diff --git a/CHANGES.md b/CHANGES.md index 4647807320..a3f87fe08a 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -1,7 +1,14 @@ # Version 0.8.0 (Not Released Yet) +## Features + - Anonymous login +## Breaking Changes + +- Only logged in users can execute functions (for guests, use anonymous login) +- Only the user who has triggered the execution get access to the relevant execution logs + # Version 0.7.1 ## Features diff --git a/app/config/roles.php b/app/config/roles.php index 78dd24ad45..3e06ddbfde 100644 --- a/app/config/roles.php +++ b/app/config/roles.php @@ -60,8 +60,6 @@ return [ 'files.read', 'locale.read', 'avatars.read', - 'execution.read', - 'execution.write', ], ], Auth::USER_ROLE_MEMBER => [ diff --git a/app/controllers/api/functions.php b/app/controllers/api/functions.php index 7a6b11bcda..8d49963cd8 100644 --- a/app/controllers/api/functions.php +++ b/app/controllers/api/functions.php @@ -676,10 +676,12 @@ App::post('/v1/functions/:functionId/executions') ->inject('response') ->inject('project') ->inject('projectDB') - ->action(function ($functionId, /*$async,*/ $response, $project, $projectDB) { + ->inject('user') + ->action(function ($functionId, /*$async,*/ $response, $project, $projectDB, $user) { /** @var Appwrite\Utopia\Response $response */ /** @var Appwrite\Database\Document $project */ /** @var Appwrite\Database\Database $projectDB */ + /** @var Appwrite\Database\Document $user */ Authorization::disable(); @@ -712,7 +714,7 @@ App::post('/v1/functions/:functionId/executions') $execution = $projectDB->createDocument([ '$collection' => Database::SYSTEM_COLLECTION_EXECUTIONS, '$permissions' => [ - 'read' => $function->getPermissions()['execute'] ?? [], + 'read' => (!empty($user->getId())) ? ['user:' . $user->getId()] : [], 'write' => [], ], 'dateCreated' => time(),