From ee5b1da82df08896e6bd7e7cc99fdfe80a811cfc Mon Sep 17 00:00:00 2001
From: kodumbeats <brandon.leckemby@gmail.com>
Date: Sun, 28 Nov 2021 08:32:00 -0500
Subject: [PATCH] Roles must be assoc array with roles as keys

---
 app/controllers/api/database.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/app/controllers/api/database.php b/app/controllers/api/database.php
index 056dfbf3a2..dcc519bc67 100644
--- a/app/controllers/api/database.php
+++ b/app/controllers/api/database.php
@@ -1641,7 +1641,7 @@ App::post('/v1/database/collections/:collectionId/documents')
         $data['$write'] = (is_null($write) && !$user->isEmpty()) ? ['user:'.$user->getId()] : $write ?? []; //  By default set write permissions for user
 
         // Users can only add their roles to documents, API keys can add any
-        $roles = Authorization::getRoles();
+        $roles = \array_fill_keys(Authorization::getRoles(), true); // Auth::isAppUser expects roles to be keys, not values of assoc array
         foreach ($data['$read'] as $read) {
             if (!Auth::isAppUser($roles) && !Authorization::isRole($read)) {
                 throw new Exception('Read permissions must be one of: ('.\implode(', ', $roles).')', 400);
@@ -1999,7 +1999,7 @@ App::patch('/v1/database/collections/:collectionId/documents/:documentId')
         $data['$write'] = (is_null($write)) ? ($document->getWrite() ?? []) : $write; // By default inherit write permissions
 
         // Users can only add their roles to documents, API keys can add any
-        $roles = Authorization::getRoles();
+        $roles = \array_fill_keys(Authorization::getRoles(), true); // Auth::isAppUser expects roles to be keys, not values of assoc array
         foreach ($data['$read'] as $read) {
             if (!Auth::isAppUser($roles) && !Authorization::isRole($read)) {
                 throw new Exception('Read permissions must be one of: ('.\implode(', ', $roles).')', 400);