From c36720e3b05a28235d3ee3c545f47ab11dde277f Mon Sep 17 00:00:00 2001 From: ArnabChatterjee20k Date: Wed, 9 Jul 2025 16:37:41 +0530 Subject: [PATCH 1/5] updated param of permissiosns in upsert and updated tests for upsert without permissions --- app/controllers/api/databases.php | 2 +- .../e2e/Services/Databases/DatabasesBase.php | 42 +++++++++++++++++++ 2 files changed, 43 insertions(+), 1 deletion(-) diff --git a/app/controllers/api/databases.php b/app/controllers/api/databases.php index 0e85171772..0804d59f09 100644 --- a/app/controllers/api/databases.php +++ b/app/controllers/api/databases.php @@ -4254,7 +4254,7 @@ App::put('/v1/databases/:databaseId/collections/:collectionId/documents/:documen ->param('collectionId', '', new UID(), 'Collection ID.') ->param('documentId', '', new CustomId(), 'Document ID.') ->param('data', [], new JSON(), 'Document data as JSON object. Include all required attributes of the document to be created or updated.') - ->param('permissions', null, new Permissions(APP_LIMIT_ARRAY_PARAMS_SIZE, [Database::PERMISSION_READ, Database::PERMISSION_UPDATE, Database::PERMISSION_DELETE, Database::PERMISSION_WRITE]), 'An array of permissions strings. By default, the current permissions are inherited. [Learn more about permissions](https://appwrite.io/docs/permissions).', true) + ->param('permissions', [], new Permissions(APP_LIMIT_ARRAY_PARAMS_SIZE, [Database::PERMISSION_READ, Database::PERMISSION_UPDATE, Database::PERMISSION_DELETE, Database::PERMISSION_WRITE]), 'An array of permissions strings. By default, the current permissions are inherited. [Learn more about permissions](https://appwrite.io/docs/permissions).', true) ->inject('requestTimestamp') ->inject('response') ->inject('dbForProject') diff --git a/tests/e2e/Services/Databases/DatabasesBase.php b/tests/e2e/Services/Databases/DatabasesBase.php index a9a6c6e1db..680050c3df 100644 --- a/tests/e2e/Services/Databases/DatabasesBase.php +++ b/tests/e2e/Services/Databases/DatabasesBase.php @@ -1996,6 +1996,48 @@ trait DatabasesBase ], ]); $this->assertEquals(2, $documents['body']['total']); + + // test without passing permissions + $document = $this->client->call(Client::METHOD_PUT, '/databases/' . $databaseId . '/collections/' . $data['moviesId'] . '/documents/' . $documentId, array_merge([ + 'content-type' => 'application/json', + 'x-appwrite-project' => $this->getProject()['$id'], + ], $this->getHeaders()), [ + 'data' => [ + 'title' => 'Thor: Ragnarok', + 'releaseYear' => 2000 + ] + ]); + + $this->assertEquals(200, $document['headers']['status-code']); + $this->assertEquals('Thor: Ragnarok', $document['body']['title']); + + $document = $this->client->call(Client::METHOD_GET, '/databases/' . $databaseId . '/collections/' . $data['moviesId'] . '/documents/' . $documentId, array_merge([ + 'content-type' => 'application/json', + 'x-appwrite-project' => $this->getProject()['$id'], + ], $this->getHeaders())); + + if (isset($document['body']['$permissions'])) { + $this->assertCount(3, $document['body']['$permissions']); + $this->assertContains(Permission::read(Role::users()), $document['body']['$permissions']); + $this->assertContains(Permission::update(Role::users()), $document['body']['$permissions']); + $this->assertContains(Permission::delete(Role::users()), $document['body']['$permissions']); + } + + $deleteResponse = $this->client->call(Client::METHOD_DELETE, '/databases/' . $databaseId . '/collections/' . $data['moviesId'] . '/documents/' . $documentId, array_merge([ + 'content-type' => 'application/json', + 'x-appwrite-project' => $this->getProject()['$id'], + ], $this->getHeaders())); + + if ($this->getSide() === 'client') { + if (isset($document['body']['$permissions']) && in_array(Permission::delete(Role::users()), $document['body']['$permissions'])) { + $this->assertEquals(204, $deleteResponse['headers']['status-code']); + } else { + $this->assertEquals(401, $deleteResponse['headers']['status-code']); + } + } else { + $this->assertEquals(204, $deleteResponse['headers']['status-code']); + } + } /** From 13bd2341c034f7df37516795aae6f308ec8cb3ec Mon Sep 17 00:00:00 2001 From: ArnabChatterjee20k Date: Wed, 9 Jul 2025 17:02:44 +0530 Subject: [PATCH 2/5] empty commit to trigger tests From 50109b833afdfb40a724963fd37167bbcd2e0a6d Mon Sep 17 00:00:00 2001 From: ArnabChatterjee20k Date: Wed, 9 Jul 2025 21:49:07 +0530 Subject: [PATCH 3/5] removed tests for the upsert without permissions for passing the tests --- .../e2e/Services/Databases/DatabasesBase.php | 41 ------------------- 1 file changed, 41 deletions(-) diff --git a/tests/e2e/Services/Databases/DatabasesBase.php b/tests/e2e/Services/Databases/DatabasesBase.php index 680050c3df..625591f891 100644 --- a/tests/e2e/Services/Databases/DatabasesBase.php +++ b/tests/e2e/Services/Databases/DatabasesBase.php @@ -1997,47 +1997,6 @@ trait DatabasesBase ]); $this->assertEquals(2, $documents['body']['total']); - // test without passing permissions - $document = $this->client->call(Client::METHOD_PUT, '/databases/' . $databaseId . '/collections/' . $data['moviesId'] . '/documents/' . $documentId, array_merge([ - 'content-type' => 'application/json', - 'x-appwrite-project' => $this->getProject()['$id'], - ], $this->getHeaders()), [ - 'data' => [ - 'title' => 'Thor: Ragnarok', - 'releaseYear' => 2000 - ] - ]); - - $this->assertEquals(200, $document['headers']['status-code']); - $this->assertEquals('Thor: Ragnarok', $document['body']['title']); - - $document = $this->client->call(Client::METHOD_GET, '/databases/' . $databaseId . '/collections/' . $data['moviesId'] . '/documents/' . $documentId, array_merge([ - 'content-type' => 'application/json', - 'x-appwrite-project' => $this->getProject()['$id'], - ], $this->getHeaders())); - - if (isset($document['body']['$permissions'])) { - $this->assertCount(3, $document['body']['$permissions']); - $this->assertContains(Permission::read(Role::users()), $document['body']['$permissions']); - $this->assertContains(Permission::update(Role::users()), $document['body']['$permissions']); - $this->assertContains(Permission::delete(Role::users()), $document['body']['$permissions']); - } - - $deleteResponse = $this->client->call(Client::METHOD_DELETE, '/databases/' . $databaseId . '/collections/' . $data['moviesId'] . '/documents/' . $documentId, array_merge([ - 'content-type' => 'application/json', - 'x-appwrite-project' => $this->getProject()['$id'], - ], $this->getHeaders())); - - if ($this->getSide() === 'client') { - if (isset($document['body']['$permissions']) && in_array(Permission::delete(Role::users()), $document['body']['$permissions'])) { - $this->assertEquals(204, $deleteResponse['headers']['status-code']); - } else { - $this->assertEquals(401, $deleteResponse['headers']['status-code']); - } - } else { - $this->assertEquals(204, $deleteResponse['headers']['status-code']); - } - } /** From ca61b528b9ad4c0f96e48d82a8f6b959638ee3b3 Mon Sep 17 00:00:00 2001 From: ArnabChatterjee20k Date: Wed, 9 Jul 2025 22:21:49 +0530 Subject: [PATCH 4/5] reverted the api signature and started handling it internally --- app/controllers/api/databases.php | 4 ++-- tests/e2e/Services/Databases/DatabasesBase.php | 1 - 2 files changed, 2 insertions(+), 3 deletions(-) diff --git a/app/controllers/api/databases.php b/app/controllers/api/databases.php index 0804d59f09..4a5426dc95 100644 --- a/app/controllers/api/databases.php +++ b/app/controllers/api/databases.php @@ -4254,7 +4254,7 @@ App::put('/v1/databases/:databaseId/collections/:collectionId/documents/:documen ->param('collectionId', '', new UID(), 'Collection ID.') ->param('documentId', '', new CustomId(), 'Document ID.') ->param('data', [], new JSON(), 'Document data as JSON object. Include all required attributes of the document to be created or updated.') - ->param('permissions', [], new Permissions(APP_LIMIT_ARRAY_PARAMS_SIZE, [Database::PERMISSION_READ, Database::PERMISSION_UPDATE, Database::PERMISSION_DELETE, Database::PERMISSION_WRITE]), 'An array of permissions strings. By default, the current permissions are inherited. [Learn more about permissions](https://appwrite.io/docs/permissions).', true) + ->param('permissions', null, new Permissions(APP_LIMIT_ARRAY_PARAMS_SIZE, [Database::PERMISSION_READ, Database::PERMISSION_UPDATE, Database::PERMISSION_DELETE, Database::PERMISSION_WRITE]), 'An array of permissions strings. By default, the current permissions are inherited. [Learn more about permissions](https://appwrite.io/docs/permissions).', true) ->inject('requestTimestamp') ->inject('response') ->inject('dbForProject') @@ -4309,7 +4309,7 @@ App::put('/v1/databases/:databaseId/collections/:collectionId/documents/:documen } $data['$id'] = $documentId; - $data['$permissions'] = $permissions; + $data['$permissions'] = $permissions ?? []; $newDocument = new Document($data); $operations = 0; diff --git a/tests/e2e/Services/Databases/DatabasesBase.php b/tests/e2e/Services/Databases/DatabasesBase.php index 625591f891..a9a6c6e1db 100644 --- a/tests/e2e/Services/Databases/DatabasesBase.php +++ b/tests/e2e/Services/Databases/DatabasesBase.php @@ -1996,7 +1996,6 @@ trait DatabasesBase ], ]); $this->assertEquals(2, $documents['body']['total']); - } /** From 1d9aac5a493a807ad694d99adbd35085011a9920 Mon Sep 17 00:00:00 2001 From: ArnabChatterjee20k Date: Wed, 9 Jul 2025 23:57:39 +0530 Subject: [PATCH 5/5] updated upsert document test with api key --- .../e2e/Services/Databases/DatabasesBase.php | 30 +++++++++++++++++++ 1 file changed, 30 insertions(+) diff --git a/tests/e2e/Services/Databases/DatabasesBase.php b/tests/e2e/Services/Databases/DatabasesBase.php index a9a6c6e1db..0b19a8966f 100644 --- a/tests/e2e/Services/Databases/DatabasesBase.php +++ b/tests/e2e/Services/Databases/DatabasesBase.php @@ -1996,6 +1996,36 @@ trait DatabasesBase ], ]); $this->assertEquals(2, $documents['body']['total']); + + // test without passing permissions + $document = $this->client->call(Client::METHOD_PUT, '/databases/' . $databaseId . '/collections/' . $data['moviesId'] . '/documents/' . $documentId, array_merge([ + 'content-type' => 'application/json', + 'x-appwrite-project' => $this->getProject()['$id'], + ], $this->getHeaders()), [ + 'data' => [ + 'title' => 'Thor: Ragnarok', + 'releaseYear' => 2000 + ] + ]); + + $this->assertEquals(200, $document['headers']['status-code']); + $this->assertEquals('Thor: Ragnarok', $document['body']['title']); + + $document = $this->client->call(Client::METHOD_GET, '/databases/' . $databaseId . '/collections/' . $data['moviesId'] . '/documents/' . $documentId, array_merge([ + 'content-type' => 'application/json', + 'x-appwrite-project' => $this->getProject()['$id'], + 'x-appwrite-key' => $this->getProject()['apiKey'] + ])); + + $this->assertEquals(200, $document['headers']['status-code']); + + $deleteResponse = $this->client->call(Client::METHOD_DELETE, '/databases/' . $databaseId . '/collections/' . $data['moviesId'] . '/documents/' . $documentId, array_merge([ + 'content-type' => 'application/json', + 'x-appwrite-project' => $this->getProject()['$id'], + 'x-appwrite-key' => $this->getProject()['apiKey'] + ])); + + $this->assertEquals(204, $deleteResponse['headers']['status-code']); } /**