From 7cd1ffc085ce618db278c6fc8ee2e344594b4ec1 Mon Sep 17 00:00:00 2001 From: fogelito Date: Sun, 12 Feb 2023 23:53:52 +0200 Subject: [PATCH] DatabasesCustomClientTest.php uncomment tests --- .../Databases/DatabasesCustomClientTest.php | 416 +++++++++--------- 1 file changed, 208 insertions(+), 208 deletions(-) diff --git a/tests/e2e/Services/Databases/DatabasesCustomClientTest.php b/tests/e2e/Services/Databases/DatabasesCustomClientTest.php index 16f7a058c2..9f86bb66c0 100644 --- a/tests/e2e/Services/Databases/DatabasesCustomClientTest.php +++ b/tests/e2e/Services/Databases/DatabasesCustomClientTest.php @@ -15,212 +15,212 @@ class DatabasesCustomClientTest extends Scope use DatabasesBase; use ProjectCustom; use SideClient; -// -// public function testAllowedPermissions(): void -// { -// /** -// * Test for SUCCESS -// */ -// -// $database = $this->client->call(Client::METHOD_POST, '/databases', [ -// 'content-type' => 'application/json', -// 'x-appwrite-project' => $this->getProject()['$id'], -// 'x-appwrite-key' => $this->getProject()['apiKey'] -// ], [ -// 'databaseId' => ID::unique(), -// 'name' => 'Test Database' -// ]); -// -// $databaseId = $database['body']['$id']; -// -// // Collection aliases write to create, update, delete -// $movies = $this->client->call(Client::METHOD_POST, '/databases/' . $databaseId . '/collections', array_merge([ -// 'content-type' => 'application/json', -// 'x-appwrite-project' => $this->getProject()['$id'], -// 'x-appwrite-key' => $this->getProject()['apiKey'] -// ]), [ -// 'collectionId' => ID::unique(), -// 'name' => 'Movies', -// 'documentSecurity' => true, -// 'permissions' => [ -// Permission::write(Role::user($this->getUser()['$id'])), -// ], -// ]); -// -// $moviesId = $movies['body']['$id']; -// -// $this->assertContains(Permission::create(Role::user($this->getUser()['$id'])), $movies['body']['$permissions']); -// $this->assertContains(Permission::update(Role::user($this->getUser()['$id'])), $movies['body']['$permissions']); -// $this->assertContains(Permission::delete(Role::user($this->getUser()['$id'])), $movies['body']['$permissions']); -// -// $this->client->call(Client::METHOD_POST, '/databases/' . $databaseId . '/collections/' . $moviesId . '/attributes/string', array_merge([ -// 'content-type' => 'application/json', -// 'x-appwrite-project' => $this->getProject()['$id'], -// 'x-appwrite-key' => $this->getProject()['apiKey'] -// ]), [ -// 'key' => 'title', -// 'size' => 256, -// 'required' => true, -// ]); -// -// sleep(1); -// -// // Document aliases write to update, delete -// $document1 = $this->client->call(Client::METHOD_POST, '/databases/' . $databaseId . '/collections/' . $moviesId . '/documents', array_merge([ -// 'content-type' => 'application/json', -// 'x-appwrite-project' => $this->getProject()['$id'], -// ], $this->getHeaders()), [ -// 'documentId' => ID::unique(), -// 'data' => [ -// 'title' => 'Captain America', -// ], -// 'permissions' => [ -// Permission::write(Role::user($this->getUser()['$id'])), -// ] -// ]); -// -// $this->assertNotContains(Permission::create(Role::user($this->getUser()['$id'])), $document1['body']['$permissions']); -// $this->assertContains(Permission::update(Role::user($this->getUser()['$id'])), $document1['body']['$permissions']); -// $this->assertContains(Permission::delete(Role::user($this->getUser()['$id'])), $document1['body']['$permissions']); -// -// /** -// * Test for FAILURE -// */ -// -// // Document does not allow create permission -// $document2 = $this->client->call(Client::METHOD_POST, '/databases/' . $databaseId . '/collections/' . $moviesId . '/documents', array_merge([ -// 'content-type' => 'application/json', -// 'x-appwrite-project' => $this->getProject()['$id'], -// ], $this->getHeaders()), [ -// 'documentId' => ID::unique(), -// 'data' => [ -// 'title' => 'Captain America', -// ], -// 'permissions' => [ -// Permission::create(Role::user($this->getUser()['$id'])), -// ] -// ]); -// -// $this->assertEquals(400, $document2['headers']['status-code']); -// } -// -// public function testUpdateWithoutPermission(): array -// { -// // If document has been created by server and client tried to update it without adjusting permissions, permission validation should be skipped -// -// // As a part of preparation, we get ID of currently logged-in user -// $response = $this->client->call(Client::METHOD_GET, '/account', array_merge([ -// 'content-type' => 'application/json', -// 'x-appwrite-project' => $this->getProject()['$id'], -// 'x-appwrite-key' => $this->getProject()['apiKey'] -// ], $this->getHeaders())); -// $this->assertEquals(200, $response['headers']['status-code']); -// -// $userId = $response['body']['$id']; -// -// $database = $this->client->call(Client::METHOD_POST, '/databases', array_merge([ -// 'content-type' => 'application/json', -// 'x-appwrite-project' => $this->getProject()['$id'], -// 'x-appwrite-key' => $this->getProject()['apiKey'] -// ]), [ -// 'databaseId' => ID::custom('permissionCheckDatabase'), -// 'name' => 'Test Database', -// ]); -// $this->assertEquals(201, $database['headers']['status-code']); -// $this->assertEquals('Test Database', $database['body']['name']); -// -// $databaseId = $database['body']['$id']; -// // Create collection -// $response = $this->client->call(Client::METHOD_POST, '/databases/' . $databaseId . '/collections', array_merge([ -// 'content-type' => 'application/json', -// 'x-appwrite-project' => $this->getProject()['$id'], -// 'x-appwrite-key' => $this->getProject()['apiKey'] -// ]), [ -// 'collectionId' => ID::custom('permissionCheck'), -// 'name' => 'permissionCheck', -// 'permissions' => [], -// 'documentSecurity' => true, -// ]); -// $this->assertEquals(201, $response['headers']['status-code']); -// -// // Add attribute to collection -// $response = $this->client->call(Client::METHOD_POST, '/databases/' . $databaseId . '/collections/permissionCheck/attributes/string', array_merge([ -// 'content-type' => 'application/json', -// 'x-appwrite-project' => $this->getProject()['$id'], -// 'x-appwrite-key' => $this->getProject()['apiKey'] -// ]), [ -// 'key' => 'name', -// 'size' => 255, -// 'required' => true, -// ]); -// $this->assertEquals(202, $response['headers']['status-code']); -// -// // Wait for database worker to finish creating attributes -// sleep(2); -// -// // Creating document by server, give read permission to our user + some other user -// $response = $this->client->call(Client::METHOD_POST, '/databases/' . $databaseId . '/collections/permissionCheck/documents', array_merge([ -// 'content-type' => 'application/json', -// 'x-appwrite-project' => $this->getProject()['$id'], -// 'x-appwrite-key' => $this->getProject()['apiKey'] -// ]), [ -// 'documentId' => ID::custom('permissionCheckDocument'), -// 'data' => [ -// 'name' => 'AppwriteBeginner', -// ], -// 'permissions' => [ -// Permission::read(Role::user(ID::custom('user2'))), -// Permission::read(Role::user($userId)), -// Permission::update(Role::user($userId)), -// Permission::delete(Role::user($userId)), -// ], -// ]); -// -// $this->assertEquals(201, $response['headers']['status-code']); -// -// // Update document -// // This is the point of this test. We should be allowed to do this action, and it should not fail on permission check -// $response = $this->client->call(Client::METHOD_PATCH, '/databases/' . $databaseId . '/collections/permissionCheck/documents/permissionCheckDocument', array_merge([ -// 'content-type' => 'application/json', -// 'x-appwrite-project' => $this->getProject()['$id'], -// ], $this->getHeaders()), [ -// 'data' => [ -// 'name' => 'AppwriteExpert', -// ] -// ]); -// -// $this->assertEquals(200, $response['headers']['status-code']); -// -// // Get name of the document, should be the new one -// $response = $this->client->call(Client::METHOD_GET, '/databases/' . $databaseId . '/collections/permissionCheck/documents/permissionCheckDocument', array_merge([ -// 'content-type' => 'application/json', -// 'x-appwrite-project' => $this->getProject()['$id'], -// ], $this->getHeaders())); -// $this->assertEquals(200, $response['headers']['status-code']); -// $this->assertEquals("AppwriteExpert", $response['body']['name']); -// -// // Cleanup to prevent collision with other tests -// // Delete collection -// $response = $this->client->call(Client::METHOD_DELETE, '/databases/' . $databaseId . '/collections/permissionCheck', array_merge([ -// 'content-type' => 'application/json', -// 'x-appwrite-project' => $this->getProject()['$id'], -// 'x-appwrite-key' => $this->getProject()['apiKey'] -// ])); -// -// $this->assertEquals(204, $response['headers']['status-code']); -// -// -// // Wait for database worker to finish deleting collection -// sleep(2); -// -// // Make sure collection has been deleted -// $response = $this->client->call(Client::METHOD_GET, '/databases/' . $databaseId . '/collections/permissionCheck', array_merge([ -// 'content-type' => 'application/json', -// 'x-appwrite-project' => $this->getProject()['$id'], -// 'x-appwrite-key' => $this->getProject()['apiKey'] -// ])); -// $this->assertEquals(404, $response['headers']['status-code']); -// -// return []; -// } + + public function testAllowedPermissions(): void + { + /** + * Test for SUCCESS + */ + + $database = $this->client->call(Client::METHOD_POST, '/databases', [ + 'content-type' => 'application/json', + 'x-appwrite-project' => $this->getProject()['$id'], + 'x-appwrite-key' => $this->getProject()['apiKey'] + ], [ + 'databaseId' => ID::unique(), + 'name' => 'Test Database' + ]); + + $databaseId = $database['body']['$id']; + + // Collection aliases write to create, update, delete + $movies = $this->client->call(Client::METHOD_POST, '/databases/' . $databaseId . '/collections', array_merge([ + 'content-type' => 'application/json', + 'x-appwrite-project' => $this->getProject()['$id'], + 'x-appwrite-key' => $this->getProject()['apiKey'] + ]), [ + 'collectionId' => ID::unique(), + 'name' => 'Movies', + 'documentSecurity' => true, + 'permissions' => [ + Permission::write(Role::user($this->getUser()['$id'])), + ], + ]); + + $moviesId = $movies['body']['$id']; + + $this->assertContains(Permission::create(Role::user($this->getUser()['$id'])), $movies['body']['$permissions']); + $this->assertContains(Permission::update(Role::user($this->getUser()['$id'])), $movies['body']['$permissions']); + $this->assertContains(Permission::delete(Role::user($this->getUser()['$id'])), $movies['body']['$permissions']); + + $this->client->call(Client::METHOD_POST, '/databases/' . $databaseId . '/collections/' . $moviesId . '/attributes/string', array_merge([ + 'content-type' => 'application/json', + 'x-appwrite-project' => $this->getProject()['$id'], + 'x-appwrite-key' => $this->getProject()['apiKey'] + ]), [ + 'key' => 'title', + 'size' => 256, + 'required' => true, + ]); + + sleep(1); + + // Document aliases write to update, delete + $document1 = $this->client->call(Client::METHOD_POST, '/databases/' . $databaseId . '/collections/' . $moviesId . '/documents', array_merge([ + 'content-type' => 'application/json', + 'x-appwrite-project' => $this->getProject()['$id'], + ], $this->getHeaders()), [ + 'documentId' => ID::unique(), + 'data' => [ + 'title' => 'Captain America', + ], + 'permissions' => [ + Permission::write(Role::user($this->getUser()['$id'])), + ] + ]); + + $this->assertNotContains(Permission::create(Role::user($this->getUser()['$id'])), $document1['body']['$permissions']); + $this->assertContains(Permission::update(Role::user($this->getUser()['$id'])), $document1['body']['$permissions']); + $this->assertContains(Permission::delete(Role::user($this->getUser()['$id'])), $document1['body']['$permissions']); + + /** + * Test for FAILURE + */ + + // Document does not allow create permission + $document2 = $this->client->call(Client::METHOD_POST, '/databases/' . $databaseId . '/collections/' . $moviesId . '/documents', array_merge([ + 'content-type' => 'application/json', + 'x-appwrite-project' => $this->getProject()['$id'], + ], $this->getHeaders()), [ + 'documentId' => ID::unique(), + 'data' => [ + 'title' => 'Captain America', + ], + 'permissions' => [ + Permission::create(Role::user($this->getUser()['$id'])), + ] + ]); + + $this->assertEquals(400, $document2['headers']['status-code']); + } + + public function testUpdateWithoutPermission(): array + { + // If document has been created by server and client tried to update it without adjusting permissions, permission validation should be skipped + + // As a part of preparation, we get ID of currently logged-in user + $response = $this->client->call(Client::METHOD_GET, '/account', array_merge([ + 'content-type' => 'application/json', + 'x-appwrite-project' => $this->getProject()['$id'], + 'x-appwrite-key' => $this->getProject()['apiKey'] + ], $this->getHeaders())); + $this->assertEquals(200, $response['headers']['status-code']); + + $userId = $response['body']['$id']; + + $database = $this->client->call(Client::METHOD_POST, '/databases', array_merge([ + 'content-type' => 'application/json', + 'x-appwrite-project' => $this->getProject()['$id'], + 'x-appwrite-key' => $this->getProject()['apiKey'] + ]), [ + 'databaseId' => ID::custom('permissionCheckDatabase'), + 'name' => 'Test Database', + ]); + $this->assertEquals(201, $database['headers']['status-code']); + $this->assertEquals('Test Database', $database['body']['name']); + + $databaseId = $database['body']['$id']; + // Create collection + $response = $this->client->call(Client::METHOD_POST, '/databases/' . $databaseId . '/collections', array_merge([ + 'content-type' => 'application/json', + 'x-appwrite-project' => $this->getProject()['$id'], + 'x-appwrite-key' => $this->getProject()['apiKey'] + ]), [ + 'collectionId' => ID::custom('permissionCheck'), + 'name' => 'permissionCheck', + 'permissions' => [], + 'documentSecurity' => true, + ]); + $this->assertEquals(201, $response['headers']['status-code']); + + // Add attribute to collection + $response = $this->client->call(Client::METHOD_POST, '/databases/' . $databaseId . '/collections/permissionCheck/attributes/string', array_merge([ + 'content-type' => 'application/json', + 'x-appwrite-project' => $this->getProject()['$id'], + 'x-appwrite-key' => $this->getProject()['apiKey'] + ]), [ + 'key' => 'name', + 'size' => 255, + 'required' => true, + ]); + $this->assertEquals(202, $response['headers']['status-code']); + + // Wait for database worker to finish creating attributes + sleep(2); + + // Creating document by server, give read permission to our user + some other user + $response = $this->client->call(Client::METHOD_POST, '/databases/' . $databaseId . '/collections/permissionCheck/documents', array_merge([ + 'content-type' => 'application/json', + 'x-appwrite-project' => $this->getProject()['$id'], + 'x-appwrite-key' => $this->getProject()['apiKey'] + ]), [ + 'documentId' => ID::custom('permissionCheckDocument'), + 'data' => [ + 'name' => 'AppwriteBeginner', + ], + 'permissions' => [ + Permission::read(Role::user(ID::custom('user2'))), + Permission::read(Role::user($userId)), + Permission::update(Role::user($userId)), + Permission::delete(Role::user($userId)), + ], + ]); + + $this->assertEquals(201, $response['headers']['status-code']); + + // Update document + // This is the point of this test. We should be allowed to do this action, and it should not fail on permission check + $response = $this->client->call(Client::METHOD_PATCH, '/databases/' . $databaseId . '/collections/permissionCheck/documents/permissionCheckDocument', array_merge([ + 'content-type' => 'application/json', + 'x-appwrite-project' => $this->getProject()['$id'], + ], $this->getHeaders()), [ + 'data' => [ + 'name' => 'AppwriteExpert', + ] + ]); + + $this->assertEquals(200, $response['headers']['status-code']); + + // Get name of the document, should be the new one + $response = $this->client->call(Client::METHOD_GET, '/databases/' . $databaseId . '/collections/permissionCheck/documents/permissionCheckDocument', array_merge([ + 'content-type' => 'application/json', + 'x-appwrite-project' => $this->getProject()['$id'], + ], $this->getHeaders())); + $this->assertEquals(200, $response['headers']['status-code']); + $this->assertEquals("AppwriteExpert", $response['body']['name']); + + // Cleanup to prevent collision with other tests + // Delete collection + $response = $this->client->call(Client::METHOD_DELETE, '/databases/' . $databaseId . '/collections/permissionCheck', array_merge([ + 'content-type' => 'application/json', + 'x-appwrite-project' => $this->getProject()['$id'], + 'x-appwrite-key' => $this->getProject()['apiKey'] + ])); + + $this->assertEquals(204, $response['headers']['status-code']); + + + // Wait for database worker to finish deleting collection + sleep(2); + + // Make sure collection has been deleted + $response = $this->client->call(Client::METHOD_GET, '/databases/' . $databaseId . '/collections/permissionCheck', array_merge([ + 'content-type' => 'application/json', + 'x-appwrite-project' => $this->getProject()['$id'], + 'x-appwrite-key' => $this->getProject()['apiKey'] + ])); + $this->assertEquals(404, $response['headers']['status-code']); + + return []; + } }