Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix relationship filtering #5395

Merged
merged 13 commits into from
Apr 26, 2023
Merged

Fix relationship filtering #5395

merged 13 commits into from
Apr 26, 2023

Conversation

stnguyen90
Copy link
Contributor

@stnguyen90 stnguyen90 commented Apr 18, 2023

What does this PR do?

In the previous release, filtering was moved to the Appwrite layer rather than being done in the database. This resulted in some inconsistencies with the data returned. In particular, the $total ended up being higher than expected because some documents that shouldn't be counted were being counted.

Tasks:

  • Figure out what to do with permissions and documentSecurity in the 'database_' . $database->getInternalId() collection
  • Update the Update Collection endpoint to update the permissions and documentSecurity in the metadata collection
  • Ensure all database tests pass
  • Ensure all tests pass
  • Ensure a user doesn't see teams they're not in
  • Ensure a user doesn't see other users' function executions
  • Add any additional relevant tests
    • Test for non-existing database
    • Test for non-existing collection
    • Test for collection the user doesn't have access to
    • Test abuse

Test Plan

Update test cases

Related PRs and Issues

Depends on:

Checklist

  • Have you read the Contributing Guidelines on issues?
  • If the PR includes a change to an API's metadata (desc, label, params, etc.), does it also include updated API specs and example docs?

@stnguyen90 stnguyen90 changed the base branch from master to 1.3.x April 18, 2023 00:48
@stnguyen90 stnguyen90 marked this pull request as draft April 18, 2023 01:18
@stnguyen90 stnguyen90 force-pushed the fix-relationship-filtering branch 3 times, most recently from ad0dcc2 to 39d0b08 Compare April 19, 2023 00:46
It is better to return 404 so that an end user doesn't know if the
collection actually exists but they don't have access or they really
don't have access.
A user should be able to update a document without touching the
relationship.

Relates: #5404
@stnguyen90 stnguyen90 force-pushed the fix-relationship-filtering branch from 39d0b08 to 4113ae7 Compare April 20, 2023 00:21
@stnguyen90 stnguyen90 marked this pull request as ready for review April 21, 2023 01:50
@stnguyen90 stnguyen90 marked this pull request as draft April 21, 2023 01:50
@stnguyen90 stnguyen90 linked an issue Apr 24, 2023 that may be closed by this pull request
2 tasks
@stnguyen90 stnguyen90 marked this pull request as ready for review April 26, 2023 15:24
@TorstenDittmann TorstenDittmann merged commit e9e83ae into 1.3.x Apr 26, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

🐛 Bug Report: Nested update, permission issue
2 participants