faster. @@ -172,8 +171,4 @@ Join our growing community around the world! See our official [Blog](https://med ## License -This repository is available under the [BSD 3-Clause License](./LICENSE). - -## Translations -- [English](README.md) -- [简体中文](README-CN.md) +This repository is available under the [BSD 3-Clause License](./LICENSE). \ No newline at end of file