From bae61e8a05c351ad3cd0897be04327e8fd393d0c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Matej=20Ba=C4=8Do?= Date: Wed, 29 Apr 2026 13:13:13 +0200 Subject: [PATCH 1/8] Improve developer experience of keys endpoints --- .../Project/Keys/{Standard => }/Create.php | 13 ++++++------ .../Http/Project/Keys/Ephemeral/Create.php | 2 +- .../Modules/Project/Services/Http.php | 4 ++-- tests/e2e/Services/Project/KeysBase.php | 21 +++++++++++++++---- 4 files changed, 26 insertions(+), 14 deletions(-) rename src/Appwrite/Platform/Modules/Project/Http/Project/Keys/{Standard => }/Create.php (90%) diff --git a/src/Appwrite/Platform/Modules/Project/Http/Project/Keys/Standard/Create.php b/src/Appwrite/Platform/Modules/Project/Http/Project/Keys/Create.php similarity index 90% rename from src/Appwrite/Platform/Modules/Project/Http/Project/Keys/Standard/Create.php rename to src/Appwrite/Platform/Modules/Project/Http/Project/Keys/Create.php index 67bdcc09a6..eebc0a7067 100644 --- a/src/Appwrite/Platform/Modules/Project/Http/Project/Keys/Standard/Create.php +++ b/src/Appwrite/Platform/Modules/Project/Http/Project/Keys/Create.php @@ -1,6 +1,6 @@ setHttpMethod(Action::HTTP_REQUEST_METHOD_POST) - ->setHttpPath('/v1/project/keys/standard') - ->httpAlias('/v1/project/keys') + ->setHttpPath('/v1/project/keys') ->httpAlias('/v1/projects/:projectId/keys') - ->desc('Create standard project key') + ->desc('Create project key') ->groups(['api', 'project']) ->label('scope', 'keys.write') ->label('event', 'keys.[keyId].create') @@ -49,9 +48,9 @@ class Create extends Base ->label('sdk', new Method( namespace: 'project', group: 'keys', - name: 'createStandardKey', + name: 'createKey', description: <<param('scopes', [], new ArrayList(new WhiteList(array_keys(Config::getParam('projectScopes')), true), APP_LIMIT_ARRAY_PARAMS_SIZE), 'Key scopes list. Maximum of ' . APP_LIMIT_ARRAY_PARAMS_SIZE . ' scopes are allowed.', optional: false) - ->param('duration', 900, new Range(1, 3600), 'Time in seconds before ephemeral key expires. Default duration is 900 seconds, and maximum is 3600 seconds.', true) + ->param('duration', null, new Range(1, 3600), 'Time in seconds before ephemeral key expires. Default duration is 900 seconds, and maximum is 3600 seconds.', optional: false) ->inject('response') ->inject('queueForEvents') ->inject('project') diff --git a/src/Appwrite/Platform/Modules/Project/Services/Http.php b/src/Appwrite/Platform/Modules/Project/Services/Http.php index 2c6ea29c7a..609de96530 100644 --- a/src/Appwrite/Platform/Modules/Project/Services/Http.php +++ b/src/Appwrite/Platform/Modules/Project/Services/Http.php @@ -5,10 +5,10 @@ namespace Appwrite\Platform\Modules\Project\Services; use Appwrite\Platform\Modules\Project\Http\Init; use Appwrite\Platform\Modules\Project\Http\Project\AuthMethods\Update as UpdateAuthMethod; use Appwrite\Platform\Modules\Project\Http\Project\Delete as DeleteProject; +use Appwrite\Platform\Modules\Project\Http\Project\Keys\Create as CreateKey; use Appwrite\Platform\Modules\Project\Http\Project\Keys\Delete as DeleteKey; use Appwrite\Platform\Modules\Project\Http\Project\Keys\Ephemeral\Create as CreateEphemeralKey; use Appwrite\Platform\Modules\Project\Http\Project\Keys\Get as GetKey; -use Appwrite\Platform\Modules\Project\Http\Project\Keys\Standard\Create as CreateStandardKey; use Appwrite\Platform\Modules\Project\Http\Project\Keys\Update as UpdateKey; use Appwrite\Platform\Modules\Project\Http\Project\Keys\XList as ListKeys; use Appwrite\Platform\Modules\Project\Http\Project\Labels\Update as UpdateProjectLabels; @@ -131,7 +131,7 @@ class Http extends Service $this->addAction(UpdateVariable::getName(), new UpdateVariable()); // Keys - $this->addAction(CreateStandardKey::getName(), new CreateStandardKey()); + $this->addAction(CreateKey::getName(), new CreateKey()); $this->addAction(CreateEphemeralKey::getName(), new CreateEphemeralKey()); $this->addAction(ListKeys::getName(), new ListKeys()); $this->addAction(GetKey::getName(), new GetKey()); diff --git a/tests/e2e/Services/Project/KeysBase.php b/tests/e2e/Services/Project/KeysBase.php index cd50f67c14..c8687d9964 100644 --- a/tests/e2e/Services/Project/KeysBase.php +++ b/tests/e2e/Services/Project/KeysBase.php @@ -245,8 +245,11 @@ trait KeysBase public function testCreateEphemeralKey(): void { + $duration = 900; + $key = $this->createEphemeralKey( ['users.read', 'users.write'], + $duration, ); $this->assertSame(201, $key['headers']['status-code']); @@ -271,12 +274,11 @@ trait KeysBase $this->assertNotEmpty($payload['projectId']); $this->assertSame(['users.read', 'users.write'], $payload['scopes']); - // Verify default duration (900 seconds) $expireDt = new \DateTime($key['body']['expire']); $now = new \DateTime(); $diff = $expireDt->getTimestamp() - $now->getTimestamp(); - $this->assertGreaterThanOrEqual(890, $diff); - $this->assertLessThanOrEqual(910, $diff); + $this->assertGreaterThanOrEqual($duration - 10, $diff); + $this->assertLessThanOrEqual($duration + 10, $diff); } public function testCreateEphemeralKeyWithDuration(): void @@ -302,6 +304,7 @@ trait KeysBase { $key = $this->createEphemeralKey( [], + 900, ); $this->assertSame(201, $key['headers']['status-code']); @@ -312,17 +315,27 @@ trait KeysBase { $response = $this->createEphemeralKey( ['users.read'], - null, + 900, false ); $this->assertSame(401, $response['headers']['status-code']); } + public function testCreateEphemeralKeyMissingDuration(): void + { + $response = $this->createEphemeralKey( + ['users.read'], + ); + + $this->assertSame(400, $response['headers']['status-code']); + } + public function testCreateEphemeralKeyInvalidScope(): void { $response = $this->createEphemeralKey( ['invalid.scope'], + 900, ); $this->assertSame(400, $response['headers']['status-code']); From aaf91f381618bdf3b4bea47a7e16bee47dfe074f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Matej=20Ba=C4=8Do?= Date: Wed, 29 Apr 2026 13:52:13 +0200 Subject: [PATCH 2/8] Improve scopes quality --- app/config/roles.php | 10 +- app/config/scopes/project.php | 448 +++++++++++------- app/controllers/api/users.php | 8 +- .../Modules/Console/Http/Scopes/Key/XList.php | 10 +- .../Functions/Http/Executions/Create.php | 2 +- .../Functions/Http/Executions/Delete.php | 2 +- .../Modules/Functions/Http/Executions/Get.php | 2 +- .../Functions/Http/Executions/XList.php | 2 +- .../Utopia/Response/Model/ConsoleKeyScope.php | 12 + tests/benchmarks/bulk-operations/utils.js | 4 +- tests/benchmarks/http.js | 4 +- tests/e2e/Scopes/ProjectCustom.php | 4 +- .../Projects/Schedules/SchedulesBase.php | 4 +- 13 files changed, 307 insertions(+), 205 deletions(-) diff --git a/app/config/roles.php b/app/config/roles.php index d653b4857c..8fba27e503 100644 --- a/app/config/roles.php +++ b/app/config/roles.php @@ -21,8 +21,8 @@ $member = [ 'projects.read', 'locale.read', 'avatars.read', - 'execution.read', - 'execution.write', + 'executions.read', + 'executions.write', 'targets.read', 'targets.write', 'subscribers.write', @@ -81,8 +81,8 @@ $admins = [ 'sites.write', 'log.read', 'log.write', - 'execution.read', - 'execution.write', + 'executions.read', + 'executions.write', 'rules.read', 'rules.write', 'migrations.read', @@ -123,7 +123,7 @@ return [ 'files.write', 'locale.read', 'avatars.read', - 'execution.write', + 'executions.write', ], ], User::ROLE_USERS => [ diff --git a/app/config/scopes/project.php b/app/config/scopes/project.php index 947cd863f8..64eb1836b5 100644 --- a/app/config/scopes/project.php +++ b/app/config/scopes/project.php @@ -1,239 +1,327 @@ [ - 'description' => 'Access to create, update, and delete user sessions', - ], - 'users.read' => [ - 'description' => 'Access to read your project\'s users', - ], - 'users.write' => [ - 'description' => 'Access to create, update, and delete your project\'s users', - ], - 'teams.read' => [ - 'description' => 'Access to read your project\'s teams', - ], - 'teams.write' => [ - 'description' => 'Access to create, update, and delete your project\'s teams', - ], - 'databases.read' => [ - 'description' => 'Access to read your project\'s databases', - ], - 'databases.write' => [ - 'description' => 'Access to create, update, and delete your project\'s databases', - ], - 'collections.read' => [ - 'description' => 'Access to read your project\'s database collections', - ], - 'collections.write' => [ - 'description' => 'Access to create, update, and delete your project\'s database collections', - ], - 'tables.read' => [ - 'description' => 'Access to read your project\'s database tables', - ], - 'tables.write' => [ - 'description' => 'Access to create, update, and delete your project\'s database tables', - ], - 'attributes.read' => [ - 'description' => 'Access to read your project\'s database collection\'s attributes', - ], - 'attributes.write' => [ - 'description' => 'Access to create, update, and delete your project\'s database collection\'s attributes', - ], - 'columns.read' => [ - 'description' => 'Access to read your project\'s database table\'s columns', - ], - 'columns.write' => [ - 'description' => 'Access to create, update, and delete your project\'s database table\'s columns', - ], - 'indexes.read' => [ - 'description' => 'Access to read your project\'s database table\'s indexes', - ], - 'indexes.write' => [ - 'description' => 'Access to create, update, and delete your project\'s database table\'s indexes', - ], - 'documents.read' => [ - 'description' => 'Access to read your project\'s database documents', - ], - 'documents.write' => [ - 'description' => 'Access to create, update, and delete your project\'s database documents', - ], - 'rows.read' => [ - 'description' => 'Access to read your project\'s database rows', - ], - 'rows.write' => [ - 'description' => 'Access to create, update, and delete your project\'s database rows', - ], - 'files.read' => [ - 'description' => 'Access to read your project\'s storage files and preview images', - ], - 'files.write' => [ - 'description' => 'Access to create, update, and delete your project\'s storage files', - ], - 'buckets.read' => [ - 'description' => 'Access to read your project\'s storage buckets', - ], - 'buckets.write' => [ - 'description' => 'Access to create, update, and delete your project\'s storage buckets', - ], - 'functions.read' => [ - 'description' => 'Access to read your project\'s functions and code deployments', - ], - 'functions.write' => [ - 'description' => 'Access to create, update, and delete your project\'s functions and code deployments', - ], - 'sites.read' => [ - 'description' => 'Access to read your project\'s sites and deployments', - ], - 'sites.write' => [ - 'description' => 'Access to create, update, and delete your project\'s sites and deployments', - ], - 'log.read' => [ - 'description' => 'Access to read your site\'s logs', - ], - 'log.write' => [ - 'description' => 'Access to update, and delete your site\'s logs', - ], - 'execution.read' => [ - 'description' => 'Access to read your project\'s execution logs', - ], - 'execution.write' => [ - 'description' => 'Access to execute your project\'s functions', - ], - 'locale.read' => [ - 'description' => 'Access to access your project\'s Locale service', - ], - 'avatars.read' => [ - 'description' => 'Access to access your project\'s Avatars service', - ], - 'health.read' => [ - 'description' => 'Access to read your project\'s health status', - ], - 'providers.read' => [ - 'description' => 'Access to read your project\'s providers', - ], - 'providers.write' => [ - 'description' => 'Access to create, update, and delete your project\'s providers', - ], - 'messages.read' => [ - 'description' => 'Access to read your project\'s messages', - ], - 'messages.write' => [ - 'description' => 'Access to create, update, and delete your project\'s messages', - ], - 'topics.read' => [ - 'description' => 'Access to read your project\'s topics', - ], - 'topics.write' => [ - 'description' => 'Access to create, update, and delete your project\'s topics', - ], - 'subscribers.read' => [ - 'description' => 'Access to read your project\'s subscribers', - ], - 'subscribers.write' => [ - 'description' => 'Access to create, update, and delete your project\'s subscribers', - ], - 'targets.read' => [ - 'description' => 'Access to read your project\'s targets', - ], - 'targets.write' => [ - 'description' => 'Access to create, update, and delete your project\'s targets', - ], - 'rules.read' => [ - 'description' => 'Access to read your project\'s proxy rules', - ], - 'rules.write' => [ - 'description' => 'Access to create, update, and delete your project\'s proxy rules', - ], - 'schedules.read' => [ - 'description' => 'Access to read your project\'s schedules', - ], - 'schedules.write' => [ - 'description' => 'Access to create, update, and delete your project\'s schedules', - ], - 'migrations.read' => [ - 'description' => 'Access to read your project\'s migrations', - ], - 'migrations.write' => [ - 'description' => 'Access to create, update, and delete your project\'s migrations.', - ], - 'vcs.read' => [ - 'description' => 'Access to read your project\'s VCS repositories', - ], - 'vcs.write' => [ - 'description' => 'Access to create, update, and delete your project\'s VCS repositories', - ], - 'assistant.read' => [ - 'description' => 'Access to read the Assistant service', - ], - 'tokens.read' => [ - 'description' => 'Access to read your project\'s tokens', - ], - 'tokens.write' => [ - 'description' => 'Access to create, update, and delete your project\'s tokens', - ], - "webhooks.read" => [ - "description" => - "Access to read project\'s webhooks", - ], - "webhooks.write" => [ - "description" => - "Access to create, update, and delete project\'s webhooks", - ], +// List of publicly visible scopes +return [ + // Project "project.read" => [ "description" => "Access to read project\'s information", + "category" => "Project", ], "project.write" => [ "description" => "Access to update project\'s information", + "category" => "Project", ], "keys.read" => [ "description" => "Access to read project\'s keys", + "category" => "Project", ], "keys.write" => [ "description" => "Access to create, update, and delete project\'s keys", + "category" => "Project", ], "platforms.read" => [ "description" => "Access to read project\'s platforms", + "category" => "Project", ], "platforms.write" => [ "description" => "Access to create, update, and delete project\'s platforms", + "category" => "Project", ], "mocks.read" => [ "description" => "Access to read project\'s mocks", + "category" => "Project", ], "mocks.write" => [ "description" => "Access to create, update, and delete project\'s mocks", + "category" => "Project", ], "policies.read" => [ "description" => "Access to read project\'s policies", + "category" => "Project", ], "policies.write" => [ "description" => "Access to update project\'s policies", + "category" => "Project", ], "templates.read" => [ "description" => "Access to read project\'s templates", + "category" => "Project", ], "templates.write" => [ "description" => "Access to create, update, and delete project\'s templates", + "category" => "Project", ], "oauth2.read" => [ "description" => "Access to read project\'s OAuth2 configuration", + "category" => "Project", ], "oauth2.write" => [ "description" => "Access to update project\'s OAuth2 configuration", + "category" => "Project", ], + + // Auth + 'users.read' => [ + 'description' => 'Access to read users', + 'category' => 'Auth', + ], + 'users.write' => [ + 'description' => 'Access to create, update, and delete users', + 'category' => 'Auth', + ], + 'sessions.read' => [ + 'description' => 'Access to read user sessions', + 'category' => 'Auth', + ], + 'sessions.write' => [ + 'description' => 'Access to create, update, and delete user sessions', + 'category' => 'Auth', + ], + 'teams.read' => [ + 'description' => 'Access to read teams', + 'category' => 'Auth', + ], + 'teams.write' => [ + 'description' => 'Access to create, update, and delete teams', + 'category' => 'Auth', + ], + + // Databases + 'databases.read' => [ + 'description' => 'Access to read databases', + 'category' => 'Databases', + ], + 'databases.write' => [ + 'description' => 'Access to create, update, and delete databases', + 'category' => 'Databases', + ], + 'tables.read' => [ + 'description' => 'Access to read database tables', + 'category' => 'Databases', + ], + 'tables.write' => [ + 'description' => 'Access to create, update, and delete database tables', + 'category' => 'Databases', + ], + 'columns.read' => [ + 'description' => 'Access to read database table columns', + 'category' => 'Databases', + ], + 'columns.write' => [ + 'description' => 'Access to create, update, and delete database table columns', + 'category' => 'Databases', + ], + 'indexes.read' => [ + 'description' => 'Access to read database table indexes', + 'category' => 'Databases', + ], + 'indexes.write' => [ + 'description' => 'Access to create, update, and delete database table indexes', + 'category' => 'Databases', + ], + 'rows.read' => [ + 'description' => 'Access to read database table rows', + 'category' => 'Databases', + ], + 'rows.write' => [ + 'description' => 'Access to create, update, and delete database table rows', + 'category' => 'Databases', + ], + 'collections.read' => [ + 'description' => 'Access to read database collections', + 'category' => 'Databases', + 'deprecated' => true, + ], + 'collections.write' => [ + 'description' => 'Access to create, update, and delete database collections', + 'category' => 'Databases', + 'deprecated' => true, + ], + 'attributes.read' => [ + 'description' => 'Access to read database collection attributes', + 'category' => 'Databases', + 'deprecated' => true, + ], + 'attributes.write' => [ + 'description' => 'Access to create, update, and delete database collection attributes', + 'category' => 'Databases', + 'deprecated' => true, + ], + 'documents.read' => [ + 'description' => 'Access to read database collection documents', + 'category' => 'Databases', + 'deprecated' => true, + ], + 'documents.write' => [ + 'description' => 'Access to create, update, and delete database collection\ documents', + 'category' => 'Databases', + 'deprecated' => true, + ], + + // Storage + 'buckets.read' => [ + 'description' => 'Access to read storage buckets', + 'category' => 'Storage', + ], + 'buckets.write' => [ + 'description' => 'Access to create, update, and delete storage buckets', + 'category' => 'Storage', + ], + 'files.read' => [ + 'description' => 'Access to read storage files and preview images', + 'category' => 'Storage', + ], + 'files.write' => [ + 'description' => 'Access to create, update, and delete storage files', + 'category' => 'Storage', + ], + 'tokens.read' => [ + 'description' => 'Access to read storage file tokens', + 'category' => 'Storage', + ], + 'tokens.write' => [ + 'description' => 'Access to create, update, and delete storage file tokens', + 'category' => 'Storage', + ], + + // Functions + 'functions.read' => [ + 'description' => 'Access to read functions and deployments', + 'category' => 'Functions', + ], + 'functions.write' => [ + 'description' => 'Access to create, update, and delete functions and deployments', + 'category' => 'Functions', + ], + 'executions.read' => [ + 'description' => 'Access to read function executions', + 'category' => 'Functions', + ], + 'executions.write' => [ + 'description' => 'Access to create function executions', + 'category' => 'Functions', + ], + + // Sites + 'sites.read' => [ + 'description' => 'Access to read sites and deployments', + 'category' => 'Sites', + ], + 'sites.write' => [ + 'description' => 'Access to create, update, and delete sites and deployments', + 'category' => 'Sites', + ], + 'log.read' => [ + 'description' => 'Access to read site logs', + 'category' => 'Sites', + ], + 'log.write' => [ + 'description' => 'Access to update, and delete site logs', + 'category' => 'Sites', + ], + + // Messaging + 'providers.read' => [ + 'description' => 'Access to read messaging providers', + 'category' => 'Messaging', + ], + 'providers.write' => [ + 'description' => 'Access to create, update, and delete messaging providers', + 'category' => 'Messaging', + ], + 'topics.read' => [ + 'description' => 'Access to read messaging topics', + 'category' => 'Messaging', + ], + 'topics.write' => [ + 'description' => 'Access to create, update, and delete messaging topics', + 'category' => 'Messaging', + ], + 'subscribers.read' => [ + 'description' => 'Access to read messaging subscribers', + 'category' => 'Messaging', + ], + 'subscribers.write' => [ + 'description' => 'Access to create, update, and delete messaging subscribers', + 'category' => 'Messaging', + ], + 'targets.read' => [ + 'description' => 'Access to read messaging targets', + 'category' => 'Messaging', + ], + 'targets.write' => [ + 'description' => 'Access to create, update, and delete messaging targets', + 'category' => 'Messaging', + ], + 'messages.read' => [ + 'description' => 'Access to read messaging messages', + 'category' => 'Messaging', + ], + 'messages.write' => [ + 'description' => 'Access to create, update, and delete messaging messages', + 'category' => 'Messaging', + ], + + // Proxy + 'rules.read' => [ + 'description' => 'Access to read proxy rules', + 'category' => 'Proxy', + ], + 'rules.write' => [ + 'description' => 'Access to create, update, and delete proxy rules', + 'category' => 'Proxy', + ], + + // TODO: VCS + + // Other + "webhooks.read" => [ + "description" => + "Access to read webhooks", + 'category' => 'Other', + ], + "webhooks.write" => [ + "description" => + "Access to create, update, and delete webhooks", + 'category' => 'Other', + ], + 'locale.read' => [ + 'description' => 'Access to use Locale service', + 'category' => 'Other', + ], + 'avatars.read' => [ + 'description' => 'Access to use Avatars service', + 'category' => 'Other', + ], + 'health.read' => [ + 'description' => 'Access to use Health service', + 'category' => 'Other', + ], + 'assistant.read' => [ + 'description' => 'Access to use Assistant service', + 'category' => 'Other', + ], + 'migrations.read' => [ + 'description' => 'Access to read migrations', + 'category' => 'Other', + ], + 'migrations.write' => [ + 'description' => 'Access to create, update, and delete migrations.', + 'category' => 'Other', + ], + // TODO: Figure out schedules.read, schedules.write ]; diff --git a/app/controllers/api/users.php b/app/controllers/api/users.php index 1346812668..abcecac396 100644 --- a/app/controllers/api/users.php +++ b/app/controllers/api/users.php @@ -856,7 +856,7 @@ Http::get('/v1/users/:userId/targets/:targetId') Http::get('/v1/users/:userId/sessions') ->desc('List user sessions') ->groups(['api', 'users']) - ->label('scope', 'users.read') + ->label('scope', ['users.read', 'sessions.read']) ->label('sdk', new Method( namespace: 'users', group: 'sessions', @@ -2314,7 +2314,7 @@ Http::post('/v1/users/:userId/sessions') ->desc('Create session') ->groups(['api', 'users']) ->label('event', 'users.[userId].sessions.[sessionId].create') - ->label('scope', 'users.write') + ->label('scope', ['users.write', 'sessions.write']) ->label('audits.event', 'session.create') ->label('audits.resource', 'user/{request.userId}') ->label('usage.metric', 'sessions.{scope}.requests.create') @@ -2470,7 +2470,7 @@ Http::delete('/v1/users/:userId/sessions/:sessionId') ->desc('Delete user session') ->groups(['api', 'users']) ->label('event', 'users.[userId].sessions.[sessionId].delete') - ->label('scope', 'users.write') + ->label('scope', ['users.write', 'sessions.write']) ->label('audits.event', 'session.delete') ->label('audits.resource', 'user/{request.userId}') ->label('sdk', new Method( @@ -2521,7 +2521,7 @@ Http::delete('/v1/users/:userId/sessions') ->desc('Delete user sessions') ->groups(['api', 'users']) ->label('event', 'users.[userId].sessions.delete') - ->label('scope', 'users.write') + ->label('scope', ['users.write', 'sessions.write']) ->label('audits.event', 'session.delete') ->label('audits.resource', 'user/{user.$id}') ->label('sdk', new Method( diff --git a/src/Appwrite/Platform/Modules/Console/Http/Scopes/Key/XList.php b/src/Appwrite/Platform/Modules/Console/Http/Scopes/Key/XList.php index 255a7583bb..d951e93886 100644 --- a/src/Appwrite/Platform/Modules/Console/Http/Scopes/Key/XList.php +++ b/src/Appwrite/Platform/Modules/Console/Http/Scopes/Key/XList.php @@ -18,21 +18,21 @@ class XList extends Action public static function getName(): string { - return 'listKeyScopes'; + return 'listConsoleProjectScopes'; } public function __construct() { $this ->setHttpMethod(Action::HTTP_REQUEST_METHOD_GET) - ->setHttpPath('/v1/console/scopes/key') - ->desc('List key scopes') + ->setHttpPath('/v1/console/scopes/project') + ->desc('List project scopes') ->groups(['api']) ->label('scope', 'public') ->label('sdk', new Method( namespace: 'console', group: 'console', - name: 'listKeyScopes', + name: 'listProjectScopes', description: 'List all scopes available for project API keys, along with a description for each scope.', auth: [AuthType::ADMIN], responses: [ @@ -56,6 +56,8 @@ class XList extends Action $scopes[] = new Document([ '$id' => $scopeId, 'description' => $scope['description'] ?? '', + 'category' => $scope['category'] ?? '', + 'deprecated' => $scope['deprecated'] ?? false, ]); } diff --git a/src/Appwrite/Platform/Modules/Functions/Http/Executions/Create.php b/src/Appwrite/Platform/Modules/Functions/Http/Executions/Create.php index 4bf2fbc48f..9f15cf9d1e 100644 --- a/src/Appwrite/Platform/Modules/Functions/Http/Executions/Create.php +++ b/src/Appwrite/Platform/Modules/Functions/Http/Executions/Create.php @@ -60,7 +60,7 @@ class Create extends Base ->setHttpPath('/v1/functions/:functionId/executions') ->desc('Create execution') ->groups(['api', 'functions']) - ->label('scope', 'execution.write') + ->label('scope', ['executions.write', 'execution.write']) ->label('resourceType', RESOURCE_TYPE_FUNCTIONS) ->label('event', 'functions.[functionId].executions.[executionId].create') ->label('sdk', new Method( diff --git a/src/Appwrite/Platform/Modules/Functions/Http/Executions/Delete.php b/src/Appwrite/Platform/Modules/Functions/Http/Executions/Delete.php index 21ec3c66ce..9ecb5c0bf0 100644 --- a/src/Appwrite/Platform/Modules/Functions/Http/Executions/Delete.php +++ b/src/Appwrite/Platform/Modules/Functions/Http/Executions/Delete.php @@ -35,7 +35,7 @@ class Delete extends Base ->setHttpPath('/v1/functions/:functionId/executions/:executionId') ->desc('Delete execution') ->groups(['api', 'functions']) - ->label('scope', 'execution.write') + ->label('scope', ['executions.write', 'execution.write']) ->label('resourceType', RESOURCE_TYPE_FUNCTIONS) ->label('event', 'functions.[functionId].executions.[executionId].delete') ->label('audits.event', 'executions.delete') diff --git a/src/Appwrite/Platform/Modules/Functions/Http/Executions/Get.php b/src/Appwrite/Platform/Modules/Functions/Http/Executions/Get.php index aec9d56543..0a9dd01b7e 100644 --- a/src/Appwrite/Platform/Modules/Functions/Http/Executions/Get.php +++ b/src/Appwrite/Platform/Modules/Functions/Http/Executions/Get.php @@ -31,7 +31,7 @@ class Get extends Base ->setHttpPath('/v1/functions/:functionId/executions/:executionId') ->desc('Get execution') ->groups(['api', 'functions']) - ->label('scope', 'execution.read') + ->label('scope', ['executions.read', 'execution.read']) ->label('resourceType', RESOURCE_TYPE_FUNCTIONS) ->label('sdk', new Method( namespace: 'functions', diff --git a/src/Appwrite/Platform/Modules/Functions/Http/Executions/XList.php b/src/Appwrite/Platform/Modules/Functions/Http/Executions/XList.php index b12980b222..6ad2a5ae55 100644 --- a/src/Appwrite/Platform/Modules/Functions/Http/Executions/XList.php +++ b/src/Appwrite/Platform/Modules/Functions/Http/Executions/XList.php @@ -39,7 +39,7 @@ class XList extends Base ->setHttpPath('/v1/functions/:functionId/executions') ->desc('List executions') ->groups(['api', 'functions']) - ->label('scope', 'execution.read') + ->label('scope', ['executions.read', 'execution.read']) ->label('resourceType', RESOURCE_TYPE_FUNCTIONS) ->label('sdk', new Method( namespace: 'functions', diff --git a/src/Appwrite/Utopia/Response/Model/ConsoleKeyScope.php b/src/Appwrite/Utopia/Response/Model/ConsoleKeyScope.php index 4932707d21..224d114271 100644 --- a/src/Appwrite/Utopia/Response/Model/ConsoleKeyScope.php +++ b/src/Appwrite/Utopia/Response/Model/ConsoleKeyScope.php @@ -22,6 +22,18 @@ class ConsoleKeyScope extends Model 'default' => '', 'example' => 'Access to read your project\'s users', ]) + ->addRule('category', [ + 'type' => self::TYPE_STRING, + 'description' => 'Scope category.', + 'default' => '', + 'example' => 'Auth', + ]) + ->addRule('deprecated', [ + 'type' => self::TYPE_BOOLEAN, + 'description' => 'Scope is deprecated.', + 'default' => false, + 'example' => true, + ]) ; } diff --git a/tests/benchmarks/bulk-operations/utils.js b/tests/benchmarks/bulk-operations/utils.js index dc8dcac569..5b8bbc6c67 100644 --- a/tests/benchmarks/bulk-operations/utils.js +++ b/tests/benchmarks/bulk-operations/utils.js @@ -197,8 +197,8 @@ const SCOPES = [ "buckets.write", "functions.read", "functions.write", - "execution.read", - "execution.write", + "executions.read", + "executions.write", "targets.read", "targets.write", "providers.read", diff --git a/tests/benchmarks/http.js b/tests/benchmarks/http.js index 6466ffd361..f7bb54024d 100644 --- a/tests/benchmarks/http.js +++ b/tests/benchmarks/http.js @@ -75,8 +75,8 @@ const API_SCOPES = [ 'functions.write', 'log.read', 'log.write', - 'execution.read', - 'execution.write', + 'executions.read', + 'executions.write', 'locale.read', 'avatars.read', 'rules.read', diff --git a/tests/e2e/Scopes/ProjectCustom.php b/tests/e2e/Scopes/ProjectCustom.php index 31d85524af..3071ddfa2a 100644 --- a/tests/e2e/Scopes/ProjectCustom.php +++ b/tests/e2e/Scopes/ProjectCustom.php @@ -137,8 +137,8 @@ trait ProjectCustom 'functions.write', 'sites.read', 'sites.write', - 'execution.read', - 'execution.write', + 'executions.read', + 'executions.write', 'log.read', 'log.write', 'locale.read', diff --git a/tests/e2e/Services/Projects/Schedules/SchedulesBase.php b/tests/e2e/Services/Projects/Schedules/SchedulesBase.php index 681e39b662..4baaca4e5b 100644 --- a/tests/e2e/Services/Projects/Schedules/SchedulesBase.php +++ b/tests/e2e/Services/Projects/Schedules/SchedulesBase.php @@ -62,8 +62,8 @@ trait SchedulesBase 'scopes' => [ 'functions.read', 'functions.write', - 'execution.read', - 'execution.write', + 'executions.read', + 'executions.write', 'messages.read', 'messages.write', ], From e010bf25d5a09a8bdb5b330134e70c3f9e28f7ca Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Matej=20Ba=C4=8Do?= Date: Wed, 29 Apr 2026 13:57:16 +0200 Subject: [PATCH 3/8] Fix formatting --- app/config/scopes/project.php | 44 +++++++++++++++++------------------ 1 file changed, 22 insertions(+), 22 deletions(-) diff --git a/app/config/scopes/project.php b/app/config/scopes/project.php index 64eb1836b5..aa6752967d 100644 --- a/app/config/scopes/project.php +++ b/app/config/scopes/project.php @@ -11,67 +11,67 @@ return [ "project.write" => [ "description" => "Access to update project\'s information", - "category" => "Project", + "category" => "Project", ], "keys.read" => [ "description" => "Access to read project\'s keys", - "category" => "Project", + "category" => "Project", ], "keys.write" => [ "description" => "Access to create, update, and delete project\'s keys", - "category" => "Project", + "category" => "Project", ], "platforms.read" => [ "description" => "Access to read project\'s platforms", - "category" => "Project", + "category" => "Project", ], "platforms.write" => [ "description" => "Access to create, update, and delete project\'s platforms", - "category" => "Project", + "category" => "Project", ], "mocks.read" => [ "description" => "Access to read project\'s mocks", - "category" => "Project", + "category" => "Project", ], "mocks.write" => [ "description" => "Access to create, update, and delete project\'s mocks", - "category" => "Project", + "category" => "Project", ], "policies.read" => [ "description" => "Access to read project\'s policies", - "category" => "Project", + "category" => "Project", ], "policies.write" => [ "description" => "Access to update project\'s policies", - "category" => "Project", + "category" => "Project", ], "templates.read" => [ "description" => "Access to read project\'s templates", - "category" => "Project", + "category" => "Project", ], "templates.write" => [ "description" => "Access to create, update, and delete project\'s templates", - "category" => "Project", + "category" => "Project", ], "oauth2.read" => [ "description" => "Access to read project\'s OAuth2 configuration", - "category" => "Project", + "category" => "Project", ], "oauth2.write" => [ "description" => "Access to update project\'s OAuth2 configuration", - "category" => "Project", + "category" => "Project", ], // Auth @@ -99,7 +99,7 @@ return [ 'description' => 'Access to create, update, and delete teams', 'category' => 'Auth', ], - + // Databases 'databases.read' => [ 'description' => 'Access to read databases', @@ -197,7 +197,7 @@ return [ 'description' => 'Access to create, update, and delete storage file tokens', 'category' => 'Storage', ], - + // Functions 'functions.read' => [ 'description' => 'Access to read functions and deployments', @@ -215,7 +215,7 @@ return [ 'description' => 'Access to create function executions', 'category' => 'Functions', ], - + // Sites 'sites.read' => [ 'description' => 'Access to read sites and deployments', @@ -233,7 +233,7 @@ return [ 'description' => 'Access to update, and delete site logs', 'category' => 'Sites', ], - + // Messaging 'providers.read' => [ 'description' => 'Access to read messaging providers', @@ -275,7 +275,7 @@ return [ 'description' => 'Access to create, update, and delete messaging messages', 'category' => 'Messaging', ], - + // Proxy 'rules.read' => [ 'description' => 'Access to read proxy rules', @@ -285,19 +285,19 @@ return [ 'description' => 'Access to create, update, and delete proxy rules', 'category' => 'Proxy', ], - + // TODO: VCS - + // Other "webhooks.read" => [ "description" => "Access to read webhooks", - 'category' => 'Other', + 'category' => 'Other', ], "webhooks.write" => [ "description" => "Access to create, update, and delete webhooks", - 'category' => 'Other', + 'category' => 'Other', ], 'locale.read' => [ 'description' => 'Access to use Locale service', From b3e3b2a330b8f1180d6f524c8d26068b637a148d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Matej=20Ba=C4=8Do?= Date: Wed, 29 Apr 2026 14:00:14 +0200 Subject: [PATCH 4/8] Fix missing index scopes --- .../Modules/Databases/Http/TablesDB/Tables/Indexes/Create.php | 2 +- .../Modules/Databases/Http/TablesDB/Tables/Indexes/Delete.php | 2 +- .../Modules/Databases/Http/TablesDB/Tables/Indexes/Get.php | 2 +- .../Modules/Databases/Http/TablesDB/Tables/Indexes/XList.php | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/src/Appwrite/Platform/Modules/Databases/Http/TablesDB/Tables/Indexes/Create.php b/src/Appwrite/Platform/Modules/Databases/Http/TablesDB/Tables/Indexes/Create.php index e683aafba1..d377bed184 100644 --- a/src/Appwrite/Platform/Modules/Databases/Http/TablesDB/Tables/Indexes/Create.php +++ b/src/Appwrite/Platform/Modules/Databases/Http/TablesDB/Tables/Indexes/Create.php @@ -37,7 +37,7 @@ class Create extends IndexCreate ->desc('Create index') ->groups(['api', 'database']) ->label('event', 'databases.[databaseId].tables.[tableId].indexes.[indexId].create') - ->label('scope', ['tables.write', 'collections.write']) + ->label('scope', ['tables.write', 'collections.write', 'indexes.write']) ->label('resourceType', RESOURCE_TYPE_DATABASES) ->label('audits.event', 'index.create') ->label('audits.resource', 'database/{request.databaseId}/table/{request.tableId}') diff --git a/src/Appwrite/Platform/Modules/Databases/Http/TablesDB/Tables/Indexes/Delete.php b/src/Appwrite/Platform/Modules/Databases/Http/TablesDB/Tables/Indexes/Delete.php index 7750408e29..ca7e4fc2da 100644 --- a/src/Appwrite/Platform/Modules/Databases/Http/TablesDB/Tables/Indexes/Delete.php +++ b/src/Appwrite/Platform/Modules/Databases/Http/TablesDB/Tables/Indexes/Delete.php @@ -36,7 +36,7 @@ class Delete extends IndexDelete ->setHttpPath('/v1/tablesdb/:databaseId/tables/:tableId/indexes/:key') ->desc('Delete index') ->groups(['api', 'database']) - ->label('scope', ['tables.write', 'collections.write']) + ->label('scope', ['tables.write', 'collections.write', 'indexes.write']) ->label('resourceType', RESOURCE_TYPE_DATABASES) ->label('event', 'databases.[databaseId].tables.[tableId].indexes.[indexId].update') ->label('audits.event', 'index.delete') diff --git a/src/Appwrite/Platform/Modules/Databases/Http/TablesDB/Tables/Indexes/Get.php b/src/Appwrite/Platform/Modules/Databases/Http/TablesDB/Tables/Indexes/Get.php index 8f721abf0e..9918bcb2b8 100644 --- a/src/Appwrite/Platform/Modules/Databases/Http/TablesDB/Tables/Indexes/Get.php +++ b/src/Appwrite/Platform/Modules/Databases/Http/TablesDB/Tables/Indexes/Get.php @@ -32,7 +32,7 @@ class Get extends IndexGet ->setHttpPath('/v1/tablesdb/:databaseId/tables/:tableId/indexes/:key') ->desc('Get index') ->groups(['api', 'database']) - ->label('scope', ['tables.read', 'collections.read']) + ->label('scope', ['tables.read', 'collections.read', 'indexes.read']) ->label('resourceType', RESOURCE_TYPE_DATABASES) ->label('sdk', new Method( namespace: $this->getSDKNamespace(), diff --git a/src/Appwrite/Platform/Modules/Databases/Http/TablesDB/Tables/Indexes/XList.php b/src/Appwrite/Platform/Modules/Databases/Http/TablesDB/Tables/Indexes/XList.php index ff1e736c31..5fe3be4c05 100644 --- a/src/Appwrite/Platform/Modules/Databases/Http/TablesDB/Tables/Indexes/XList.php +++ b/src/Appwrite/Platform/Modules/Databases/Http/TablesDB/Tables/Indexes/XList.php @@ -33,7 +33,7 @@ class XList extends IndexXList ->setHttpPath('/v1/tablesdb/:databaseId/tables/:tableId/indexes') ->desc('List indexes') ->groups(['api', 'database']) - ->label('scope', ['tables.read', 'collections.read']) + ->label('scope', ['tables.read', 'collections.read', 'indexes.read']) ->label('resourceType', RESOURCE_TYPE_DATABASES) ->label('sdk', new Method( namespace: $this->getSDKNamespace(), From 4d86e670068c4dc4b63596a2ffa6ecc84080d09f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Matej=20Ba=C4=8Do?= Date: Wed, 29 Apr 2026 14:03:44 +0200 Subject: [PATCH 5/8] Fix missing scopes for tables --- app/config/scopes/project.php | 14 +------------- .../TablesDB/Tables/Columns/Boolean/Create.php | 2 +- .../TablesDB/Tables/Columns/Boolean/Update.php | 2 +- .../TablesDB/Tables/Columns/Datetime/Create.php | 2 +- .../TablesDB/Tables/Columns/Datetime/Update.php | 2 +- .../Http/TablesDB/Tables/Columns/Delete.php | 2 +- .../Http/TablesDB/Tables/Columns/Email/Create.php | 2 +- .../Http/TablesDB/Tables/Columns/Email/Update.php | 2 +- .../Http/TablesDB/Tables/Columns/Enum/Create.php | 2 +- .../Http/TablesDB/Tables/Columns/Enum/Update.php | 2 +- .../Http/TablesDB/Tables/Columns/Float/Create.php | 2 +- .../Http/TablesDB/Tables/Columns/Float/Update.php | 2 +- .../Databases/Http/TablesDB/Tables/Columns/Get.php | 2 +- .../Http/TablesDB/Tables/Columns/IP/Create.php | 2 +- .../Http/TablesDB/Tables/Columns/IP/Update.php | 2 +- .../TablesDB/Tables/Columns/Integer/Create.php | 2 +- .../TablesDB/Tables/Columns/Integer/Update.php | 2 +- .../Http/TablesDB/Tables/Columns/Line/Create.php | 2 +- .../Http/TablesDB/Tables/Columns/Line/Update.php | 2 +- .../TablesDB/Tables/Columns/Longtext/Create.php | 2 +- .../TablesDB/Tables/Columns/Longtext/Update.php | 2 +- .../TablesDB/Tables/Columns/Mediumtext/Create.php | 2 +- .../TablesDB/Tables/Columns/Mediumtext/Update.php | 2 +- .../Http/TablesDB/Tables/Columns/Point/Create.php | 2 +- .../Http/TablesDB/Tables/Columns/Point/Update.php | 2 +- .../TablesDB/Tables/Columns/Polygon/Create.php | 2 +- .../TablesDB/Tables/Columns/Polygon/Update.php | 2 +- .../Tables/Columns/Relationship/Create.php | 2 +- .../Tables/Columns/Relationship/Update.php | 2 +- .../Http/TablesDB/Tables/Columns/String/Create.php | 2 +- .../Http/TablesDB/Tables/Columns/String/Update.php | 2 +- .../Http/TablesDB/Tables/Columns/Text/Create.php | 2 +- .../Http/TablesDB/Tables/Columns/Text/Update.php | 2 +- .../Http/TablesDB/Tables/Columns/URL/Create.php | 2 +- .../Http/TablesDB/Tables/Columns/URL/Update.php | 2 +- .../TablesDB/Tables/Columns/Varchar/Create.php | 2 +- .../TablesDB/Tables/Columns/Varchar/Update.php | 2 +- .../Http/TablesDB/Tables/Columns/XList.php | 2 +- 38 files changed, 38 insertions(+), 50 deletions(-) diff --git a/app/config/scopes/project.php b/app/config/scopes/project.php index aa6752967d..c9c8786f38 100644 --- a/app/config/scopes/project.php +++ b/app/config/scopes/project.php @@ -276,18 +276,6 @@ return [ 'category' => 'Messaging', ], - // Proxy - 'rules.read' => [ - 'description' => 'Access to read proxy rules', - 'category' => 'Proxy', - ], - 'rules.write' => [ - 'description' => 'Access to create, update, and delete proxy rules', - 'category' => 'Proxy', - ], - - // TODO: VCS - // Other "webhooks.read" => [ "description" => @@ -323,5 +311,5 @@ return [ 'description' => 'Access to create, update, and delete migrations.', 'category' => 'Other', ], - // TODO: Figure out schedules.read, schedules.write + // TODO: Figure out schedules.read, schedules.write. Remove, likely ]; diff --git a/src/Appwrite/Platform/Modules/Databases/Http/TablesDB/Tables/Columns/Boolean/Create.php b/src/Appwrite/Platform/Modules/Databases/Http/TablesDB/Tables/Columns/Boolean/Create.php index ddfb023d25..10cd65bc98 100644 --- a/src/Appwrite/Platform/Modules/Databases/Http/TablesDB/Tables/Columns/Boolean/Create.php +++ b/src/Appwrite/Platform/Modules/Databases/Http/TablesDB/Tables/Columns/Boolean/Create.php @@ -34,7 +34,7 @@ class Create extends BooleanCreate ->desc('Create boolean column') ->groups(['api', 'database', 'schema']) ->label('event', 'databases.[databaseId].tables.[tableId].columns.[columnId].create') - ->label('scope', ['tables.write', 'collections.write']) + ->label('scope', ['tables.write', 'collections.write', 'columns.write', 'attributes.write']) ->label('resourceType', RESOURCE_TYPE_DATABASES) ->label('audits.event', 'column.create') ->label('audits.resource', 'database/{request.databaseId}/table/{request.tableId}') diff --git a/src/Appwrite/Platform/Modules/Databases/Http/TablesDB/Tables/Columns/Boolean/Update.php b/src/Appwrite/Platform/Modules/Databases/Http/TablesDB/Tables/Columns/Boolean/Update.php index c808021796..1e0fe04bdc 100644 --- a/src/Appwrite/Platform/Modules/Databases/Http/TablesDB/Tables/Columns/Boolean/Update.php +++ b/src/Appwrite/Platform/Modules/Databases/Http/TablesDB/Tables/Columns/Boolean/Update.php @@ -34,7 +34,7 @@ class Update extends BooleanUpdate ->setHttpPath('/v1/tablesdb/:databaseId/tables/:tableId/columns/boolean/:key') ->desc('Update boolean column') ->groups(['api', 'database', 'schema']) - ->label('scope', ['tables.write', 'collections.write']) + ->label('scope', ['tables.write', 'collections.write', 'columns.write', 'attributes.write']) ->label('resourceType', RESOURCE_TYPE_DATABASES) ->label('event', 'databases.[databaseId].tables.[tableId].columns.[columnId].update') ->label('audits.event', 'column.update') diff --git a/src/Appwrite/Platform/Modules/Databases/Http/TablesDB/Tables/Columns/Datetime/Create.php b/src/Appwrite/Platform/Modules/Databases/Http/TablesDB/Tables/Columns/Datetime/Create.php index 0698002f61..64e73e310e 100644 --- a/src/Appwrite/Platform/Modules/Databases/Http/TablesDB/Tables/Columns/Datetime/Create.php +++ b/src/Appwrite/Platform/Modules/Databases/Http/TablesDB/Tables/Columns/Datetime/Create.php @@ -34,7 +34,7 @@ class Create extends DatetimeCreate ->setHttpPath('/v1/tablesdb/:databaseId/tables/:tableId/columns/datetime') ->desc('Create datetime column') ->groups(['api', 'database']) - ->label('scope', ['tables.write', 'collections.write']) + ->label('scope', ['tables.write', 'collections.write', 'columns.write', 'attributes.write']) ->label('resourceType', RESOURCE_TYPE_DATABASES) ->label('event', 'databases.[databaseId].tables.[tableId].columns.[columnId].create') ->label('audits.event', 'column.create') diff --git a/src/Appwrite/Platform/Modules/Databases/Http/TablesDB/Tables/Columns/Datetime/Update.php b/src/Appwrite/Platform/Modules/Databases/Http/TablesDB/Tables/Columns/Datetime/Update.php index 035893f33f..44c1a06da8 100644 --- a/src/Appwrite/Platform/Modules/Databases/Http/TablesDB/Tables/Columns/Datetime/Update.php +++ b/src/Appwrite/Platform/Modules/Databases/Http/TablesDB/Tables/Columns/Datetime/Update.php @@ -35,7 +35,7 @@ class Update extends DatetimeUpdate ->setHttpPath('/v1/tablesdb/:databaseId/tables/:tableId/columns/datetime/:key') ->desc('Update dateTime column') ->groups(['api', 'database', 'schema']) - ->label('scope', ['tables.write', 'collections.write']) + ->label('scope', ['tables.write', 'collections.write', 'columns.write', 'attributes.write']) ->label('resourceType', RESOURCE_TYPE_DATABASES) ->label('event', 'databases.[databaseId].tables.[tableId].columns.[columnId].update') ->label('audits.event', 'column.update') diff --git a/src/Appwrite/Platform/Modules/Databases/Http/TablesDB/Tables/Columns/Delete.php b/src/Appwrite/Platform/Modules/Databases/Http/TablesDB/Tables/Columns/Delete.php index 81e71df07a..f4d606637d 100644 --- a/src/Appwrite/Platform/Modules/Databases/Http/TablesDB/Tables/Columns/Delete.php +++ b/src/Appwrite/Platform/Modules/Databases/Http/TablesDB/Tables/Columns/Delete.php @@ -33,7 +33,7 @@ class Delete extends AttributesDelete ->setHttpPath('/v1/tablesdb/:databaseId/tables/:tableId/columns/:key') ->desc('Delete column') ->groups(['api', 'database', 'schema']) - ->label('scope', ['tables.write', 'collections.write']) + ->label('scope', ['tables.write', 'collections.write', 'columns.write', 'attributes.write']) ->label('resourceType', RESOURCE_TYPE_DATABASES) ->label('event', 'databases.[databaseId].tables.[tableId].columns.[columnId].update') ->label('audits.event', 'column.delete') diff --git a/src/Appwrite/Platform/Modules/Databases/Http/TablesDB/Tables/Columns/Email/Create.php b/src/Appwrite/Platform/Modules/Databases/Http/TablesDB/Tables/Columns/Email/Create.php index b0e81ed6b7..d0b2ed3e4b 100644 --- a/src/Appwrite/Platform/Modules/Databases/Http/TablesDB/Tables/Columns/Email/Create.php +++ b/src/Appwrite/Platform/Modules/Databases/Http/TablesDB/Tables/Columns/Email/Create.php @@ -34,7 +34,7 @@ class Create extends EmailCreate ->setHttpPath('/v1/tablesdb/:databaseId/tables/:tableId/columns/email') ->desc('Create email column') ->groups(['api', 'database', 'schema']) - ->label('scope', ['tables.write', 'collections.write']) + ->label('scope', ['tables.write', 'collections.write', 'columns.write', 'attributes.write']) ->label('resourceType', RESOURCE_TYPE_DATABASES) ->label('event', 'databases.[databaseId].tables.[tableId].columns.[columnId].create') ->label('audits.event', 'column.create') diff --git a/src/Appwrite/Platform/Modules/Databases/Http/TablesDB/Tables/Columns/Email/Update.php b/src/Appwrite/Platform/Modules/Databases/Http/TablesDB/Tables/Columns/Email/Update.php index d1278376c1..c116d8c5b1 100644 --- a/src/Appwrite/Platform/Modules/Databases/Http/TablesDB/Tables/Columns/Email/Update.php +++ b/src/Appwrite/Platform/Modules/Databases/Http/TablesDB/Tables/Columns/Email/Update.php @@ -35,7 +35,7 @@ class Update extends EmailUpdate ->setHttpPath('/v1/tablesdb/:databaseId/tables/:tableId/columns/email/:key') ->desc('Update email column') ->groups(['api', 'database', 'schema']) - ->label('scope', ['tables.write', 'collections.write']) + ->label('scope', ['tables.write', 'collections.write', 'columns.write', 'attributes.write']) ->label('resourceType', RESOURCE_TYPE_DATABASES) ->label('event', 'databases.[databaseId].tables.[tableId].columns.[columnId].update') ->label('audits.event', 'column.update') diff --git a/src/Appwrite/Platform/Modules/Databases/Http/TablesDB/Tables/Columns/Enum/Create.php b/src/Appwrite/Platform/Modules/Databases/Http/TablesDB/Tables/Columns/Enum/Create.php index 9aeb9b2d4b..e58ae115fc 100644 --- a/src/Appwrite/Platform/Modules/Databases/Http/TablesDB/Tables/Columns/Enum/Create.php +++ b/src/Appwrite/Platform/Modules/Databases/Http/TablesDB/Tables/Columns/Enum/Create.php @@ -35,7 +35,7 @@ class Create extends EnumCreate ->setHttpPath('/v1/tablesdb/:databaseId/tables/:tableId/columns/enum') ->desc('Create enum column') ->groups(['api', 'database', 'schema']) - ->label('scope', ['tables.write', 'collections.write']) + ->label('scope', ['tables.write', 'collections.write', 'columns.write', 'attributes.write']) ->label('resourceType', RESOURCE_TYPE_DATABASES) ->label('event', 'databases.[databaseId].tables.[tableId].columns.[columnId].create') ->label('audits.event', 'column.create') diff --git a/src/Appwrite/Platform/Modules/Databases/Http/TablesDB/Tables/Columns/Enum/Update.php b/src/Appwrite/Platform/Modules/Databases/Http/TablesDB/Tables/Columns/Enum/Update.php index 43503ee8ed..208fa9c8cf 100644 --- a/src/Appwrite/Platform/Modules/Databases/Http/TablesDB/Tables/Columns/Enum/Update.php +++ b/src/Appwrite/Platform/Modules/Databases/Http/TablesDB/Tables/Columns/Enum/Update.php @@ -36,7 +36,7 @@ class Update extends EnumUpdate ->setHttpPath('/v1/tablesdb/:databaseId/tables/:tableId/columns/enum/:key') ->desc('Update enum column') ->groups(['api', 'database', 'schema']) - ->label('scope', ['tables.write', 'collections.write']) + ->label('scope', ['tables.write', 'collections.write', 'columns.write', 'attributes.write']) ->label('resourceType', RESOURCE_TYPE_DATABASES) ->label('event', 'databases.[databaseId].tables.[tableId].columns.[columnId].update') ->label('audits.event', 'column.update') diff --git a/src/Appwrite/Platform/Modules/Databases/Http/TablesDB/Tables/Columns/Float/Create.php b/src/Appwrite/Platform/Modules/Databases/Http/TablesDB/Tables/Columns/Float/Create.php index 0dd0ef39e1..b8e81820aa 100644 --- a/src/Appwrite/Platform/Modules/Databases/Http/TablesDB/Tables/Columns/Float/Create.php +++ b/src/Appwrite/Platform/Modules/Databases/Http/TablesDB/Tables/Columns/Float/Create.php @@ -34,7 +34,7 @@ class Create extends FloatCreate ->setHttpPath('/v1/tablesdb/:databaseId/tables/:tableId/columns/float') ->desc('Create float column') ->groups(['api', 'database', 'schema']) - ->label('scope', ['tables.write', 'collections.write']) + ->label('scope', ['tables.write', 'collections.write', 'columns.write', 'attributes.write']) ->label('resourceType', RESOURCE_TYPE_DATABASES) ->label('event', 'databases.[databaseId].tables.[tableId].columns.[columnId].create') ->label('audits.event', 'column.create') diff --git a/src/Appwrite/Platform/Modules/Databases/Http/TablesDB/Tables/Columns/Float/Update.php b/src/Appwrite/Platform/Modules/Databases/Http/TablesDB/Tables/Columns/Float/Update.php index 716923cc63..9ab61e642b 100644 --- a/src/Appwrite/Platform/Modules/Databases/Http/TablesDB/Tables/Columns/Float/Update.php +++ b/src/Appwrite/Platform/Modules/Databases/Http/TablesDB/Tables/Columns/Float/Update.php @@ -35,7 +35,7 @@ class Update extends FloatUpdate ->setHttpPath('/v1/tablesdb/:databaseId/tables/:tableId/columns/float/:key') ->desc('Update float column') ->groups(['api', 'database', 'schema']) - ->label('scope', ['tables.write', 'collections.write']) + ->label('scope', ['tables.write', 'collections.write', 'columns.write', 'attributes.write']) ->label('resourceType', RESOURCE_TYPE_DATABASES) ->label('event', 'databases.[databaseId].tables.[tableId].columns.[columnId].update') ->label('audits.event', 'column.update') diff --git a/src/Appwrite/Platform/Modules/Databases/Http/TablesDB/Tables/Columns/Get.php b/src/Appwrite/Platform/Modules/Databases/Http/TablesDB/Tables/Columns/Get.php index 0fe5fa062a..b0ef9e8a85 100644 --- a/src/Appwrite/Platform/Modules/Databases/Http/TablesDB/Tables/Columns/Get.php +++ b/src/Appwrite/Platform/Modules/Databases/Http/TablesDB/Tables/Columns/Get.php @@ -42,7 +42,7 @@ class Get extends AttributesGet ->setHttpPath('/v1/tablesdb/:databaseId/tables/:tableId/columns/:key') ->desc('Get column') ->groups(['api', 'database']) - ->label('scope', ['tables.read', 'collections.read']) + ->label('scope', ['tables.read', 'collections.read', 'columns.read', 'attributes.read']) ->label('resourceType', RESOURCE_TYPE_DATABASES) ->label('sdk', new Method( namespace: $this->getSDKNamespace(), diff --git a/src/Appwrite/Platform/Modules/Databases/Http/TablesDB/Tables/Columns/IP/Create.php b/src/Appwrite/Platform/Modules/Databases/Http/TablesDB/Tables/Columns/IP/Create.php index c359feaab4..c2faec9aeb 100644 --- a/src/Appwrite/Platform/Modules/Databases/Http/TablesDB/Tables/Columns/IP/Create.php +++ b/src/Appwrite/Platform/Modules/Databases/Http/TablesDB/Tables/Columns/IP/Create.php @@ -34,7 +34,7 @@ class Create extends IPCreate ->setHttpPath('/v1/tablesdb/:databaseId/tables/:tableId/columns/ip') ->desc('Create IP address column') ->groups(['api', 'database', 'schema']) - ->label('scope', ['tables.write', 'collections.write']) + ->label('scope', ['tables.write', 'collections.write', 'columns.write', 'attributes.write']) ->label('resourceType', RESOURCE_TYPE_DATABASES) ->label('event', 'databases.[databaseId].tables.[tableId].columns.[columnId].create') ->label('audits.event', 'column.create') diff --git a/src/Appwrite/Platform/Modules/Databases/Http/TablesDB/Tables/Columns/IP/Update.php b/src/Appwrite/Platform/Modules/Databases/Http/TablesDB/Tables/Columns/IP/Update.php index 0c7cc6644b..dcc4160580 100644 --- a/src/Appwrite/Platform/Modules/Databases/Http/TablesDB/Tables/Columns/IP/Update.php +++ b/src/Appwrite/Platform/Modules/Databases/Http/TablesDB/Tables/Columns/IP/Update.php @@ -35,7 +35,7 @@ class Update extends IPUpdate ->setHttpPath('/v1/tablesdb/:databaseId/tables/:tableId/columns/ip/:key') ->desc('Update IP address column') ->groups(['api', 'database', 'schema']) - ->label('scope', ['tables.write', 'collections.write']) + ->label('scope', ['tables.write', 'collections.write', 'columns.write', 'attributes.write']) ->label('resourceType', RESOURCE_TYPE_DATABASES) ->label('event', 'databases.[databaseId].tables.[tableId].columns.[columnId].update') ->label('audits.event', 'column.update') diff --git a/src/Appwrite/Platform/Modules/Databases/Http/TablesDB/Tables/Columns/Integer/Create.php b/src/Appwrite/Platform/Modules/Databases/Http/TablesDB/Tables/Columns/Integer/Create.php index bbb1710866..1a965c19dc 100644 --- a/src/Appwrite/Platform/Modules/Databases/Http/TablesDB/Tables/Columns/Integer/Create.php +++ b/src/Appwrite/Platform/Modules/Databases/Http/TablesDB/Tables/Columns/Integer/Create.php @@ -34,7 +34,7 @@ class Create extends IntegerCreate ->setHttpPath('/v1/tablesdb/:databaseId/tables/:tableId/columns/integer') ->desc('Create integer column') ->groups(['api', 'database', 'schema']) - ->label('scope', ['tables.write', 'collections.write']) + ->label('scope', ['tables.write', 'collections.write', 'columns.write', 'attributes.write']) ->label('resourceType', RESOURCE_TYPE_DATABASES) ->label('event', 'databases.[databaseId].tables.[tableId].columns.[columnId].create') ->label('audits.event', 'column.create') diff --git a/src/Appwrite/Platform/Modules/Databases/Http/TablesDB/Tables/Columns/Integer/Update.php b/src/Appwrite/Platform/Modules/Databases/Http/TablesDB/Tables/Columns/Integer/Update.php index a9348f51e0..58dea7c848 100644 --- a/src/Appwrite/Platform/Modules/Databases/Http/TablesDB/Tables/Columns/Integer/Update.php +++ b/src/Appwrite/Platform/Modules/Databases/Http/TablesDB/Tables/Columns/Integer/Update.php @@ -35,7 +35,7 @@ class Update extends IntegerUpdate ->setHttpPath('/v1/tablesdb/:databaseId/tables/:tableId/columns/integer/:key') ->desc('Update integer column') ->groups(['api', 'database', 'schema']) - ->label('scope', ['tables.write', 'collections.write']) + ->label('scope', ['tables.write', 'collections.write', 'columns.write', 'attributes.write']) ->label('resourceType', RESOURCE_TYPE_DATABASES) ->label('event', 'databases.[databaseId].tables.[tableId].columns.[columnId].update') ->label('audits.event', 'column.update') diff --git a/src/Appwrite/Platform/Modules/Databases/Http/TablesDB/Tables/Columns/Line/Create.php b/src/Appwrite/Platform/Modules/Databases/Http/TablesDB/Tables/Columns/Line/Create.php index fb2c4fd1a8..c2f480d5d0 100644 --- a/src/Appwrite/Platform/Modules/Databases/Http/TablesDB/Tables/Columns/Line/Create.php +++ b/src/Appwrite/Platform/Modules/Databases/Http/TablesDB/Tables/Columns/Line/Create.php @@ -35,7 +35,7 @@ class Create extends LineCreate ->desc('Create line column') ->groups(['api', 'database', 'schema']) ->label('event', 'databases.[databaseId].tables.[tableId].columns.[columnId].create') - ->label('scope', ['tables.write', 'collections.write']) + ->label('scope', ['tables.write', 'collections.write', 'columns.write', 'attributes.write']) ->label('resourceType', RESOURCE_TYPE_DATABASES) ->label('audits.event', 'column.create') ->label('audits.resource', 'database/{request.databaseId}/table/{request.tableId}') diff --git a/src/Appwrite/Platform/Modules/Databases/Http/TablesDB/Tables/Columns/Line/Update.php b/src/Appwrite/Platform/Modules/Databases/Http/TablesDB/Tables/Columns/Line/Update.php index 564b743a2a..e2e8c59121 100644 --- a/src/Appwrite/Platform/Modules/Databases/Http/TablesDB/Tables/Columns/Line/Update.php +++ b/src/Appwrite/Platform/Modules/Databases/Http/TablesDB/Tables/Columns/Line/Update.php @@ -35,7 +35,7 @@ class Update extends LineUpdate ->setHttpPath('/v1/tablesdb/:databaseId/tables/:tableId/columns/line/:key') ->desc('Update line column') ->groups(['api', 'database', 'schema']) - ->label('scope', ['tables.write', 'collections.write']) + ->label('scope', ['tables.write', 'collections.write', 'columns.write', 'attributes.write']) ->label('resourceType', RESOURCE_TYPE_DATABASES) ->label('event', 'databases.[databaseId].tables.[tableId].columns.[columnId].update') ->label('audits.event', 'column.update') diff --git a/src/Appwrite/Platform/Modules/Databases/Http/TablesDB/Tables/Columns/Longtext/Create.php b/src/Appwrite/Platform/Modules/Databases/Http/TablesDB/Tables/Columns/Longtext/Create.php index da9471f37c..8e2dbd911d 100644 --- a/src/Appwrite/Platform/Modules/Databases/Http/TablesDB/Tables/Columns/Longtext/Create.php +++ b/src/Appwrite/Platform/Modules/Databases/Http/TablesDB/Tables/Columns/Longtext/Create.php @@ -33,7 +33,7 @@ class Create extends LongtextCreate ->setHttpPath('/v1/tablesdb/:databaseId/tables/:tableId/columns/longtext') ->desc('Create longtext column') ->groups(['api', 'database', 'schema']) - ->label('scope', ['tables.write', 'collections.write']) + ->label('scope', ['tables.write', 'collections.write', 'columns.write', 'attributes.write']) ->label('resourceType', RESOURCE_TYPE_DATABASES) ->label('event', 'databases.[databaseId].tables.[tableId].columns.[columnId].create') ->label('audits.event', 'column.create') diff --git a/src/Appwrite/Platform/Modules/Databases/Http/TablesDB/Tables/Columns/Longtext/Update.php b/src/Appwrite/Platform/Modules/Databases/Http/TablesDB/Tables/Columns/Longtext/Update.php index fe93530cfb..9b90b745a2 100644 --- a/src/Appwrite/Platform/Modules/Databases/Http/TablesDB/Tables/Columns/Longtext/Update.php +++ b/src/Appwrite/Platform/Modules/Databases/Http/TablesDB/Tables/Columns/Longtext/Update.php @@ -34,7 +34,7 @@ class Update extends LongtextUpdate ->setHttpPath('/v1/tablesdb/:databaseId/tables/:tableId/columns/longtext/:key') ->desc('Update longtext column') ->groups(['api', 'database', 'schema']) - ->label('scope', ['tables.write', 'collections.write']) + ->label('scope', ['tables.write', 'collections.write', 'columns.write', 'attributes.write']) ->label('resourceType', RESOURCE_TYPE_DATABASES) ->label('event', 'databases.[databaseId].tables.[tableId].columns.[columnId].update') ->label('audits.event', 'column.update') diff --git a/src/Appwrite/Platform/Modules/Databases/Http/TablesDB/Tables/Columns/Mediumtext/Create.php b/src/Appwrite/Platform/Modules/Databases/Http/TablesDB/Tables/Columns/Mediumtext/Create.php index 585856cab9..f0b8099f02 100644 --- a/src/Appwrite/Platform/Modules/Databases/Http/TablesDB/Tables/Columns/Mediumtext/Create.php +++ b/src/Appwrite/Platform/Modules/Databases/Http/TablesDB/Tables/Columns/Mediumtext/Create.php @@ -33,7 +33,7 @@ class Create extends MediumtextCreate ->setHttpPath('/v1/tablesdb/:databaseId/tables/:tableId/columns/mediumtext') ->desc('Create mediumtext column') ->groups(['api', 'database', 'schema']) - ->label('scope', ['tables.write', 'collections.write']) + ->label('scope', ['tables.write', 'collections.write', 'columns.write', 'attributes.write']) ->label('resourceType', RESOURCE_TYPE_DATABASES) ->label('event', 'databases.[databaseId].tables.[tableId].columns.[columnId].create') ->label('audits.event', 'column.create') diff --git a/src/Appwrite/Platform/Modules/Databases/Http/TablesDB/Tables/Columns/Mediumtext/Update.php b/src/Appwrite/Platform/Modules/Databases/Http/TablesDB/Tables/Columns/Mediumtext/Update.php index 733159d1d4..03009da25c 100644 --- a/src/Appwrite/Platform/Modules/Databases/Http/TablesDB/Tables/Columns/Mediumtext/Update.php +++ b/src/Appwrite/Platform/Modules/Databases/Http/TablesDB/Tables/Columns/Mediumtext/Update.php @@ -34,7 +34,7 @@ class Update extends MediumtextUpdate ->setHttpPath('/v1/tablesdb/:databaseId/tables/:tableId/columns/mediumtext/:key') ->desc('Update mediumtext column') ->groups(['api', 'database', 'schema']) - ->label('scope', ['tables.write', 'collections.write']) + ->label('scope', ['tables.write', 'collections.write', 'columns.write', 'attributes.write']) ->label('resourceType', RESOURCE_TYPE_DATABASES) ->label('event', 'databases.[databaseId].tables.[tableId].columns.[columnId].update') ->label('audits.event', 'column.update') diff --git a/src/Appwrite/Platform/Modules/Databases/Http/TablesDB/Tables/Columns/Point/Create.php b/src/Appwrite/Platform/Modules/Databases/Http/TablesDB/Tables/Columns/Point/Create.php index 9736e33158..138ee482c3 100644 --- a/src/Appwrite/Platform/Modules/Databases/Http/TablesDB/Tables/Columns/Point/Create.php +++ b/src/Appwrite/Platform/Modules/Databases/Http/TablesDB/Tables/Columns/Point/Create.php @@ -35,7 +35,7 @@ class Create extends PointCreate ->desc('Create point column') ->groups(['api', 'database', 'schema']) ->label('event', 'databases.[databaseId].tables.[tableId].columns.[columnId].create') - ->label('scope', ['tables.write', 'collections.write']) + ->label('scope', ['tables.write', 'collections.write', 'columns.write', 'attributes.write']) ->label('resourceType', RESOURCE_TYPE_DATABASES) ->label('audits.event', 'column.create') ->label('audits.resource', 'database/{request.databaseId}/table/{request.tableId}') diff --git a/src/Appwrite/Platform/Modules/Databases/Http/TablesDB/Tables/Columns/Point/Update.php b/src/Appwrite/Platform/Modules/Databases/Http/TablesDB/Tables/Columns/Point/Update.php index f104b170bd..66fb451a1f 100644 --- a/src/Appwrite/Platform/Modules/Databases/Http/TablesDB/Tables/Columns/Point/Update.php +++ b/src/Appwrite/Platform/Modules/Databases/Http/TablesDB/Tables/Columns/Point/Update.php @@ -35,7 +35,7 @@ class Update extends PointUpdate ->setHttpPath('/v1/tablesdb/:databaseId/tables/:tableId/columns/point/:key') ->desc('Update point column') ->groups(['api', 'database', 'schema']) - ->label('scope', ['tables.write', 'collections.write']) + ->label('scope', ['tables.write', 'collections.write', 'columns.write', 'attributes.write']) ->label('resourceType', RESOURCE_TYPE_DATABASES) ->label('event', 'databases.[databaseId].tables.[tableId].columns.[columnId].update') ->label('audits.event', 'column.update') diff --git a/src/Appwrite/Platform/Modules/Databases/Http/TablesDB/Tables/Columns/Polygon/Create.php b/src/Appwrite/Platform/Modules/Databases/Http/TablesDB/Tables/Columns/Polygon/Create.php index 177399396c..a03a34f310 100644 --- a/src/Appwrite/Platform/Modules/Databases/Http/TablesDB/Tables/Columns/Polygon/Create.php +++ b/src/Appwrite/Platform/Modules/Databases/Http/TablesDB/Tables/Columns/Polygon/Create.php @@ -35,7 +35,7 @@ class Create extends PolygonCreate ->desc('Create polygon column') ->groups(['api', 'database', 'schema']) ->label('event', 'databases.[databaseId].tables.[tableId].columns.[columnId].create') - ->label('scope', ['tables.write', 'collections.write']) + ->label('scope', ['tables.write', 'collections.write', 'columns.write', 'attributes.write']) ->label('resourceType', RESOURCE_TYPE_DATABASES) ->label('audits.event', 'column.create') ->label('audits.resource', 'database/{request.databaseId}/table/{request.tableId}') diff --git a/src/Appwrite/Platform/Modules/Databases/Http/TablesDB/Tables/Columns/Polygon/Update.php b/src/Appwrite/Platform/Modules/Databases/Http/TablesDB/Tables/Columns/Polygon/Update.php index e66e19a7b9..7a2fd8a5de 100644 --- a/src/Appwrite/Platform/Modules/Databases/Http/TablesDB/Tables/Columns/Polygon/Update.php +++ b/src/Appwrite/Platform/Modules/Databases/Http/TablesDB/Tables/Columns/Polygon/Update.php @@ -35,7 +35,7 @@ class Update extends PolygonUpdate ->setHttpPath('/v1/tablesdb/:databaseId/tables/:tableId/columns/polygon/:key') ->desc('Update polygon column') ->groups(['api', 'database', 'schema']) - ->label('scope', ['tables.write', 'collections.write']) + ->label('scope', ['tables.write', 'collections.write', 'columns.write', 'attributes.write']) ->label('resourceType', RESOURCE_TYPE_DATABASES) ->label('event', 'databases.[databaseId].tables.[tableId].columns.[columnId].update') ->label('audits.event', 'column.update') diff --git a/src/Appwrite/Platform/Modules/Databases/Http/TablesDB/Tables/Columns/Relationship/Create.php b/src/Appwrite/Platform/Modules/Databases/Http/TablesDB/Tables/Columns/Relationship/Create.php index 84ee3e6863..87544926fe 100644 --- a/src/Appwrite/Platform/Modules/Databases/Http/TablesDB/Tables/Columns/Relationship/Create.php +++ b/src/Appwrite/Platform/Modules/Databases/Http/TablesDB/Tables/Columns/Relationship/Create.php @@ -34,7 +34,7 @@ class Create extends RelationshipCreate ->setHttpPath('/v1/tablesdb/:databaseId/tables/:tableId/columns/relationship') ->desc('Create relationship column') ->groups(['api', 'database']) - ->label('scope', ['tables.write', 'collections.write']) + ->label('scope', ['tables.write', 'collections.write', 'columns.write', 'attributes.write']) ->label('resourceType', RESOURCE_TYPE_DATABASES) ->label('event', 'databases.[databaseId].tables.[tableId].columns.[columnId].create') ->label('audits.event', 'column.create') diff --git a/src/Appwrite/Platform/Modules/Databases/Http/TablesDB/Tables/Columns/Relationship/Update.php b/src/Appwrite/Platform/Modules/Databases/Http/TablesDB/Tables/Columns/Relationship/Update.php index da5c8ca477..47884eda80 100644 --- a/src/Appwrite/Platform/Modules/Databases/Http/TablesDB/Tables/Columns/Relationship/Update.php +++ b/src/Appwrite/Platform/Modules/Databases/Http/TablesDB/Tables/Columns/Relationship/Update.php @@ -34,7 +34,7 @@ class Update extends RelationshipUpdate ->setHttpPath('/v1/tablesdb/:databaseId/tables/:tableId/columns/:key/relationship') ->desc('Update relationship column') ->groups(['api', 'database', 'schema']) - ->label('scope', ['tables.write', 'collections.write']) + ->label('scope', ['tables.write', 'collections.write', 'columns.write', 'attributes.write']) ->label('resourceType', RESOURCE_TYPE_DATABASES) ->label('event', 'databases.[databaseId].tables.[tableId].columns.[columnId].update') ->label('audits.event', 'column.update') diff --git a/src/Appwrite/Platform/Modules/Databases/Http/TablesDB/Tables/Columns/String/Create.php b/src/Appwrite/Platform/Modules/Databases/Http/TablesDB/Tables/Columns/String/Create.php index 122c8625f9..17f60f61c1 100644 --- a/src/Appwrite/Platform/Modules/Databases/Http/TablesDB/Tables/Columns/String/Create.php +++ b/src/Appwrite/Platform/Modules/Databases/Http/TablesDB/Tables/Columns/String/Create.php @@ -37,7 +37,7 @@ class Create extends StringCreate ->setHttpPath('/v1/tablesdb/:databaseId/tables/:tableId/columns/string') ->desc('Create string column') ->groups(['api', 'database', 'schema']) - ->label('scope', ['tables.write', 'collections.write']) + ->label('scope', ['tables.write', 'collections.write', 'columns.write', 'attributes.write']) ->label('resourceType', RESOURCE_TYPE_DATABASES) ->label('event', 'databases.[databaseId].tables.[tableId].columns.[columnId].create') ->label('audits.event', 'column.create') diff --git a/src/Appwrite/Platform/Modules/Databases/Http/TablesDB/Tables/Columns/String/Update.php b/src/Appwrite/Platform/Modules/Databases/Http/TablesDB/Tables/Columns/String/Update.php index 0974a44d5d..2ec806d4fe 100644 --- a/src/Appwrite/Platform/Modules/Databases/Http/TablesDB/Tables/Columns/String/Update.php +++ b/src/Appwrite/Platform/Modules/Databases/Http/TablesDB/Tables/Columns/String/Update.php @@ -37,7 +37,7 @@ class Update extends StringUpdate ->setHttpPath('/v1/tablesdb/:databaseId/tables/:tableId/columns/string/:key') ->desc('Update string column') ->groups(['api', 'database', 'schema']) - ->label('scope', ['tables.write', 'collections.write']) + ->label('scope', ['tables.write', 'collections.write', 'columns.write', 'attributes.write']) ->label('resourceType', RESOURCE_TYPE_DATABASES) ->label('event', 'databases.[databaseId].tables.[tableId].columns.[columnId].update') ->label('audits.event', 'column.update') diff --git a/src/Appwrite/Platform/Modules/Databases/Http/TablesDB/Tables/Columns/Text/Create.php b/src/Appwrite/Platform/Modules/Databases/Http/TablesDB/Tables/Columns/Text/Create.php index 2c68431d8c..a8fde7d271 100644 --- a/src/Appwrite/Platform/Modules/Databases/Http/TablesDB/Tables/Columns/Text/Create.php +++ b/src/Appwrite/Platform/Modules/Databases/Http/TablesDB/Tables/Columns/Text/Create.php @@ -33,7 +33,7 @@ class Create extends TextCreate ->setHttpPath('/v1/tablesdb/:databaseId/tables/:tableId/columns/text') ->desc('Create text column') ->groups(['api', 'database', 'schema']) - ->label('scope', ['tables.write', 'collections.write']) + ->label('scope', ['tables.write', 'collections.write', 'columns.write', 'attributes.write']) ->label('resourceType', RESOURCE_TYPE_DATABASES) ->label('event', 'databases.[databaseId].tables.[tableId].columns.[columnId].create') ->label('audits.event', 'column.create') diff --git a/src/Appwrite/Platform/Modules/Databases/Http/TablesDB/Tables/Columns/Text/Update.php b/src/Appwrite/Platform/Modules/Databases/Http/TablesDB/Tables/Columns/Text/Update.php index 599c93988d..4c1477fb9e 100644 --- a/src/Appwrite/Platform/Modules/Databases/Http/TablesDB/Tables/Columns/Text/Update.php +++ b/src/Appwrite/Platform/Modules/Databases/Http/TablesDB/Tables/Columns/Text/Update.php @@ -34,7 +34,7 @@ class Update extends TextUpdate ->setHttpPath('/v1/tablesdb/:databaseId/tables/:tableId/columns/text/:key') ->desc('Update text column') ->groups(['api', 'database', 'schema']) - ->label('scope', ['tables.write', 'collections.write']) + ->label('scope', ['tables.write', 'collections.write', 'columns.write', 'attributes.write']) ->label('resourceType', RESOURCE_TYPE_DATABASES) ->label('event', 'databases.[databaseId].tables.[tableId].columns.[columnId].update') ->label('audits.event', 'column.update') diff --git a/src/Appwrite/Platform/Modules/Databases/Http/TablesDB/Tables/Columns/URL/Create.php b/src/Appwrite/Platform/Modules/Databases/Http/TablesDB/Tables/Columns/URL/Create.php index 0b386c23f6..19b33594b7 100644 --- a/src/Appwrite/Platform/Modules/Databases/Http/TablesDB/Tables/Columns/URL/Create.php +++ b/src/Appwrite/Platform/Modules/Databases/Http/TablesDB/Tables/Columns/URL/Create.php @@ -34,7 +34,7 @@ class Create extends URLCreate ->setHttpPath('/v1/tablesdb/:databaseId/tables/:tableId/columns/url') ->desc('Create URL column') ->groups(['api', 'database', 'schema']) - ->label('scope', ['tables.write', 'collections.write']) + ->label('scope', ['tables.write', 'collections.write', 'columns.write', 'attributes.write']) ->label('resourceType', RESOURCE_TYPE_DATABASES) ->label('event', 'databases.[databaseId].tables.[tableId].columns.[columnId].create') ->label('audits.event', 'column.create') diff --git a/src/Appwrite/Platform/Modules/Databases/Http/TablesDB/Tables/Columns/URL/Update.php b/src/Appwrite/Platform/Modules/Databases/Http/TablesDB/Tables/Columns/URL/Update.php index df6117ea77..d680389d9e 100644 --- a/src/Appwrite/Platform/Modules/Databases/Http/TablesDB/Tables/Columns/URL/Update.php +++ b/src/Appwrite/Platform/Modules/Databases/Http/TablesDB/Tables/Columns/URL/Update.php @@ -35,7 +35,7 @@ class Update extends URLUpdate ->setHttpPath('/v1/tablesdb/:databaseId/tables/:tableId/columns/url/:key') ->desc('Update URL column') ->groups(['api', 'database', 'schema']) - ->label('scope', ['tables.write', 'collections.write']) + ->label('scope', ['tables.write', 'collections.write', 'columns.write', 'attributes.write']) ->label('resourceType', RESOURCE_TYPE_DATABASES) ->label('event', 'databases.[databaseId].tables.[tableId].columns.[columnId].update') ->label('audits.event', 'column.update') diff --git a/src/Appwrite/Platform/Modules/Databases/Http/TablesDB/Tables/Columns/Varchar/Create.php b/src/Appwrite/Platform/Modules/Databases/Http/TablesDB/Tables/Columns/Varchar/Create.php index 0ee04f5f63..7595f16c45 100644 --- a/src/Appwrite/Platform/Modules/Databases/Http/TablesDB/Tables/Columns/Varchar/Create.php +++ b/src/Appwrite/Platform/Modules/Databases/Http/TablesDB/Tables/Columns/Varchar/Create.php @@ -35,7 +35,7 @@ class Create extends VarcharCreate ->setHttpPath('/v1/tablesdb/:databaseId/tables/:tableId/columns/varchar') ->desc('Create varchar column') ->groups(['api', 'database', 'schema']) - ->label('scope', ['tables.write', 'collections.write']) + ->label('scope', ['tables.write', 'collections.write', 'columns.write', 'attributes.write']) ->label('resourceType', RESOURCE_TYPE_DATABASES) ->label('event', 'databases.[databaseId].tables.[tableId].columns.[columnId].create') ->label('audits.event', 'column.create') diff --git a/src/Appwrite/Platform/Modules/Databases/Http/TablesDB/Tables/Columns/Varchar/Update.php b/src/Appwrite/Platform/Modules/Databases/Http/TablesDB/Tables/Columns/Varchar/Update.php index 2b8eb9fbd7..dd170a0a19 100644 --- a/src/Appwrite/Platform/Modules/Databases/Http/TablesDB/Tables/Columns/Varchar/Update.php +++ b/src/Appwrite/Platform/Modules/Databases/Http/TablesDB/Tables/Columns/Varchar/Update.php @@ -36,7 +36,7 @@ class Update extends VarcharUpdate ->setHttpPath('/v1/tablesdb/:databaseId/tables/:tableId/columns/varchar/:key') ->desc('Update varchar column') ->groups(['api', 'database', 'schema']) - ->label('scope', ['tables.write', 'collections.write']) + ->label('scope', ['tables.write', 'collections.write', 'columns.write', 'attributes.write']) ->label('resourceType', RESOURCE_TYPE_DATABASES) ->label('event', 'databases.[databaseId].tables.[tableId].columns.[columnId].update') ->label('audits.event', 'column.update') diff --git a/src/Appwrite/Platform/Modules/Databases/Http/TablesDB/Tables/Columns/XList.php b/src/Appwrite/Platform/Modules/Databases/Http/TablesDB/Tables/Columns/XList.php index b38edf6218..56c436a13e 100644 --- a/src/Appwrite/Platform/Modules/Databases/Http/TablesDB/Tables/Columns/XList.php +++ b/src/Appwrite/Platform/Modules/Databases/Http/TablesDB/Tables/Columns/XList.php @@ -33,7 +33,7 @@ class XList extends AttributesXList ->setHttpPath('/v1/tablesdb/:databaseId/tables/:tableId/columns') ->desc('List columns') ->groups(['api', 'database']) - ->label('scope', ['tables.read', 'collections.read']) + ->label('scope', ['tables.read', 'collections.read', 'columns.read', 'attributes.read']) ->label('resourceType', RESOURCE_TYPE_DATABASES) ->label('sdk', new Method( namespace: $this->getSDKNamespace(), From e1b8f5bf98bf30319714b9374723e1e3901076a4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Matej=20Ba=C4=8Do?= Date: Wed, 29 Apr 2026 14:04:54 +0200 Subject: [PATCH 6/8] review improvements --- app/config/scopes/project.php | 2 +- .../Modules/Project/Http/Project/Keys/Ephemeral/Create.php | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/app/config/scopes/project.php b/app/config/scopes/project.php index c9c8786f38..934a08b9ac 100644 --- a/app/config/scopes/project.php +++ b/app/config/scopes/project.php @@ -167,7 +167,7 @@ return [ 'deprecated' => true, ], 'documents.write' => [ - 'description' => 'Access to create, update, and delete database collection\ documents', + 'description' => 'Access to create, update, and delete database collection documents', 'category' => 'Databases', 'deprecated' => true, ], diff --git a/src/Appwrite/Platform/Modules/Project/Http/Project/Keys/Ephemeral/Create.php b/src/Appwrite/Platform/Modules/Project/Http/Project/Keys/Ephemeral/Create.php index 1d4b625343..7fdefca218 100644 --- a/src/Appwrite/Platform/Modules/Project/Http/Project/Keys/Ephemeral/Create.php +++ b/src/Appwrite/Platform/Modules/Project/Http/Project/Keys/Ephemeral/Create.php @@ -59,7 +59,7 @@ class Create extends Base ], )) ->param('scopes', [], new ArrayList(new WhiteList(array_keys(Config::getParam('projectScopes')), true), APP_LIMIT_ARRAY_PARAMS_SIZE), 'Key scopes list. Maximum of ' . APP_LIMIT_ARRAY_PARAMS_SIZE . ' scopes are allowed.', optional: false) - ->param('duration', null, new Range(1, 3600), 'Time in seconds before ephemeral key expires. Default duration is 900 seconds, and maximum is 3600 seconds.', optional: false) + ->param('duration', null, new Range(1, 3600), 'Time in seconds before ephemeral key expires. Maximum duration is 3600 seconds.', optional: false) ->inject('response') ->inject('queueForEvents') ->inject('project') From 32ebfc6cb8838743d718387d496a66071b3ec20e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Matej=20Ba=C4=8Do?= Date: Wed, 29 Apr 2026 14:14:49 +0200 Subject: [PATCH 7/8] Fix backwards compatibility --- app/config/scopes/project.php | 27 ++++++++++++++++++++++++++- 1 file changed, 26 insertions(+), 1 deletion(-) diff --git a/app/config/scopes/project.php b/app/config/scopes/project.php index 934a08b9ac..63b946f74f 100644 --- a/app/config/scopes/project.php +++ b/app/config/scopes/project.php @@ -311,5 +311,30 @@ return [ 'description' => 'Access to create, update, and delete migrations.', 'category' => 'Other', ], - // TODO: Figure out schedules.read, schedules.write. Remove, likely + + // TODO: Figure out where to move those + 'schedules.read' => [ + 'description' => 'Access to read schedules.', + 'category' => 'Other', + ], + 'schedules.write' => [ + 'description' => 'Access to create, update, and delete schedules.', + 'category' => 'Other', + ], + 'vcs.read' => [ + 'description' => 'Access to read resources under VCS service.', + 'category' => 'Other', + ], + 'vcs.write' => [ + 'description' => 'Access to create, update, and delete resources under VCS service.', + 'category' => 'Other', + ], + 'rules.read' => [ + 'description' => 'Access to read proxy rules.', + 'category' => 'Other', + ], + 'rules.write' => [ + 'description' => 'Access to create, update, and delete proxy rules.', + 'category' => 'Other', + ], ]; From 36486ccc934e914b01c457ece547d1733444dbf6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Matej=20Ba=C4=8Do?= Date: Wed, 29 Apr 2026 14:41:19 +0200 Subject: [PATCH 8/8] Fix tests --- .../Services/Console/ConsoleConsoleClientTest.php | 6 ++++-- .../Services/Console/ConsoleCustomServerTest.php | 15 ++++++++++++++- 2 files changed, 18 insertions(+), 3 deletions(-) diff --git a/tests/e2e/Services/Console/ConsoleConsoleClientTest.php b/tests/e2e/Services/Console/ConsoleConsoleClientTest.php index e4566837e9..8235ebb7bc 100644 --- a/tests/e2e/Services/Console/ConsoleConsoleClientTest.php +++ b/tests/e2e/Services/Console/ConsoleConsoleClientTest.php @@ -131,7 +131,7 @@ class ConsoleConsoleClientTest extends Scope public function testListKeyScopes(): void { - $response = $this->client->call(Client::METHOD_GET, '/console/scopes/key', array_merge([ + $response = $this->client->call(Client::METHOD_GET, '/console/scopes/project', array_merge([ 'content-type' => 'application/json', 'x-appwrite-project' => $this->getProject()['$id'], ], $this->getHeaders())); @@ -158,6 +158,8 @@ class ConsoleConsoleClientTest extends Scope $this->assertArrayHasKey('description', $scope); $this->assertIsString($scope['description']); $this->assertNotEmpty($scope['description']); + $this->assertArrayHasKey('deprecated', $scope); + $this->assertIsBool($scope['deprecated']); } // A specific scope has the expected description @@ -169,6 +171,6 @@ class ConsoleConsoleClientTest extends Scope } } $this->assertNotNull($usersRead); - $this->assertEquals('Access to read your project\'s users', $usersRead['description']); + $this->assertEquals('Access to read users', $usersRead['description']); } } diff --git a/tests/e2e/Services/Console/ConsoleCustomServerTest.php b/tests/e2e/Services/Console/ConsoleCustomServerTest.php index 0c914fade7..f06011843f 100644 --- a/tests/e2e/Services/Console/ConsoleCustomServerTest.php +++ b/tests/e2e/Services/Console/ConsoleCustomServerTest.php @@ -48,7 +48,7 @@ class ConsoleCustomServerTest extends Scope { // Public endpoint: must succeed without admin authentication. Drop the // headers from getHeaders() and only pass project + content-type. - $response = $this->client->call(Client::METHOD_GET, '/console/scopes/key', [ + $response = $this->client->call(Client::METHOD_GET, '/console/scopes/project', [ 'content-type' => 'application/json', 'x-appwrite-project' => $this->getProject()['$id'], ]); @@ -60,5 +60,18 @@ class ConsoleCustomServerTest extends Scope $scopeIds = \array_column($response['body']['scopes'], '$id'); $this->assertContains('users.read', $scopeIds); + + $usersRead = null; + foreach ($response['body']['scopes'] as $scope) { + if ($scope['$id'] === 'users.read') { + $usersRead = $scope; + break; + } + } + $this->assertNotNull($usersRead); + $this->assertIsString($usersRead['description']); + $this->assertNotEmpty($usersRead['description']); + $this->assertArrayHasKey('deprecated', $usersRead); + $this->assertIsBool($usersRead['deprecated']); } }