From 5da1f791a5a2d7ff8c02a09e20e644de48aa1aa6 Mon Sep 17 00:00:00 2001 From: shimon Date: Thu, 27 Nov 2025 18:17:04 +0200 Subject: [PATCH] sync with 1.8.x --- app/controllers/api/account.php | 20 ++-- app/controllers/api/graphql.php | 2 +- app/controllers/api/migrations.php | 22 +++-- app/controllers/api/storage.php | 2 +- app/controllers/api/teams.php | 22 ++--- app/controllers/shared/api.php | 4 +- app/init/resources.php | 2 +- app/realtime.php | 6 +- composer.lock | 92 +++++++++++++++---- src/Appwrite/Auth/Auth.php | 0 .../Collections/Documents/Update.php | 4 +- .../Collections/Documents/Upsert.php | 4 +- .../Databases/Collections/Documents/XList.php | 4 +- .../Http/Databases/Transactions/Update.php | 6 +- .../Functions/Http/Executions/XList.php | 4 +- .../Http/Tokens/Buckets/Files/Action.php | 4 +- .../Utopia/Database/Documents/User.php | 5 +- tests/unit/Auth/AuthTest.php | 0 18 files changed, 132 insertions(+), 71 deletions(-) delete mode 100644 src/Appwrite/Auth/Auth.php delete mode 100644 tests/unit/Auth/AuthTest.php diff --git a/app/controllers/api/account.php b/app/controllers/api/account.php index a84fe5b92f..568559d549 100644 --- a/app/controllers/api/account.php +++ b/app/controllers/api/account.php @@ -197,7 +197,7 @@ function sendSessionAlert(Locale $locale, Document $user, Document $project, Doc $createSession = function (string $userId, string $secret, Request $request, Response $response, User $user, Database $dbForProject, Document $project, Locale $locale, Reader $geodb, Event $queueForEvents, Mail $queueForMails, Store $store, ProofsToken $proofForToken, ProofsCode $proofForCode, Authorization $authorization) { /** @var Appwrite\Utopia\Database\Documents\User $userFromRequest */ - $userFromRequest = Authorization::skip(fn () => $dbForProject->getDocument('users', $userId)); + $userFromRequest = $authorization->skip(fn () => $dbForProject->getDocument('users', $userId)); if ($userFromRequest->isEmpty()) { throw new Exception(Exception::USER_INVALID_TOKEN); @@ -1256,7 +1256,7 @@ App::post('/v1/account/sessions/token') ->inject('store') ->inject('proofForToken') ->inject('proofForCode') - ->inject('authorization') +->inject('authorization') ->action($createSession); App::get('/v1/account/sessions/oauth2/:provider') @@ -2708,7 +2708,7 @@ App::post('/v1/account/tokens/phone') ->inject('store') ->inject('proofForCode') ->inject('authorization') - ->action(function (string $userId, string $phone, Request $request, Response $response, User $user, Document $project, Database $dbForProject, Event $queueForEvents, Messaging $queueForMessaging, Locale $locale, callable $timelimit, StatsUsage $queueForStatsUsage, array $plan, Store $store, ProofsCode $proofForCode, Authorization $authorization) { + ->action(function (string $userId, string $phone, Request $request, Response $response, User $user, Document $project, Database $dbForProject, Event $queueForEvents, Messaging $queueForMessaging, Locale $locale, callable $timelimit, StatsUsage $queueForStatsUsage, array $plan, Store $store, ProofsCode $proofForCode, Authorization $authorization) { if (empty(System::getEnv('_APP_SMS_PROVIDER'))) { throw new Exception(Exception::GENERAL_PHONE_DISABLED, 'Phone provider not configured'); } @@ -3194,7 +3194,7 @@ App::patch('/v1/account/email') ->inject('project') ->inject('hooks') ->inject('proofForPassword') - ->inject('authorization') + ->inject('authorization') ->action(function (string $email, string $password, ?\DateTime $requestTimestamp, Response $response, User $user, Database $dbForProject, Event $queueForEvents, Document $project, Hooks $hooks, ProofsPassword $proofForPassword, Authorization $authorization) { // passwordUpdate will be empty if the user has never set a password $passwordUpdate = $user->getAttribute('passwordUpdate'); @@ -3304,8 +3304,8 @@ App::patch('/v1/account/phone') ->inject('queueForEvents') ->inject('project') ->inject('hooks') - ->inject('proofForPassword') - ->inject('authorization') + ->inject('proofForPassword') +->inject('authorization') ->action(function (string $phone, string $password, Response $response, Document $user, Database $dbForProject, Event $queueForEvents, Document $project, Hooks $hooks, ProofsPassword $proofForPassword, Authorization $authorization) { // passwordUpdate will be empty if the user has never set a password $passwordUpdate = $user->getAttribute('passwordUpdate'); @@ -3668,7 +3668,7 @@ App::put('/v1/account/recovery') ->inject('hooks') ->inject('proofForPassword') ->inject('proofForToken') - ->inject('authorization') +->inject('authorization') ->action(function (string $userId, string $secret, string $password, Response $response, User $user, Database $dbForProject, Document $project, Event $queueForEvents, Hooks $hooks, ProofsPassword $proofForPassword, ProofsToken $proofForToken, Authorization $authorization) { /** @var Appwrite\Utopia\Database\Documents\User $profile */ $profile = $dbForProject->getDocument('users', $userId); @@ -4001,7 +4001,7 @@ App::put('/v1/account/verifications/email') ->inject('authorization') ->action(function (string $userId, string $secret, Response $response, User $user, Database $dbForProject, Event $queueForEvents, ProofsToken $proofForToken, Authorization $authorization) { /** @var Appwrite\Utopia\Database\Documents\User $profile */ - $profile = Authorization::skip(fn () => $dbForProject->getDocument('users', $userId)); + $profile = $authorization->skip(fn () => $dbForProject->getDocument('users', $userId)); if ($profile->isEmpty()) { throw new Exception(Exception::USER_NOT_FOUND); @@ -4073,7 +4073,7 @@ App::post('/v1/account/verifications/phone') ->inject('queueForStatsUsage') ->inject('plan') ->inject('proofForCode') - ->inject('authorization') + ->inject('authorization') ->action(function (Request $request, Response $response, User $user, Database $dbForProject, Event $queueForEvents, Messaging $queueForMessaging, Document $project, Locale $locale, callable $timelimit, StatsUsage $queueForStatsUsage, array $plan, ProofsCode $proofForCode, Authorization $authorization) { if (empty(System::getEnv('_APP_SMS_PROVIDER'))) { throw new Exception(Exception::GENERAL_PHONE_DISABLED, 'Phone provider not configured'); @@ -4222,7 +4222,7 @@ App::put('/v1/account/verifications/phone') ->inject('authorization') ->action(function (string $userId, string $secret, Response $response, User $user, Database $dbForProject, Event $queueForEvents, ProofsCode $proofForCode, Authorization $authorization) { /** @var Appwrite\Utopia\Database\Documents\User $profile */ - $profile = Authorization::skip(fn () => $dbForProject->getDocument('users', $userId)); + $profile = $authorization->skip(fn () => $dbForProject->getDocument('users', $userId)); if ($profile->isEmpty()) { throw new Exception(Exception::USER_NOT_FOUND); diff --git a/app/controllers/api/graphql.php b/app/controllers/api/graphql.php index fd61391c79..93e0a74ba8 100644 --- a/app/controllers/api/graphql.php +++ b/app/controllers/api/graphql.php @@ -33,7 +33,7 @@ App::init() if ( array_key_exists('graphql', $project->getAttribute('apis', [])) && !$project->getAttribute('apis', [])['graphql'] - && !(User::isPrivileged($authorization->getRoles()) || User::isApp(Authorization::getRoles())) + && !(User::isPrivileged($authorization->getRoles()) || User::isApp($authorization->getRoles())) ) { throw new AppwriteException(AppwriteException::GENERAL_API_DISABLED); } diff --git a/app/controllers/api/migrations.php b/app/controllers/api/migrations.php index f9d134db05..f9f0b8b219 100644 --- a/app/controllers/api/migrations.php +++ b/app/controllers/api/migrations.php @@ -1,6 +1,5 @@ inject('deviceForMigrations') ->inject('queueForEvents') ->inject('queueForMigrations') - ->action(function (string $bucketId, string $fileId, string $resourceId, bool $internalFile, Response $response, Database $dbForProject, Database $dbForPlatform, Authorization $authorization, Document $project, Device $deviceForFiles, Device $deviceForMigrations, Event $queueForEvents, Migration $queueForMigrations) { - $isAPIKey = Auth::isAppUser($authorization->getRoles()); - $isPrivilegedUser = Auth::isPrivilegedUser($authorization->getRoles()); - if ($internalFile && !$isPrivilegedUser) { - throw new Exception(Exception::USER_UNAUTHORIZED); - } + ->action(function ( + string $bucketId, + string $fileId, + string $resourceId, + bool $internalFile, + Response $response, + Database $dbForProject, + Database $dbForPlatform, + Authorization $authorization, + Document $project, + Device $deviceForFiles, + Device $deviceForMigrations, + Event $queueForEvents, + Migration $queueForMigrations + ) { $bucket = $authorization->skip(function () use ($internalFile, $dbForPlatform, $dbForProject, $bucketId) { if ($internalFile) { return $dbForPlatform->getDocument('buckets', 'default'); diff --git a/app/controllers/api/storage.php b/app/controllers/api/storage.php index 50e06a615c..1353906635 100644 --- a/app/controllers/api/storage.php +++ b/app/controllers/api/storage.php @@ -1176,7 +1176,7 @@ App::get('/v1/storage/buckets/:bucketId/files/:fileId/download') /* @type Document $bucket */ $bucket = $authorization->skip(fn () => $dbForProject->getDocument('buckets', $bucketId)); - $isAPIKey = User::isApp($authorization->getRoles()); + $isAPIKey = User::isApp($authorization->getRoles()); $isPrivilegedUser = User::isPrivileged($authorization->getRoles()); if ($bucket->isEmpty() || (!$bucket->getAttribute('enabled') && !$isAPIKey && !$isPrivilegedUser)) { diff --git a/app/controllers/api/teams.php b/app/controllers/api/teams.php index 78b98f3372..2d38400f64 100644 --- a/app/controllers/api/teams.php +++ b/app/controllers/api/teams.php @@ -91,8 +91,8 @@ App::post('/v1/teams') ->inject('queueForEvents') ->action(function (string $teamId, string $name, array $roles, Response $response, Document $user, Database $dbForProject, Authorization $authorization, Event $queueForEvents) { - $isPrivilegedUser = User::isPrivilegedUser($authorization->getRoles()); - $isAppUser = User::isAppUser($authorization->getRoles()); + $isPrivilegedUser = User::isPrivileged($authorization->getRoles()); + $isAppUser = User::isApp($authorization->getRoles()); $teamId = $teamId == 'unique()' ? ID::unique() : $teamId; @@ -504,8 +504,8 @@ App::post('/v1/teams/:teamId/memberships') ->inject('proofForPassword') ->inject('proofForToken') ->action(function (string $teamId, string $email, string $userId, string $phone, array $roles, string $url, string $name, Response $response, Document $project, Document $user, Database $dbForProject, Authorization $authorization, Locale $locale, Mail $queueForMails, Messaging $queueForMessaging, Event $queueForEvents, callable $timelimit, StatsUsage $queueForStatsUsage, array $plan, Password $proofForPassword, Token $proofForToken) { - $isAppUser = User::isApp(Authorization::getRoles()); - $isPrivilegedUser = User::isPrivileged(Authorization::getRoles()); + $isAppUser = User::isApp($authorization->getRoles()); + $isPrivilegedUser = User::isPrivileged($authorization->getRoles()); $url = htmlentities($url); if (empty($url)) { @@ -622,7 +622,7 @@ App::post('/v1/teams/:teamId/memberships') ]); try { - $invitee = Authorization::skip(fn () => $dbForProject->createDocument('users', $userDocument)); + $invitee = $authorization->skip(fn () => $dbForProject->createDocument('users', $userDocument)); } catch (Duplicate $th) { throw new Exception(Exception::USER_ALREADY_EXISTS); } @@ -938,8 +938,8 @@ App::get('/v1/teams/:teamId/memberships') ]; $roles = $authorization->getRoles(); - $isPrivilegedUser = User::isPrivilegedUser($roles); - $isAppUser = User::isAppUser($roles); + $isPrivilegedUser = User::isPrivileged($roles); + $isAppUser = User::isApp($roles); $membershipsPrivacy = array_map(function ($privacy) use ($isPrivilegedUser, $isAppUser) { return $privacy || $isPrivilegedUser || $isAppUser; @@ -1030,8 +1030,8 @@ App::get('/v1/teams/:teamId/memberships/:membershipId') ]; $roles = $authorization->getRoles(); - $isPrivilegedUser = User::isPrivilegedUser($roles); - $isAppUser = User::isAppUser($roles); + $isPrivilegedUser = User::isPrivileged($roles); + $isAppUser = User::isApp($roles); $membershipsPrivacy = array_map(function ($privacy) use ($isPrivilegedUser, $isAppUser) { return $privacy || $isPrivilegedUser || $isAppUser; @@ -1127,8 +1127,8 @@ App::patch('/v1/teams/:teamId/memberships/:membershipId') throw new Exception(Exception::USER_NOT_FOUND); } - $isPrivilegedUser = User::isPrivileged(Authorization::getRoles()); - $isAppUser = User::isApp(Authorization::getRoles()); + $isPrivilegedUser = User::isPrivileged($authorization->getRoles()); + $isAppUser = User::isApp($authorization->getRoles()); $isOwner = $authorization->hasRole('team:' . $team->getId() . '/owner'); if ($project->getId() === 'console') { diff --git a/app/controllers/shared/api.php b/app/controllers/shared/api.php index 4d88090b2d..97c5e29f3d 100644 --- a/app/controllers/shared/api.php +++ b/app/controllers/shared/api.php @@ -398,7 +398,7 @@ App::init() $scopes = \array_unique($scopes); $authorization->addRole($role); - foreach ($user->getRoles() as $authRole) { + foreach ($user->getRoles($authorization) as $authRole) { $authorization->addRole($authRole); } @@ -643,7 +643,7 @@ App::init() if ($useCache) { $route = $utopia->match($request); $isImageTransformation = $route->getPath() === '/v1/storage/buckets/:bucketId/files/:fileId/preview'; - $isDisabled = isset($plan['imageTransformations']) && $plan['imageTransformations'] === -1 && !User::isPrivileged(Authorization::getRoles()); + $isDisabled = isset($plan['imageTransformations']) && $plan['imageTransformations'] === -1 && !User::isPrivileged($authorization->getRoles()); $key = $request->cacheIdentifier(); $cacheLog = $authorization->skip(fn () => $dbForProject->getDocument('cache', $key)); diff --git a/app/init/resources.php b/app/init/resources.php index 8e230cbdb0..6114f318ad 100644 --- a/app/init/resources.php +++ b/app/init/resources.php @@ -320,7 +320,7 @@ App::setResource('user', function (string $mode, Document $project, Document $co } // if (APP_MODE_ADMIN === $mode) { // if ($user->find('teamInternalId', $project->getAttribute('teamInternalId'), 'memberships')) { - // Authorization::setDefaultStatus(false); // Cancel security segmentation for admin users. + // $authorization->setDefaultStatus(false); // Cancel security segmentation for admin users. // } else { // $user = new Document([]); // } diff --git a/app/realtime.php b/app/realtime.php index 7d85b61e40..e020546a02 100644 --- a/app/realtime.php +++ b/app/realtime.php @@ -450,7 +450,7 @@ $server->onWorkerStart(function (int $workerId) use ($server, $register, $stats, Console::error('Pub/sub failed (worker: ' . $workerId . ')'); } - $pubsub->subscribe(['realtime'], function (mixed $redis, string $channel, string $payload) use ($server, $workerId, $stats, $register, $realtime) { + $pubsub->subscribe(['realtime'], function (mixed $redis, string $channel, string $payload) use ($server, $workerId, $stats, $register, $realtime, $authorization) { $event = json_decode($payload, true); if ($event['permissionsChanged'] && isset($event['userId'])) { @@ -466,7 +466,7 @@ $server->onWorkerStart(function (int $workerId) use ($server, $register, $stats, /** @var Appwrite\Utopia\Database\Documents\User $user */ $user = $database->getDocument('users', $userId); - $roles = $user->getRoles(); + $roles = $user->getRoles($authorization); $channels = $realtime->connections[$connection]['channels']; $realtime->unsubscribe($connection); @@ -534,7 +534,7 @@ $server->onOpen(function (int $connection, SwooleRequest $request) use ($server, if ( array_key_exists('realtime', $project->getAttribute('apis', [])) && !$project->getAttribute('apis', [])['realtime'] - && !(User::isPrivileged($authorization->getRoles()) || User::isApp(Authorization::getRoles())) + && !(User::isPrivileged($authorization->getRoles()) || User::isApp($authorization->getRoles())) ) { throw new AppwriteException(AppwriteException::GENERAL_API_DISABLED); } diff --git a/composer.lock b/composer.lock index 045e53ea85..d283b0f347 100644 --- a/composer.lock +++ b/composer.lock @@ -4,7 +4,7 @@ "Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies", "This file is @generated automatically" ], - "content-hash": "26af4279acf6d841656ec711b52193cc", + "content-hash": "46333fff6a2fce6d593be22b32cdf282", "packages": [ { "name": "adhocore/jwt", @@ -891,16 +891,16 @@ }, { "name": "matomo/device-detector", - "version": "6.4.7", + "version": "6.4.8", "source": { "type": "git", "url": "https://github.com/matomo-org/device-detector.git", - "reference": "e53eed31bb1530851feebe52bd64c3451da19e77" + "reference": "56baf981af4f192e15a4f369d4975af847a81ccb" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/matomo-org/device-detector/zipball/e53eed31bb1530851feebe52bd64c3451da19e77", - "reference": "e53eed31bb1530851feebe52bd64c3451da19e77", + "url": "https://api.github.com/repos/matomo-org/device-detector/zipball/56baf981af4f192e15a4f369d4975af847a81ccb", + "reference": "56baf981af4f192e15a4f369d4975af847a81ccb", "shasum": "" }, "require": { @@ -957,7 +957,7 @@ "source": "https://github.com/matomo-org/matomo", "wiki": "https://dev.matomo.org/" }, - "time": "2025-08-20T17:20:16+00:00" + "time": "2025-11-26T16:02:47+00:00" }, { "name": "mongodb/mongodb", @@ -2673,16 +2673,16 @@ }, { "name": "symfony/http-client", - "version": "v7.3.6", + "version": "v7.4.0", "source": { "type": "git", "url": "https://github.com/symfony/http-client.git", - "reference": "3c0a55a2c8e21e30a37022801c11c7ab5a6cb2de" + "reference": "ee5e0e0139ab506f6063a230e631bed677c650a4" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/symfony/http-client/zipball/3c0a55a2c8e21e30a37022801c11c7ab5a6cb2de", - "reference": "3c0a55a2c8e21e30a37022801c11c7ab5a6cb2de", + "url": "https://api.github.com/repos/symfony/http-client/zipball/ee5e0e0139ab506f6063a230e631bed677c650a4", + "reference": "ee5e0e0139ab506f6063a230e631bed677c650a4", "shasum": "" }, "require": { @@ -2713,12 +2713,13 @@ "php-http/httplug": "^1.0|^2.0", "psr/http-client": "^1.0", "symfony/amphp-http-client-meta": "^1.0|^2.0", - "symfony/dependency-injection": "^6.4|^7.0", - "symfony/http-kernel": "^6.4|^7.0", - "symfony/messenger": "^6.4|^7.0", - "symfony/process": "^6.4|^7.0", - "symfony/rate-limiter": "^6.4|^7.0", - "symfony/stopwatch": "^6.4|^7.0" + "symfony/cache": "^6.4|^7.0|^8.0", + "symfony/dependency-injection": "^6.4|^7.0|^8.0", + "symfony/http-kernel": "^6.4|^7.0|^8.0", + "symfony/messenger": "^6.4|^7.0|^8.0", + "symfony/process": "^6.4|^7.0|^8.0", + "symfony/rate-limiter": "^6.4|^7.0|^8.0", + "symfony/stopwatch": "^6.4|^7.0|^8.0" }, "type": "library", "autoload": { @@ -2749,7 +2750,7 @@ "http" ], "support": { - "source": "https://github.com/symfony/http-client/tree/v7.3.6" + "source": "https://github.com/symfony/http-client/tree/v7.4.0" }, "funding": [ { @@ -2769,7 +2770,7 @@ "type": "tidelift" } ], - "time": "2025-11-05T17:41:46+00:00" + "time": "2025-11-20T12:32:50+00:00" }, { "name": "symfony/http-client-contracts", @@ -3596,6 +3597,61 @@ }, "time": "2025-11-04T11:27:42+00:00" }, + { + "name": "utopia-php/auth", + "version": "0.5.0", + "source": { + "type": "git", + "url": "https://github.com/utopia-php/auth.git", + "reference": "5ad0ded3a79f153ee904b97b49f8dfe4669e4fd0" + }, + "dist": { + "type": "zip", + "url": "https://api.github.com/repos/utopia-php/auth/zipball/5ad0ded3a79f153ee904b97b49f8dfe4669e4fd0", + "reference": "5ad0ded3a79f153ee904b97b49f8dfe4669e4fd0", + "shasum": "" + }, + "require": { + "ext-hash": "*", + "ext-scrypt": "*", + "ext-sodium": "*", + "php": ">=8.0" + }, + "require-dev": { + "laravel/pint": "1.2.*", + "phpstan/phpstan": "1.9.x-dev", + "phpunit/phpunit": "^9.3", + "vimeo/psalm": "4.0.1" + }, + "type": "library", + "autoload": { + "psr-4": { + "Utopia\\Auth\\": "src/Auth" + } + }, + "notification-url": "https://packagist.org/downloads/", + "license": [ + "MIT" + ], + "authors": [ + { + "name": "Utopia PHP", + "email": "team@appwrite.io" + } + ], + "description": "A simple PHP authentication library", + "keywords": [ + "Authentication", + "auth", + "php", + "security" + ], + "support": { + "issues": "https://github.com/utopia-php/auth/issues", + "source": "https://github.com/utopia-php/auth/tree/0.5.0" + }, + "time": "2025-10-29T07:11:43+00:00" + }, { "name": "utopia-php/cache", "version": "0.13.1", diff --git a/src/Appwrite/Auth/Auth.php b/src/Appwrite/Auth/Auth.php deleted file mode 100644 index e69de29bb2..0000000000 diff --git a/src/Appwrite/Platform/Modules/Databases/Http/Databases/Collections/Documents/Update.php b/src/Appwrite/Platform/Modules/Databases/Http/Databases/Collections/Documents/Update.php index 2f0e877cd1..a7ef71172d 100644 --- a/src/Appwrite/Platform/Modules/Databases/Http/Databases/Collections/Documents/Update.php +++ b/src/Appwrite/Platform/Modules/Databases/Http/Databases/Collections/Documents/Update.php @@ -101,8 +101,8 @@ class Update extends Action $database = $authorization->skip(fn () => $dbForProject->getDocument('databases', $databaseId)); - $isAPIKey = User::isAppUser($authorization->getRoles()); - $isPrivilegedUser = User::isPrivilegedUser($authorization->getRoles()); + $isAPIKey = User::isApp($authorization->getRoles()); + $isPrivilegedUser = User::isPrivileged($authorization->getRoles()); if ($database->isEmpty() || (!$database->getAttribute('enabled', false) && !$isAPIKey && !$isPrivilegedUser)) { throw new Exception(Exception::DATABASE_NOT_FOUND); diff --git a/src/Appwrite/Platform/Modules/Databases/Http/Databases/Collections/Documents/Upsert.php b/src/Appwrite/Platform/Modules/Databases/Http/Databases/Collections/Documents/Upsert.php index 88331e3478..7235ef5784 100644 --- a/src/Appwrite/Platform/Modules/Databases/Http/Databases/Collections/Documents/Upsert.php +++ b/src/Appwrite/Platform/Modules/Databases/Http/Databases/Collections/Documents/Upsert.php @@ -107,8 +107,8 @@ class Upsert extends Action throw new Exception($this->getMissingPayloadException()); } - $isAPIKey = User::isAppUser($authorization->getRoles()); - $isPrivilegedUser = User::isPrivilegedUser($authorization->getRoles()); + $isAPIKey = User::isApp($authorization->getRoles()); + $isPrivilegedUser = User::isPrivileged($authorization->getRoles()); $database = $authorization->skip(fn () => $dbForProject->getDocument('databases', $databaseId)); if ($database->isEmpty() || (!$database->getAttribute('enabled', false) && !$isAPIKey && !$isPrivilegedUser)) { diff --git a/src/Appwrite/Platform/Modules/Databases/Http/Databases/Collections/Documents/XList.php b/src/Appwrite/Platform/Modules/Databases/Http/Databases/Collections/Documents/XList.php index cb08ef31c4..a604bac485 100644 --- a/src/Appwrite/Platform/Modules/Databases/Http/Databases/Collections/Documents/XList.php +++ b/src/Appwrite/Platform/Modules/Databases/Http/Databases/Collections/Documents/XList.php @@ -80,8 +80,8 @@ class XList extends Action public function action(string $databaseId, string $collectionId, array $queries, ?string $transactionId, bool $includeTotal, UtopiaResponse $response, Database $dbForProject, StatsUsage $queueForStatsUsage, TransactionState $transactionState, Authorization $authorization): void { - $isAPIKey = User::isAppUser($authorization->getRoles()); - $isPrivilegedUser = User::isPrivilegedUser($authorization->getRoles()); + $isAPIKey = User::isApp($authorization->getRoles()); + $isPrivilegedUser = User::isPrivileged($authorization->getRoles()); $database = $authorization->skip(fn () => $dbForProject->getDocument('databases', $databaseId)); if ($database->isEmpty() || (!$database->getAttribute('enabled', false) && !$isAPIKey && !$isPrivilegedUser)) { diff --git a/src/Appwrite/Platform/Modules/Databases/Http/Databases/Transactions/Update.php b/src/Appwrite/Platform/Modules/Databases/Http/Databases/Transactions/Update.php index fc9d0f7711..f28823b252 100644 --- a/src/Appwrite/Platform/Modules/Databases/Http/Databases/Transactions/Update.php +++ b/src/Appwrite/Platform/Modules/Databases/Http/Databases/Transactions/Update.php @@ -112,8 +112,8 @@ class Update extends Action throw new Exception(Exception::GENERAL_BAD_REQUEST, 'Cannot commit and rollback at the same time'); } - $isAPIKey = User::isAppUser($authorization->getRoles()); - $isPrivilegedUser = User::isPrivilegedUser($authorization->getRoles()); + $isAPIKey = User::isApp($authorization->getRoles()); + $isPrivilegedUser = User::isPrivileged($authorization->getRoles()); $transaction = ($isAPIKey || $isPrivilegedUser) ? $authorization->skip(fn () => $dbForProject->getDocument('transactions', $transactionId)) @@ -246,8 +246,6 @@ class Update extends Action 'status' => 'failed', ]))); throw new Exception(Exception::DOCUMENT_NOT_FOUND, previous: $e); - } catch (DuplicateException|ConflictException $e) { - $authorization->skip(fn () => $dbForProject->updateDocument('transactions', $transactionId, new Document([ } catch (DuplicateException | ConflictException $e) { $authorization->skip(fn () => $dbForProject->updateDocument('transactions', $transactionId, new Document([ 'status' => 'failed', diff --git a/src/Appwrite/Platform/Modules/Functions/Http/Executions/XList.php b/src/Appwrite/Platform/Modules/Functions/Http/Executions/XList.php index 04dc56b5b8..460e361f15 100644 --- a/src/Appwrite/Platform/Modules/Functions/Http/Executions/XList.php +++ b/src/Appwrite/Platform/Modules/Functions/Http/Executions/XList.php @@ -74,8 +74,8 @@ class XList extends Base ) { $function = $authorization->skip(fn () => $dbForProject->getDocument('functions', $functionId)); - $isAPIKey = User::isAppUser($authorization->getRoles()); - $isPrivilegedUser = User::isPrivilegedUser($authorization->getRoles()); + $isAPIKey = User::isApp($authorization->getRoles()); + $isPrivilegedUser = User::isPrivileged($authorization->getRoles()); if ($function->isEmpty() || (!$function->getAttribute('enabled') && !$isAPIKey && !$isPrivilegedUser)) { throw new Exception(Exception::FUNCTION_NOT_FOUND); diff --git a/src/Appwrite/Platform/Modules/Tokens/Http/Tokens/Buckets/Files/Action.php b/src/Appwrite/Platform/Modules/Tokens/Http/Tokens/Buckets/Files/Action.php index ef00ee6093..5f1bd55788 100644 --- a/src/Appwrite/Platform/Modules/Tokens/Http/Tokens/Buckets/Files/Action.php +++ b/src/Appwrite/Platform/Modules/Tokens/Http/Tokens/Buckets/Files/Action.php @@ -15,8 +15,8 @@ class Action extends UtopiaAction { $bucket = $authorization->skip(fn () => $dbForProject->getDocument('buckets', $bucketId)); - $isAPIKey = Auth::isAppUser($authorization->getRoles()); - $isPrivilegedUser = Auth::isPrivilegedUser($authorization->getRoles()); + $isAPIKey = User::isApp($authorization->getRoles()); + $isPrivilegedUser = User::isPrivileged($authorization->getRoles()); if ($bucket->isEmpty() || (!$bucket->getAttribute('enabled') && !$isAPIKey && !$isPrivilegedUser)) { throw new Exception(Exception::STORAGE_BUCKET_NOT_FOUND); diff --git a/src/Appwrite/Utopia/Database/Documents/User.php b/src/Appwrite/Utopia/Database/Documents/User.php index a85b0a897c..b4ecfece66 100644 --- a/src/Appwrite/Utopia/Database/Documents/User.php +++ b/src/Appwrite/Utopia/Database/Documents/User.php @@ -7,7 +7,6 @@ use Utopia\Auth\Proofs\Token; use Utopia\Database\DateTime; use Utopia\Database\Document; use Utopia\Database\Helpers\Role; -use Utopia\Database\Validator\Authorization; use Utopia\Database\Validator\Roles; class User extends Document @@ -36,11 +35,11 @@ class User extends Document * * @return array */ - public function getRoles(): array + public function getRoles($authorization): array { $roles = []; - if (!$this->isPrivileged(Authorization::getRoles()) && !$this->isApp(Authorization::getRoles())) { + if (!$this->isPrivileged($authorization->getRoles) && !$this->isApp($authorization->getRoles())) { if ($this->getId()) { $roles[] = Role::user($this->getId())->toString(); $roles[] = Role::users()->toString(); diff --git a/tests/unit/Auth/AuthTest.php b/tests/unit/Auth/AuthTest.php deleted file mode 100644 index e69de29bb2..0000000000