diff --git a/CHANGES.md b/CHANGES.md index f0050dde51..4ea7524f21 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -22,6 +22,7 @@ - Added a new env var named `_APP_LOCALE` that allow to change the default `en` locale value (#1056) - Updated all the console bottom control to be consistent. Dropped the `+` icon (#1062) - Added Response Models for Documents and Preferences (#1075, #1102) +- Added new endpoint to update team membership roles (#1142) ## Bugs diff --git a/app/config/events.php b/app/config/events.php index bbccb62de9..b27a5eafb9 100644 --- a/app/config/events.php +++ b/app/config/events.php @@ -197,6 +197,11 @@ return [ 'model' => Response::MODEL_MEMBERSHIP, 'note' => 'version >= 0.7', ], + 'teams.memberships.update' => [ + 'description' => 'This event triggers when a team membership is updated.', + 'model' => Response::MODEL_MEMBERSHIP, + 'note' => 'version >= 0.8', + ], 'teams.memberships.update.status' => [ 'description' => 'This event triggers when a team memberships status is updated.', 'model' => Response::MODEL_MEMBERSHIP, diff --git a/app/controllers/api/teams.php b/app/controllers/api/teams.php index d19a15efcb..238e6248a1 100644 --- a/app/controllers/api/teams.php +++ b/app/controllers/api/teams.php @@ -449,7 +449,7 @@ App::post('/v1/teams/:teamId/memberships') ->setParam('{{text-cta}}', '#ffffff') ; - if (!$isPrivilegedUser && !$isAppUser) { // No need in comfirmation when in admin or app mode + if (!$isPrivilegedUser && !$isAppUser) { // No need of confirmation when in admin or app mode $mails ->setParam('event', 'teams.memberships.create') ->setParam('from', ($project->getId() === 'console') ? '' : \sprintf($locale->getText('account.emails.team'), $project->getAttribute('name'))) @@ -476,6 +476,69 @@ App::post('/v1/teams/:teamId/memberships') ; }); +App::patch('/v1/teams/:teamId/memberships/:membershipId') + ->desc('Update Membership Roles') + ->groups(['api', 'teams']) + ->label('event', 'teams.memberships.update') + ->label('scope', 'teams.write') + ->label('sdk.auth', [APP_AUTH_TYPE_SESSION, APP_AUTH_TYPE_KEY, APP_AUTH_TYPE_JWT]) + ->label('sdk.namespace', 'teams') + ->label('sdk.method', 'updateMembershipRoles') + ->label('sdk.description', '/docs/references/teams/update-team-membership-roles.md') + ->label('sdk.response.code', Response::STATUS_CODE_OK) + ->label('sdk.response.type', Response::CONTENT_TYPE_JSON) + ->label('sdk.response.model', Response::MODEL_MEMBERSHIP) + ->param('teamId', '', new UID(), 'Team unique ID.') + ->param('membershipId', '', new UID(), 'Membership ID.') + ->param('roles', [], new ArrayList(new Key()), 'Array of strings. Use this param to set the user roles in the team. A role can be any string. Learn more about [roles and permissions](/docs/permissions). Max length for each role is 32 chars.') + ->inject('request') + ->inject('response') + ->inject('user') + ->inject('projectDB') + ->inject('audits') + ->action(function ($teamId, $membershipId, $roles, $request, $response, $user, $projectDB,$audits) { + /** @var Utopia\Swoole\Request $request */ + /** @var Appwrite\Utopia\Response $response */ + /** @var Appwrite\Database\Document $user */ + /** @var Appwrite\Database\Database $projectDB */ + /** @var Appwrite\Event\Event $audits */ + + $team = $projectDB->getDocument($teamId); + if (empty($team->getId()) || Database::SYSTEM_COLLECTION_TEAMS != $team->getCollection()) { + throw new Exception('Team not found', 404); + } + + $membership = $projectDB->getDocument($membershipId); + if (empty($membership->getId()) || Database::SYSTEM_COLLECTION_MEMBERSHIPS != $membership->getCollection()) { + throw new Exception('Membership not found', 404); + } + + + $isPrivilegedUser = Auth::isPrivilegedUser(Authorization::$roles); + $isAppUser = Auth::isAppUser(Authorization::$roles); + $isOwner = Authorization::isRole('team:'.$team->getId().'/owner');; + + if (!$isOwner && !$isPrivilegedUser && !$isAppUser) { // Not owner, not admin, not app (server) + throw new Exception('User is not allowed to modify roles', 401); + } + + // Update the roles + $membership->setAttribute('roles', $roles); + $membership = $projectDB->updateDocument($membership->getArrayCopy()); + + if (false === $membership) { + throw new Exception('Failed updating membership', 500); + } + + $audits + ->setParam('userId', $user->getId()) + ->setParam('event', 'teams.memberships.update') + ->setParam('resource', 'teams/'.$teamId) + ; + + $response->dynamic(new Document($membership->getArrayCopy()), Response::MODEL_MEMBERSHIP); + }); + App::get('/v1/teams/:teamId/memberships') ->desc('Get Team Memberships') ->groups(['api', 'teams']) diff --git a/tests/e2e/Scopes/ProjectCustom.php b/tests/e2e/Scopes/ProjectCustom.php index fc35f1ddae..3f80285282 100644 --- a/tests/e2e/Scopes/ProjectCustom.php +++ b/tests/e2e/Scopes/ProjectCustom.php @@ -154,4 +154,25 @@ trait ProjectCustom return self::$project; } + + public function getNewKey(array $scopes) { + + $projectId = self::$project['$id']; + + $key = $this->client->call(Client::METHOD_POST, '/projects/' . $projectId . '/keys', [ + 'origin' => 'http://localhost', + 'content-type' => 'application/json', + 'cookie' => 'a_session_console=' . $this->getRoot()['session'], + 'x-appwrite-project' => 'console', + ], [ + 'name' => 'Demo Project Key', + 'scopes' => $scopes, + ]); + + $this->assertEquals(201, $key['headers']['status-code']); + $this->assertNotEmpty($key['body']); + $this->assertNotEmpty($key['body']['secret']); + + return $key['body']['secret']; + } } diff --git a/tests/e2e/Services/Teams/TeamsBaseClient.php b/tests/e2e/Services/Teams/TeamsBaseClient.php index 9df83fcd9b..00ae8c186e 100644 --- a/tests/e2e/Services/Teams/TeamsBaseClient.php +++ b/tests/e2e/Services/Teams/TeamsBaseClient.php @@ -157,7 +157,10 @@ trait TeamsBaseClient $this->assertIsInt($response['body']['joined']); $this->assertEquals(true, $response['body']['confirm']); $session = $this->client->parseCookie((string)$response['headers']['set-cookie'])['a_session_'.$this->getProject()['$id']]; + $data['session'] = $session; + + /** [START] TESTS TO CHECK PASSWORD UPDATE OF NEW USER CREATED USING TEAM INVITE */ /** * New User tries to update password without old password -> SHOULD PASS */ @@ -212,6 +215,8 @@ trait TeamsBaseClient $this->assertEquals($response['body']['email'], $email); $this->assertEquals($response['body']['name'], $name); + /** [END] TESTS TO CHECK PASSWORD UPDATE OF NEW USER CREATED USING TEAM INVITE */ + /** * Test for FAILURE */ @@ -265,6 +270,81 @@ trait TeamsBaseClient /** * @depends testUpdateTeamMembership */ + public function testUpdateTeamMembershipRoles($data):array + { + $teamUid = $data['teamUid'] ?? ''; + $membershipUid = $data['membershipUid'] ?? ''; + $session = $data['session'] ?? ''; + + /** + * Test for SUCCESS + */ + $roles = ['admin', 'editor', 'uncle']; + $response = $this->client->call(Client::METHOD_PATCH, '/teams/'.$teamUid.'/memberships/'.$membershipUid, array_merge([ + 'origin' => 'http://localhost', + 'content-type' => 'application/json', + 'x-appwrite-project' => $this->getProject()['$id'], + ], $this->getHeaders()), [ + 'roles' => $roles + ]); + + $this->assertEquals(200, $response['headers']['status-code']); + $this->assertNotEmpty($response['body']['$id']); + $this->assertNotEmpty($response['body']['userId']); + $this->assertNotEmpty($response['body']['teamId']); + $this->assertCount(count($roles), $response['body']['roles']); + $this->assertEquals($roles[0], $response['body']['roles'][0]); + $this->assertEquals($roles[1], $response['body']['roles'][1]); + $this->assertEquals($roles[2], $response['body']['roles'][2]); + + /** + * Test for unknown team + */ + $response = $this->client->call(Client::METHOD_PATCH, '/teams/'.'abc'.'/memberships/'.$membershipUid, array_merge([ + 'origin' => 'http://localhost', + 'content-type' => 'application/json', + 'x-appwrite-project' => $this->getProject()['$id'], + ], $this->getHeaders()), [ + 'roles' => $roles + ]); + + $this->assertEquals(404, $response['headers']['status-code']); + + /** + * Test for unknown membership ID + */ + $response = $this->client->call(Client::METHOD_PATCH, '/teams/'.$teamUid.'/memberships/'.'abc', array_merge([ + 'origin' => 'http://localhost', + 'content-type' => 'application/json', + 'x-appwrite-project' => $this->getProject()['$id'], + ], $this->getHeaders()), [ + 'roles' => $roles + ]); + + $this->assertEquals(404, $response['headers']['status-code']); + + + /** + * Test for when a user other than the owner tries to update membership + */ + $response = $this->client->call(Client::METHOD_PATCH, '/teams/'.$teamUid.'/memberships/'.$membershipUid, [ + 'origin' => 'http://localhost', + 'content-type' => 'application/json', + 'x-appwrite-project' => $this->getProject()['$id'], + 'cookie' => 'a_session_'.$this->getProject()['$id'].'=' . $session, + ], [ + 'roles' => $roles + ]); + + $this->assertEquals(401, $response['headers']['status-code']); + $this->assertEquals('User is not allowed to modify roles', $response['body']['message']); + + return $data; + } + + /** + * @depends testUpdateTeamMembershipRoles + */ public function testDeleteTeamMembership($data):array { $teamUid = $data['teamUid'] ?? ''; @@ -296,4 +376,5 @@ trait TeamsBaseClient return []; } + } \ No newline at end of file diff --git a/tests/e2e/Services/Teams/TeamsBaseServer.php b/tests/e2e/Services/Teams/TeamsBaseServer.php index 846c321b1b..44d75fdb32 100644 --- a/tests/e2e/Services/Teams/TeamsBaseServer.php +++ b/tests/e2e/Services/Teams/TeamsBaseServer.php @@ -64,6 +64,7 @@ trait TeamsBaseServer $this->assertEquals(true, $response['body']['confirm']); $userUid = $response['body']['userId']; + $membershipUid = $response['body']['$id']; // $response = $this->client->call(Client::METHOD_GET, '/users/'.$userUid, array_merge([ // 'content-type' => 'application/json', @@ -117,6 +118,55 @@ trait TeamsBaseServer return [ 'teamUid' => $teamUid, 'userUid' => $userUid, + 'membershipUid' => $membershipUid ]; } + + /** + * @depends testCreateTeamMembership + */ + public function testUpdateMembershipRoles($data) + { + $teamUid = $data['teamUid'] ?? ''; + $membershipUid = $data['membershipUid'] ?? ''; + + /** + * Test for SUCCESS + */ + $roles = ['admin', 'editor', 'uncle']; + $response = $this->client->call(Client::METHOD_PATCH, '/teams/'.$teamUid.'/memberships/'.$membershipUid, array_merge([ + 'origin' => 'http://localhost', + 'content-type' => 'application/json', + 'x-appwrite-project' => $this->getProject()['$id'], + ], $this->getHeaders()), [ + 'roles' => $roles + ]); + + $this->assertEquals(200, $response['headers']['status-code']); + $this->assertNotEmpty($response['body']['$id']); + $this->assertNotEmpty($response['body']['userId']); + $this->assertNotEmpty($response['body']['teamId']); + $this->assertCount(count($roles), $response['body']['roles']); + $this->assertEquals($roles[0], $response['body']['roles'][0]); + $this->assertEquals($roles[1], $response['body']['roles'][1]); + $this->assertEquals($roles[2], $response['body']['roles'][2]); + + + /** + * Test for FAILURE + */ + $apiKey = $this->getNewKey(['teams.read']); + $roles = ['admin', 'editor', 'uncle']; + $response = $this->client->call(Client::METHOD_PATCH, '/teams/'.$teamUid.'/memberships/'.$membershipUid, [ + 'origin' => 'http://localhost', + 'content-type' => 'application/json', + 'x-appwrite-project' => $this->getProject()['$id'], + 'x-appwrite-key' => $apiKey + ], [ + 'roles' => $roles + ]); + + $this->assertEquals(401, $response['headers']['status-code']); + + } } \ No newline at end of file