Elgato_dark/appwrite
1
0
Fork 0
mirror of https://github.com/appwrite/appwrite synced 2026-05-24 09:28:40 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

Block bulk ops through txn create multi ops

Browse source
This commit is contained in:
Jake Barnby 2025-09-11 22:22:46 +12:00
parent 6652e27dd5
commit b74e5ce5cd
No known key found for this signature in database
GPG key ID: C437A8CC85B96E9C
2 changed files with 24 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

15
src/Appwrite/Platform/Modules/Databases/Http/Databases/Transactions/Operations/Create.php
View file

@ -2,6 +2,7 @@
namespace Appwrite\Platform\Modules\Databases\Http\Databases\Transactions\Operations; namespace Appwrite\Platform\Modules\Databases\Http\Databases\Transactions\Operations;
use Appwrite\Auth\Auth;
use Appwrite\Extend\Exception; use Appwrite\Extend\Exception;
use Appwrite\Platform\Modules\Databases\Http\Databases\Transactions\Action; use Appwrite\Platform\Modules\Databases\Http\Databases\Transactions\Action;
use Appwrite\SDK\AuthType; use Appwrite\SDK\AuthType;
@ -13,6 +14,7 @@ use Appwrite\Utopia\Response as UtopiaResponse;
use Utopia\Database\Database; use Utopia\Database\Database;
use Utopia\Database\Document; use Utopia\Database\Document;
use Utopia\Database\Helpers\ID; use Utopia\Database\Helpers\ID;
use Utopia\Database\Validator\Authorization;
use Utopia\Database\Validator\UID; use Utopia\Database\Validator\UID;
use Utopia\Swoole\Response as SwooleResponse; use Utopia\Swoole\Response as SwooleResponse;
use Utopia\Validator\ArrayList; use Utopia\Validator\ArrayList;
@ -43,7 +45,7 @@ class Create extends Action
group: 'transactions', group: 'transactions',
name: 'createOperations', name: 'createOperations',
description: '/docs/references/databases/create-operations.md', description: '/docs/references/databases/create-operations.md',
auth: [AuthType::KEY], auth: [AuthType::KEY, AuthType::SESSION, AuthType::JWT],
responses: [ responses: [
new SDKResponse( new SDKResponse(
code: SwooleResponse::STATUS_CODE_CREATED, code: SwooleResponse::STATUS_CODE_CREATED,
@ -77,8 +79,19 @@ class Create extends Action
); );
} }
$isAPIKey = Auth::isAppUser(Authorization::getRoles());
$isPrivilegedUser = Auth::isPrivilegedUser(Authorization::getRoles());
$databases = $collections = $staged = []; $databases = $collections = $staged = [];
foreach ($operations as $operation) { foreach ($operations as $operation) {
if (!$isAPIKey && !$isPrivilegedUser && \in_array($operation['action'], [
'bulkCreate',
'bulkUpdate',
'bulkDelete'
])) {
throw new Exception(Exception::USER_UNAUTHORIZED);
}
$database = $databases[$operation['databaseId']] ??= $dbForProject->getDocument('databases', $operation['databaseId']); $database = $databases[$operation['databaseId']] ??= $dbForProject->getDocument('databases', $operation['databaseId']);
if ($database->isEmpty()) { if ($database->isEmpty()) {
throw new Exception(Exception::DATABASE_NOT_FOUND); throw new Exception(Exception::DATABASE_NOT_FOUND);

10
src/Appwrite/Utopia/Database/Validator/Operation.php
View file

@ -64,6 +64,16 @@ class Operation extends Validator
return $this->description; return $this->description;
} }
public function getCollectionIdName(): string
{
return $this->collectionIdName;
}
public function getDocumentIdName(): string
{
return $this->documentIdName;
}
public function isArray(): bool public function isArray(): bool
{ {
return true; return true;