From c104860448b3d11a07869a980aee231b7fef79e5 Mon Sep 17 00:00:00 2001 From: Jake Barnby Date: Sat, 13 Aug 2022 00:23:58 +1200 Subject: [PATCH] Use roles validator for function execution --- app/controllers/api/functions.php | 8 +++----- .../e2e/Services/Functions/FunctionsConsoleClientTest.php | 2 +- .../e2e/Services/Functions/FunctionsCustomClientTest.php | 6 +++--- 3 files changed, 7 insertions(+), 9 deletions(-) diff --git a/app/controllers/api/functions.php b/app/controllers/api/functions.php index a33ed028e1..41d2a39f87 100644 --- a/app/controllers/api/functions.php +++ b/app/controllers/api/functions.php @@ -33,7 +33,7 @@ use Utopia\Config\Config; use Cron\CronExpression; use Executor\Executor; use Utopia\CLI\Console; -use Utopia\Database\Validator\Permissions; +use Utopia\Database\Validator\Roles; use Utopia\Validator\Boolean; include_once __DIR__ . '/../shared/api.php'; @@ -52,7 +52,7 @@ App::post('/v1/functions') ->label('sdk.response.model', Response::MODEL_FUNCTION) ->param('functionId', '', new CustomId(), 'Function ID. Choose your own unique ID or pass the string "unique()" to auto generate it. Valid chars are a-z, A-Z, 0-9, period, hyphen, and underscore. Can\'t start with a special char. Max length is 36 chars.') ->param('name', '', new Text(128), 'Function name. Max length: 128 chars.') - ->param('execute', [], new Permissions(APP_LIMIT_ARRAY_PARAMS_SIZE), 'An array of strings with execution permissions. By default no user is granted with any execute permissions. [learn more about permissions](https://appwrite.io/docs/permissions) and get a full list of available permissions. Maximum of ' . APP_LIMIT_ARRAY_PARAMS_SIZE . ' scopes are allowed, each 64 characters long.') + ->param('execute', [], new Roles(APP_LIMIT_ARRAY_PARAMS_SIZE), 'An array of strings with execution roles. By default no user is granted with any execute permissions. [learn more about permissions](https://appwrite.io/docs/permissions) and get a full list of available permissions. Maximum of ' . APP_LIMIT_ARRAY_PARAMS_SIZE . ' scopes are allowed, each 64 characters long.') ->param('runtime', '', new WhiteList(array_keys(Config::getParam('runtimes')), true), 'Execution runtime.') ->param('vars', [], new Assoc(), 'Key-value JSON object that will be passed to the function as environment variables.', true) ->param('events', [], new ArrayList(new ValidatorEvent(), APP_LIMIT_ARRAY_PARAMS_SIZE), 'Events list. Maximum of ' . APP_LIMIT_ARRAY_PARAMS_SIZE . ' events are allowed.', true) @@ -290,7 +290,7 @@ App::put('/v1/functions/:functionId') ->label('sdk.response.model', Response::MODEL_FUNCTION) ->param('functionId', '', new UID(), 'Function ID.') ->param('name', '', new Text(128), 'Function name. Max length: 128 chars.') - ->param('execute', [], new Permissions(APP_LIMIT_ARRAY_PARAMS_SIZE), 'An array of strings with execution permissions. By default no user is granted with any execute permissions. [learn more about permissions](https://appwrite.io/docs/permissions) and get a full list of available permissions. Maximum of ' . APP_LIMIT_ARRAY_PARAMS_SIZE . ' scopes are allowed, each 64 characters long.') + ->param('execute', [], new Roles(APP_LIMIT_ARRAY_PARAMS_SIZE), 'An array of strings with execution roles. By default no user is granted with any execute permissions. [learn more about permissions](https://appwrite.io/docs/permissions) and get a full list of available permissions. Maximum of ' . APP_LIMIT_ARRAY_PARAMS_SIZE . ' scopes are allowed, each 64 characters long.') ->param('vars', [], new Assoc(), 'Key-value JSON object that will be passed to the function as environment variables.', true) ->param('events', [], new ArrayList(new ValidatorEvent(), APP_LIMIT_ARRAY_PARAMS_SIZE), 'Events list. Maximum of ' . APP_LIMIT_ARRAY_PARAMS_SIZE . ' events are allowed.', true) ->param('schedule', '', new Cron(), 'Schedule CRON syntax.', true) @@ -571,7 +571,6 @@ App::post('/v1/functions/:functionId/deployments') '$id' => $deploymentId, '$permissions' => [ 'read(any)', - 'create(any)', 'update(any)', 'delete(any)', ], @@ -604,7 +603,6 @@ App::post('/v1/functions/:functionId/deployments') '$id' => $deploymentId, '$permissions' => [ 'read(any)', - 'create(any)', 'update(any)', 'delete(any)', ], diff --git a/tests/e2e/Services/Functions/FunctionsConsoleClientTest.php b/tests/e2e/Services/Functions/FunctionsConsoleClientTest.php index 190b1186b0..084923ac3e 100644 --- a/tests/e2e/Services/Functions/FunctionsConsoleClientTest.php +++ b/tests/e2e/Services/Functions/FunctionsConsoleClientTest.php @@ -20,7 +20,7 @@ class FunctionsConsoleClientTest extends Scope ], $this->getHeaders()), [ 'functionId' => 'unique()', 'name' => 'Test', - 'execute' => ['create(user:' . $this->getUser()['$id'] . ')'], + 'execute' => ["user:{$this->getUser()['$id']}"], 'runtime' => 'php-8.0', 'vars' => [ 'funcKey1' => 'funcValue1', diff --git a/tests/e2e/Services/Functions/FunctionsCustomClientTest.php b/tests/e2e/Services/Functions/FunctionsCustomClientTest.php index 2becfd59f4..2f6bd3f6c1 100644 --- a/tests/e2e/Services/Functions/FunctionsCustomClientTest.php +++ b/tests/e2e/Services/Functions/FunctionsCustomClientTest.php @@ -57,7 +57,7 @@ class FunctionsCustomClientTest extends Scope ], [ 'functionId' => 'unique()', 'name' => 'Test', - 'execute' => ['create(user:' . $this->getUser()['$id'] . ')'], + 'execute' => ["user:{$this->getUser()['$id']}"], 'runtime' => 'php-8.0', 'vars' => [ 'funcKey1' => 'funcValue1', @@ -147,7 +147,7 @@ class FunctionsCustomClientTest extends Scope ], [ 'functionId' => 'unique()', 'name' => 'Test', - 'execute' => ['create(any)'], + 'execute' => ['any'], 'runtime' => 'php-8.0', 'vars' => [ 'funcKey1' => 'funcValue1', @@ -332,7 +332,7 @@ class FunctionsCustomClientTest extends Scope ], [ 'functionId' => 'unique()', 'name' => 'Test', - 'execute' => ['create(any)'], + 'execute' => ['any'], 'runtime' => 'php-8.0', 'vars' => [ 'funcKey1' => 'funcValue1',