diff --git a/src/Database/Database.php b/src/Database/Database.php index ffb495884..96acb1709 100644 --- a/src/Database/Database.php +++ b/src/Database/Database.php @@ -80,9 +80,6 @@ class Database public const PERMISSION_UPDATE = 'update'; public const PERMISSION_DELETE = 'delete'; - // Aggregate permissions - public const PERMISSION_WRITE = 'write'; - public const PERMISSIONS = [ self::PERMISSION_CREATE, self::PERMISSION_READ, diff --git a/src/Database/Helpers/Permission.php b/src/Database/Helpers/Permission.php index 18c4fe5a9..04583ebda 100644 --- a/src/Database/Helpers/Permission.php +++ b/src/Database/Helpers/Permission.php @@ -10,17 +10,6 @@ class Permission { private Role $role; - /** - * @var array> - */ - private static array $aggregates = [ - 'write' => [ - Database::PERMISSION_CREATE, - Database::PERMISSION_UPDATE, - Database::PERMISSION_DELETE, - ] - ]; - public function __construct( private string $permission, string $role, @@ -90,7 +79,7 @@ public static function parse(string $permission): self $permission = $permissionParts[0]; - if (!\in_array($permission, array_merge(Database::PERMISSIONS, [Database::PERMISSION_WRITE]))) { + if (!\in_array($permission, Database::PERMISSIONS)) { throw new DatabaseException('Invalid permission type: "' . $permission . '".'); } $fullRole = \str_replace('")', '', $permissionParts[1]); @@ -140,43 +129,6 @@ public static function parse(string $permission): self return new self($permission, $role, $identifier, $dimension); } - /** - * Map aggregate permissions into the set of individual permissions they represent. - * - * @param array|null $permissions - * @param array $allowed - * @return array|null - * @throws Exception - */ - public static function aggregate(?array $permissions, array $allowed = Database::PERMISSIONS): ?array - { - if (\is_null($permissions)) { - return null; - } - $mutated = []; - foreach ($permissions as $i => $permission) { - $permission = self::parse($permission); - foreach (self::$aggregates as $type => $subTypes) { - if ($permission->getPermission() != $type) { - $mutated[] = $permission->toString(); - continue; - } - foreach ($subTypes as $subType) { - if (!\in_array($subType, $allowed)) { - continue; - } - $mutated[] = (new self( - $subType, - $permission->getRole(), - $permission->getIdentifier(), - $permission->getDimension() - ))->toString(); - } - } - } - return \array_values(\array_unique($mutated)); - } - /** * Create a read permission string from the given Role * @@ -244,21 +196,4 @@ public static function delete(Role $role): string ); return $permission->toString(); } - - /** - * Create a write permission string from the given Role - * - * @param Role $role - * @return string - */ - public static function write(Role $role): string - { - $permission = new self( - 'write', - $role->getRole(), - $role->getIdentifier(), - $role->getDimension() - ); - return $permission->toString(); - } } diff --git a/src/Database/Validator/Permissions.php b/src/Database/Validator/Permissions.php index 13e737205..6ebcf1e00 100644 --- a/src/Database/Validator/Permissions.php +++ b/src/Database/Validator/Permissions.php @@ -22,7 +22,7 @@ class Permissions extends Roles * @param int $length maximum amount of permissions. 0 means unlimited. * @param array $allowed allowed permissions. Defaults to all available. */ - public function __construct(int $length = 0, array $allowed = [...Database::PERMISSIONS, Database::PERMISSION_WRITE]) + public function __construct(int $length = 0, array $allowed = Database::PERMISSIONS) { $this->length = $length; $this->allowed = $allowed; diff --git a/tests/unit/PermissionTest.php b/tests/unit/PermissionTest.php index 6ca554f37..6c4c05922 100644 --- a/tests/unit/PermissionTest.php +++ b/tests/unit/PermissionTest.php @@ -3,7 +3,6 @@ namespace Tests\Unit; use PHPUnit\Framework\TestCase; -use Utopia\Database\Database; use Utopia\Database\Helpers\ID; use Utopia\Database\Helpers\Permission; use Utopia\Database\Helpers\Role; @@ -253,9 +252,6 @@ public function testInputFromRoles(): void $permission = Permission::delete(Role::guests()); $this->assertEquals('delete("guests")', $permission); - - $permission = Permission::write(Role::any()); - $this->assertEquals('write("any")', $permission); } public function testInvalidFormats(): void @@ -288,35 +284,4 @@ public function testInvalidFormats(): void $this->assertEquals('Dimension must not be empty', $e->getMessage()); } } - - /** - * @throws \Exception - */ - public function testAggregation(): void - { - $permissions = ['write("any")']; - $parsed = Permission::aggregate($permissions); - $this->assertEquals(['create("any")', 'update("any")', 'delete("any")'], $parsed); - - $parsed = Permission::aggregate($permissions, [Database::PERMISSION_UPDATE, Database::PERMISSION_DELETE]); - $this->assertEquals(['update("any")', 'delete("any")'], $parsed); - - $permissions = [ - 'read("any")', - 'read("user:123")', - 'read("user:123")', - 'write("user:123")', - 'update("user:123")', - 'delete("user:123")' - ]; - - $parsed = Permission::aggregate($permissions, Database::PERMISSIONS); - $this->assertEquals([ - 'read("any")', - 'read("user:123")', - 'create("user:123")', - 'update("user:123")', - 'delete("user:123")', - ], $parsed); - } } diff --git a/tests/unit/Validator/PermissionsTest.php b/tests/unit/Validator/PermissionsTest.php index bc03fb201..ef6488a20 100644 --- a/tests/unit/Validator/PermissionsTest.php +++ b/tests/unit/Validator/PermissionsTest.php @@ -222,11 +222,11 @@ public function testInvalidPermissions(): void // Only contains a single ':' $this->assertFalse($object->isValid(['user1234'])); - $this->assertEquals('Permission "user1234" is not allowed. Must be one of: create, read, update, delete, write.', $object->getDescription()); + $this->assertEquals('Permission "user1234" is not allowed. Must be one of: create, read, update, delete.', $object->getDescription()); $this->assertFalse($object->isValid(['user::1234'])); - $this->assertEquals('Permission "user::1234" is not allowed. Must be one of: create, read, update, delete, write.', $object->getDescription()); + $this->assertEquals('Permission "user::1234" is not allowed. Must be one of: create, read, update, delete.', $object->getDescription()); $this->assertFalse($object->isValid(['user:123:4'])); - $this->assertEquals('Permission "user:123:4" is not allowed. Must be one of: create, read, update, delete, write.', $object->getDescription()); + $this->assertEquals('Permission "user:123:4" is not allowed. Must be one of: create, read, update, delete.', $object->getDescription()); // Split role into format {$type}:{$value} // Permission must have value @@ -316,7 +316,6 @@ public function testDuplicateMethods(): void Permission::read(Role::any()), Permission::read(Role::user($user)), Permission::read(Role::user($user)), - Permission::write(Role::user($user)), Permission::update(Role::user($user)), Permission::delete(Role::user($user)), ], @@ -332,11 +331,10 @@ public function testDuplicateMethods(): void ]); $this->assertTrue($validator->isValid($document->getPermissions())); $permissions = $document->getPermissions(); - $this->assertEquals(5, count($permissions)); + $this->assertEquals(4, count($permissions)); $this->assertEquals([ 'read("any")', 'read("user:' . $user . '")', - 'write("user:' . $user . '")', 'update("user:' . $user . '")', 'delete("user:' . $user . '")', ], $permissions);