diff --git a/app/controllers/api/functions.php b/app/controllers/api/functions.php index f56a9e3a8c..a64c47597a 100644 --- a/app/controllers/api/functions.php +++ b/app/controllers/api/functions.php @@ -714,7 +714,7 @@ App::post('/v1/functions/:functionId/executions') throw new Exception('Tag not found. Deploy tag before trying to execute a function', 404); } - $validator = new Authorization($function, 'execute'); + $validator = new Authorization('execute'); if (!$validator->isValid($function->getAttribute('execute'))) { // Check if user has write access to execute function throw new Exception($validator->getDescription(), 401); diff --git a/tests/e2e/Services/Functions/FunctionsCustomClientTest.php b/tests/e2e/Services/Functions/FunctionsCustomClientTest.php index 264fae0735..8a55a0ded4 100644 --- a/tests/e2e/Services/Functions/FunctionsCustomClientTest.php +++ b/tests/e2e/Services/Functions/FunctionsCustomClientTest.php @@ -218,6 +218,32 @@ class FunctionsCustomClientTest extends Scope ]; } + public function testCreateExecutionUnauthorized():array + { + $function = $this->client->call(Client::METHOD_POST, '/functions', [ + 'content-type' => 'application/json', + 'x-appwrite-project' => $this->getProject()['$id'], + 'x-appwrite-key' => $this->getProject()['apiKey'], + ], [ + 'functionId' => 'unique()', + 'name' => 'Test', + 'execute' => [], + 'runtime' => 'php-8.0', + 'timeout' => 10, + ]); + + $execution = $this->client->call(Client::METHOD_POST, '/functions/'.$function['body']['$id'].'/executions', [ + 'content-type' => 'application/json', + 'x-appwrite-project' => $this->getProject()['$id'], + ], [ + 'async' => 1, + ]); + + $this->assertEquals(401, $execution['headers']['status-code']); + + return []; + } + /** * @depends testCreateCustomExecution */