mirror of
https://github.com/appwrite/appwrite
synced 2026-05-24 09:28:40 +00:00
Update storage module for auth instance
This commit is contained in:
Jake Barnby
parent
e9366ac2e6
commit
b567cd5341
8 changed files with 33 additions and 35 deletions
|
|
@ -22,6 +22,7 @@ use Utopia\Database\Helpers\ID;
|
||||||
use Utopia\Database\Helpers\Permission;
|
use Utopia\Database\Helpers\Permission;
|
||||||
use Utopia\Database\Helpers\Role;
|
use Utopia\Database\Helpers\Role;
|
||||||
use Utopia\Database\Validator\Authorization;
|
use Utopia\Database\Validator\Authorization;
|
||||||
|
use Utopia\Database\Validator\Authorization\Input;
|
||||||
use Utopia\Database\Validator\Permissions;
|
use Utopia\Database\Validator\Permissions;
|
||||||
use Utopia\Database\Validator\UID;
|
use Utopia\Database\Validator\UID;
|
||||||
use Utopia\Platform\Action;
|
use Utopia\Platform\Action;
|
||||||
|
|
@ -118,15 +119,14 @@ class Create extends Action
|
||||||
throw new Exception(Exception::STORAGE_BUCKET_NOT_FOUND);
|
throw new Exception(Exception::STORAGE_BUCKET_NOT_FOUND);
|
||||||
}
|
}
|
||||||
|
|
||||||
$validator = new Authorization(\Utopia\Database\Database::PERMISSION_CREATE);
|
if (!$authorization->isValid(new Input(Database::PERMISSION_CREATE, $bucket->getCreate()))) {
|
||||||
if (!$validator->isValid($bucket->getCreate())) {
|
throw new Exception(Exception::USER_UNAUTHORIZED, $authorization->getDescription());
|
||||||
throw new Exception(Exception::USER_UNAUTHORIZED);
|
|
||||||
}
|
}
|
||||||
|
|
||||||
$allowedPermissions = [
|
$allowedPermissions = [
|
||||||
\Utopia\Database\Database::PERMISSION_READ,
|
Database::PERMISSION_READ,
|
||||||
\Utopia\Database\Database::PERMISSION_UPDATE,
|
Database::PERMISSION_UPDATE,
|
||||||
\Utopia\Database\Database::PERMISSION_DELETE,
|
Database::PERMISSION_DELETE,
|
||||||
];
|
];
|
||||||
|
|
||||||
// Map aggregate permissions to into the set of individual permissions they represent.
|
// Map aggregate permissions to into the set of individual permissions they represent.
|
||||||
|
|
@ -156,7 +156,7 @@ class Create extends Action
|
||||||
$permission->getIdentifier(),
|
$permission->getIdentifier(),
|
||||||
$permission->getDimension()
|
$permission->getDimension()
|
||||||
))->toString();
|
))->toString();
|
||||||
if (!$authorization->isRole($role)) {
|
if (!$authorization->hasRole($role)) {
|
||||||
throw new Exception(Exception::USER_UNAUTHORIZED, 'Permissions must be one of: (' . \implode(', ', $roles) . ')');
|
throw new Exception(Exception::USER_UNAUTHORIZED, 'Permissions must be one of: (' . \implode(', ', $roles) . ')');
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
@ -381,8 +381,7 @@ class Create extends Action
|
||||||
* However as with chunk upload even if we are updating, we are essentially creating a file
|
* However as with chunk upload even if we are updating, we are essentially creating a file
|
||||||
* adding it's new chunk so we validate create permission instead of update
|
* adding it's new chunk so we validate create permission instead of update
|
||||||
*/
|
*/
|
||||||
$validator = new Authorization(\Utopia\Database\Database::PERMISSION_CREATE);
|
if (!$authorization->isValid(new Input(Database::PERMISSION_CREATE, $bucket->getCreate()))) {
|
||||||
if (!$validator->isValid($bucket->getCreate())) {
|
|
||||||
throw new Exception(Exception::USER_UNAUTHORIZED);
|
throw new Exception(Exception::USER_UNAUTHORIZED);
|
||||||
}
|
}
|
||||||
$file = $authorization->skip(fn () => $dbForProject->updateDocument('bucket_' . $bucket->getSequence(), $fileId, $file));
|
$file = $authorization->skip(fn () => $dbForProject->updateDocument('bucket_' . $bucket->getSequence(), $fileId, $file));
|
||||||
|
|
@ -426,8 +425,7 @@ class Create extends Action
|
||||||
* However as with chunk upload even if we are updating, we are essentially creating a file
|
* However as with chunk upload even if we are updating, we are essentially creating a file
|
||||||
* adding it's new chunk so we validate create permission instead of update
|
* adding it's new chunk so we validate create permission instead of update
|
||||||
*/
|
*/
|
||||||
$validator = new Authorization(\Utopia\Database\Database::PERMISSION_CREATE);
|
if (!$authorization->isValid(new Input(Database::PERMISSION_CREATE, $bucket->getCreate()))) {
|
||||||
if (!$validator->isValid($bucket->getCreate())) {
|
|
||||||
throw new Exception(Exception::USER_UNAUTHORIZED);
|
throw new Exception(Exception::USER_UNAUTHORIZED);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -14,6 +14,7 @@ use Appwrite\Utopia\Response;
|
||||||
use Utopia\Database\Database;
|
use Utopia\Database\Database;
|
||||||
use Utopia\Database\Exception\NotFound as NotFoundException;
|
use Utopia\Database\Exception\NotFound as NotFoundException;
|
||||||
use Utopia\Database\Validator\Authorization;
|
use Utopia\Database\Validator\Authorization;
|
||||||
|
use Utopia\Database\Validator\Authorization\Input;
|
||||||
use Utopia\Database\Validator\UID;
|
use Utopia\Database\Validator\UID;
|
||||||
use Utopia\Platform\Action;
|
use Utopia\Platform\Action;
|
||||||
use Utopia\Platform\Scope\HTTP;
|
use Utopia\Platform\Scope\HTTP;
|
||||||
|
|
@ -88,10 +89,9 @@ class Delete extends Action
|
||||||
}
|
}
|
||||||
|
|
||||||
$fileSecurity = $bucket->getAttribute('fileSecurity', false);
|
$fileSecurity = $bucket->getAttribute('fileSecurity', false);
|
||||||
$validator = new Authorization(Database::PERMISSION_DELETE);
|
$valid = $authorization->isValid(new Input(Database::PERMISSION_DELETE, $bucket->getDelete()));
|
||||||
$valid = $validator->isValid($bucket->getDelete());
|
|
||||||
if (!$fileSecurity && !$valid) {
|
if (!$fileSecurity && !$valid) {
|
||||||
throw new Exception(Exception::USER_UNAUTHORIZED);
|
throw new Exception(Exception::USER_UNAUTHORIZED, $authorization->getDescription());
|
||||||
}
|
}
|
||||||
|
|
||||||
// Read permission should not be required for delete
|
// Read permission should not be required for delete
|
||||||
|
|
@ -102,8 +102,8 @@ class Delete extends Action
|
||||||
}
|
}
|
||||||
|
|
||||||
// Make sure we don't delete the file before the document permission check occurs
|
// Make sure we don't delete the file before the document permission check occurs
|
||||||
if ($fileSecurity && !$valid && !$validator->isValid($file->getDelete())) {
|
if ($fileSecurity && !$valid && !$authorization->isValid(new Input(Database::PERMISSION_DELETE, $file->getDelete()))) {
|
||||||
throw new Exception(Exception::USER_UNAUTHORIZED);
|
throw new Exception(Exception::USER_UNAUTHORIZED, $authorization->getDescription());
|
||||||
}
|
}
|
||||||
|
|
||||||
$deviceDeleted = false;
|
$deviceDeleted = false;
|
||||||
|
|
|
||||||
|
|
@ -14,6 +14,7 @@ use Appwrite\Utopia\Response;
|
||||||
use Utopia\Database\Database;
|
use Utopia\Database\Database;
|
||||||
use Utopia\Database\Document;
|
use Utopia\Database\Document;
|
||||||
use Utopia\Database\Validator\Authorization;
|
use Utopia\Database\Validator\Authorization;
|
||||||
|
use Utopia\Database\Validator\Authorization\Input;
|
||||||
use Utopia\Database\Validator\UID;
|
use Utopia\Database\Validator\UID;
|
||||||
use Utopia\Platform\Action;
|
use Utopia\Platform\Action;
|
||||||
use Utopia\Platform\Scope\HTTP;
|
use Utopia\Platform\Scope\HTTP;
|
||||||
|
|
@ -96,10 +97,9 @@ class Get extends Action
|
||||||
|
|
||||||
$isToken = !$resourceToken->isEmpty() && $resourceToken->getAttribute('bucketInternalId') === $bucket->getSequence();
|
$isToken = !$resourceToken->isEmpty() && $resourceToken->getAttribute('bucketInternalId') === $bucket->getSequence();
|
||||||
$fileSecurity = $bucket->getAttribute('fileSecurity', false);
|
$fileSecurity = $bucket->getAttribute('fileSecurity', false);
|
||||||
$validator = new Authorization(Database::PERMISSION_READ);
|
$valid = $authorization->isValid(new Input(Database::PERMISSION_READ, $bucket->getRead()));
|
||||||
$valid = $validator->isValid($bucket->getRead());
|
|
||||||
if (!$fileSecurity && !$valid && !$isToken) {
|
if (!$fileSecurity && !$valid && !$isToken) {
|
||||||
throw new Exception(Exception::USER_UNAUTHORIZED);
|
throw new Exception(Exception::USER_UNAUTHORIZED, $authorization->getDescription());
|
||||||
}
|
}
|
||||||
|
|
||||||
if ($fileSecurity && !$valid && !$isToken) {
|
if ($fileSecurity && !$valid && !$isToken) {
|
||||||
|
|
|
||||||
|
|
@ -10,6 +10,7 @@ use Appwrite\Utopia\Database\Documents\User;
|
||||||
use Appwrite\Utopia\Response;
|
use Appwrite\Utopia\Response;
|
||||||
use Utopia\Database\Database;
|
use Utopia\Database\Database;
|
||||||
use Utopia\Database\Validator\Authorization;
|
use Utopia\Database\Validator\Authorization;
|
||||||
|
use Utopia\Database\Validator\Authorization\Input;
|
||||||
use Utopia\Database\Validator\UID;
|
use Utopia\Database\Validator\UID;
|
||||||
use Utopia\Platform\Action;
|
use Utopia\Platform\Action;
|
||||||
use Utopia\Platform\Scope\HTTP;
|
use Utopia\Platform\Scope\HTTP;
|
||||||
|
|
@ -70,10 +71,9 @@ class Get extends Action
|
||||||
}
|
}
|
||||||
|
|
||||||
$fileSecurity = $bucket->getAttribute('fileSecurity', false);
|
$fileSecurity = $bucket->getAttribute('fileSecurity', false);
|
||||||
$validator = new Authorization(Database::PERMISSION_READ);
|
$valid = $authorization->isValid(new Input(Database::PERMISSION_READ, $bucket->getRead()));
|
||||||
$valid = $validator->isValid($bucket->getRead());
|
|
||||||
if (!$fileSecurity && !$valid) {
|
if (!$fileSecurity && !$valid) {
|
||||||
throw new Exception(Exception::USER_UNAUTHORIZED);
|
throw new Exception(Exception::USER_UNAUTHORIZED, $authorization->getDescription());
|
||||||
}
|
}
|
||||||
|
|
||||||
if ($fileSecurity && !$valid) {
|
if ($fileSecurity && !$valid) {
|
||||||
|
|
|
||||||
|
|
@ -17,6 +17,7 @@ use Utopia\Database\Database;
|
||||||
use Utopia\Database\DateTime;
|
use Utopia\Database\DateTime;
|
||||||
use Utopia\Database\Document;
|
use Utopia\Database\Document;
|
||||||
use Utopia\Database\Validator\Authorization;
|
use Utopia\Database\Validator\Authorization;
|
||||||
|
use Utopia\Database\Validator\Authorization\Input;
|
||||||
use Utopia\Database\Validator\UID;
|
use Utopia\Database\Validator\UID;
|
||||||
use Utopia\Image\Image;
|
use Utopia\Image\Image;
|
||||||
use Utopia\Platform\Action;
|
use Utopia\Platform\Action;
|
||||||
|
|
@ -139,10 +140,9 @@ class Get extends Action
|
||||||
|
|
||||||
$isToken = !$resourceToken->isEmpty() && $resourceToken->getAttribute('bucketInternalId') === $bucket->getSequence();
|
$isToken = !$resourceToken->isEmpty() && $resourceToken->getAttribute('bucketInternalId') === $bucket->getSequence();
|
||||||
$fileSecurity = $bucket->getAttribute('fileSecurity', false);
|
$fileSecurity = $bucket->getAttribute('fileSecurity', false);
|
||||||
$validator = new Authorization(Database::PERMISSION_READ);
|
$valid = $authorization->isValid(new Input(Database::PERMISSION_READ, $bucket->getRead()));
|
||||||
$valid = $validator->isValid($bucket->getRead());
|
|
||||||
if (!$fileSecurity && !$valid && !$isToken) {
|
if (!$fileSecurity && !$valid && !$isToken) {
|
||||||
throw new Exception(Exception::USER_UNAUTHORIZED);
|
throw new Exception(Exception::USER_UNAUTHORIZED, $authorization->getDescription());
|
||||||
}
|
}
|
||||||
|
|
||||||
if ($fileSecurity && !$valid && !$isToken) {
|
if ($fileSecurity && !$valid && !$isToken) {
|
||||||
|
|
|
||||||
|
|
@ -14,6 +14,7 @@ use Utopia\Database\Exception\NotFound as NotFoundException;
|
||||||
use Utopia\Database\Helpers\Permission;
|
use Utopia\Database\Helpers\Permission;
|
||||||
use Utopia\Database\Helpers\Role;
|
use Utopia\Database\Helpers\Role;
|
||||||
use Utopia\Database\Validator\Authorization;
|
use Utopia\Database\Validator\Authorization;
|
||||||
|
use Utopia\Database\Validator\Authorization\Input;
|
||||||
use Utopia\Database\Validator\Permissions;
|
use Utopia\Database\Validator\Permissions;
|
||||||
use Utopia\Database\Validator\UID;
|
use Utopia\Database\Validator\UID;
|
||||||
use Utopia\Platform\Action;
|
use Utopia\Platform\Action;
|
||||||
|
|
@ -86,10 +87,9 @@ class Update extends Action
|
||||||
}
|
}
|
||||||
|
|
||||||
$fileSecurity = $bucket->getAttribute('fileSecurity', false);
|
$fileSecurity = $bucket->getAttribute('fileSecurity', false);
|
||||||
$validator = new Authorization(Database::PERMISSION_UPDATE);
|
$valid = $authorization->isValid(new Input(Database::PERMISSION_UPDATE, $bucket->getUpdate()));
|
||||||
$valid = $validator->isValid($bucket->getUpdate());
|
|
||||||
if (!$fileSecurity && !$valid) {
|
if (!$fileSecurity && !$valid) {
|
||||||
throw new Exception(Exception::USER_UNAUTHORIZED);
|
throw new Exception(Exception::USER_UNAUTHORIZED, $authorization->getDescription());
|
||||||
}
|
}
|
||||||
|
|
||||||
// Read permission should not be required for update
|
// Read permission should not be required for update
|
||||||
|
|
@ -120,7 +120,7 @@ class Update extends Action
|
||||||
$permission->getIdentifier(),
|
$permission->getIdentifier(),
|
||||||
$permission->getDimension()
|
$permission->getDimension()
|
||||||
))->toString();
|
))->toString();
|
||||||
if (!$authorization->isRole($role)) {
|
if (!$authorization->hasRole($role)) {
|
||||||
throw new Exception(Exception::USER_UNAUTHORIZED, 'Permissions must be one of: (' . \implode(', ', $roles) . ')');
|
throw new Exception(Exception::USER_UNAUTHORIZED, 'Permissions must be one of: (' . \implode(', ', $roles) . ')');
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -15,6 +15,7 @@ use Utopia\Config\Config;
|
||||||
use Utopia\Database\Database;
|
use Utopia\Database\Database;
|
||||||
use Utopia\Database\Document;
|
use Utopia\Database\Document;
|
||||||
use Utopia\Database\Validator\Authorization;
|
use Utopia\Database\Validator\Authorization;
|
||||||
|
use Utopia\Database\Validator\Authorization\Input;
|
||||||
use Utopia\Database\Validator\UID;
|
use Utopia\Database\Validator\UID;
|
||||||
use Utopia\Platform\Action;
|
use Utopia\Platform\Action;
|
||||||
use Utopia\Platform\Scope\HTTP;
|
use Utopia\Platform\Scope\HTTP;
|
||||||
|
|
@ -97,10 +98,9 @@ class Get extends Action
|
||||||
|
|
||||||
$isToken = !$resourceToken->isEmpty() && $resourceToken->getAttribute('bucketInternalId') === $bucket->getSequence();
|
$isToken = !$resourceToken->isEmpty() && $resourceToken->getAttribute('bucketInternalId') === $bucket->getSequence();
|
||||||
$fileSecurity = $bucket->getAttribute('fileSecurity', false);
|
$fileSecurity = $bucket->getAttribute('fileSecurity', false);
|
||||||
$validator = new Authorization(Database::PERMISSION_READ);
|
$valid = $authorization->isValid(new Input(Database::PERMISSION_READ, $bucket->getRead()));
|
||||||
$valid = $validator->isValid($bucket->getRead());
|
|
||||||
if (!$fileSecurity && !$valid && !$isToken) {
|
if (!$fileSecurity && !$valid && !$isToken) {
|
||||||
throw new Exception(Exception::USER_UNAUTHORIZED);
|
throw new Exception(Exception::USER_UNAUTHORIZED, $authorization->getDescription());
|
||||||
}
|
}
|
||||||
|
|
||||||
if ($fileSecurity && !$valid && !$isToken) {
|
if ($fileSecurity && !$valid && !$isToken) {
|
||||||
|
|
|
||||||
|
|
@ -16,6 +16,7 @@ use Utopia\Database\Exception\Order as OrderException;
|
||||||
use Utopia\Database\Exception\Query as QueryException;
|
use Utopia\Database\Exception\Query as QueryException;
|
||||||
use Utopia\Database\Query;
|
use Utopia\Database\Query;
|
||||||
use Utopia\Database\Validator\Authorization;
|
use Utopia\Database\Validator\Authorization;
|
||||||
|
use Utopia\Database\Validator\Authorization\Input;
|
||||||
use Utopia\Database\Validator\Query\Cursor;
|
use Utopia\Database\Validator\Query\Cursor;
|
||||||
use Utopia\Database\Validator\UID;
|
use Utopia\Database\Validator\UID;
|
||||||
use Utopia\Platform\Action;
|
use Utopia\Platform\Action;
|
||||||
|
|
@ -85,10 +86,9 @@ class XList extends Action
|
||||||
}
|
}
|
||||||
|
|
||||||
$fileSecurity = $bucket->getAttribute('fileSecurity', false);
|
$fileSecurity = $bucket->getAttribute('fileSecurity', false);
|
||||||
$validator = new Authorization(\Utopia\Database\Database::PERMISSION_READ);
|
$valid = $authorization->isValid(new Input(Database::PERMISSION_READ, $bucket->getRead()));
|
||||||
$valid = $validator->isValid($bucket->getRead());
|
|
||||||
if (!$fileSecurity && !$valid) {
|
if (!$fileSecurity && !$valid) {
|
||||||
throw new Exception(Exception::USER_UNAUTHORIZED);
|
throw new Exception(Exception::USER_UNAUTHORIZED, $authorization->getDescription());
|
||||||
}
|
}
|
||||||
|
|
||||||
try {
|
try {
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue