Skip to content

Commit

Permalink
Merge pull request #300 from utopia-php/fix-crud-operations-permissio…
Browse files Browse the repository at this point in the history 
…n-in-update-relationships

Fix crud operations permission in update relationships
  • Loading branch information
@abnegate
abnegate authored Aug 21, 2023
2 parents e0ec678 + fc8c21a commit 7f10223
Show file tree
Hide file tree
Showing 2 changed files with 60 additions and 5 deletions.
10 changes: 5 additions & 5 deletions src/Database/Database.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3244,16 +3244,16 @@ private function updateDocumentRelationships(Document $collection, Document $old
$removedDocuments = \array_diff($oldIds, $newIds);

foreach ($removedDocuments as $relation) {
$relation = $this->skipRelationships(fn () => $this->getDocument(
$relation = Authorization::skip(fn () => $this->skipRelationships(fn () => $this->getDocument(
$relatedCollection->getId(),
$relation
));
)));

$this->skipRelationships(fn () => $this->updateDocument(
Authorization::skip(fn () => $this->skipRelationships(fn () => $this->updateDocument(
$relatedCollection->getId(),
$relation->getId(),
$relation->setAttribute($twoWayKey, null)
));
)));
}

foreach ($value as $relation) {
Expand Down Expand Up @@ -3367,7 +3367,7 @@ private function updateDocumentRelationships(Document $collection, Document $old
]);

foreach ($junctions as $junction) {
$this->deleteDocument($junction->getCollection(), $junction->getId());
Authorization::skip(fn () => $this->deleteDocument($junction->getCollection(), $junction->getId()));
}
}

Expand Down
55 changes: 55 additions & 0 deletions tests/Database/Base.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11843,6 +11843,61 @@ public function testCollectionPermissionsRelationshipsDeleteWorks(array $data):
));
}

public function testCreateRelationDocumentWithoutUpdatePermission(): void
{
if (!static::getDatabase()->getAdapter()->getSupportForRelationships()) {
$this->expectNotToPerformAssertions();
return;
}

Authorization::cleanRoles();
Authorization::setRole(Role::user('a')->toString());

static::getDatabase()->createCollection('parentRelationTest', [], [], [
Permission::read(Role::user('a')),
Permission::create(Role::user('a')),
Permission::update(Role::user('a')),
Permission::delete(Role::user('a'))
]);
static::getDatabase()->createCollection('childRelationTest', [], [], [
Permission::create(Role::user('a')),
Permission::read(Role::user('a')),
]);
static::getDatabase()->createAttribute('parentRelationTest', 'name', Database::VAR_STRING, 255, false);
static::getDatabase()->createAttribute('childRelationTest', 'name', Database::VAR_STRING, 255, false);

static::getDatabase()->createRelationship(
collection: 'parentRelationTest',
relatedCollection: 'childRelationTest',
type: Database::RELATION_ONE_TO_MANY,
id: 'children'
);

// Create document with relationship with nested data
$parent = static::getDatabase()->createDocument('parentRelationTest', new Document([
'$id' => 'parent1',
'name' => 'Parent 1',
'children' => [
[
'$id' => 'child1',
'name' => 'Child 1',
],
],
]));
$this->assertEquals('child1', $parent->getAttribute('children')[0]->getId());
$parent->setAttribute('children', [
[
'$id' => 'child2',
],
]);
$updatedParent = static::getDatabase()->updateDocument('parentRelationTest', 'parent1', $parent);

$this->assertEquals('child2', $updatedParent->getAttribute('children')[0]->getId());

static::getDatabase()->deleteCollection('parentRelationTest');
static::getDatabase()->deleteCollection('childRelationTest');
}

public function testLabels(): void
{
$this->assertInstanceOf('Utopia\Database\Document', static::getDatabase()->createCollection(
Expand Down

0 comments on commit 7f10223

Please sign in to comment.