Remove deprecated permission type

src/Database/Database.php

@@ -80,9 +80,6 @@ class Database
     public const PERMISSION_UPDATE = 'update';
     public const PERMISSION_DELETE = 'delete';
 
-    // Aggregate permissions
-    public const PERMISSION_WRITE = 'write';
-
     public const PERMISSIONS = [
         self::PERMISSION_CREATE,
         self::PERMISSION_READ,

src/Database/Helpers/Permission.php

@@ -10,17 +10,6 @@ class Permission
 {
     private Role $role;
 
-    /**
-     * @var array<string, array<string>>
-     */
-    private static array $aggregates = [
-        'write' => [
-            Database::PERMISSION_CREATE,
-            Database::PERMISSION_UPDATE,
-            Database::PERMISSION_DELETE,
-        ]
-    ];
-
     public function __construct(
         private string $permission,
         string $role,
@@ -90,7 +79,7 @@ public static function parse(string $permission): self
 
         $permission = $permissionParts[0];
 
-        if (!\in_array($permission, array_merge(Database::PERMISSIONS, [Database::PERMISSION_WRITE]))) {
+        if (!\in_array($permission, Database::PERMISSIONS)) {
             throw new DatabaseException('Invalid permission type: "' . $permission . '".');
         }
         $fullRole = \str_replace('")', '', $permissionParts[1]);
@@ -140,43 +129,6 @@ public static function parse(string $permission): self
         return new self($permission, $role, $identifier, $dimension);
     }
 
-    /**
-     * Map aggregate permissions into the set of individual permissions they represent.
-     *
-     * @param array<string>|null $permissions
-     * @param array<string> $allowed
-     * @return array<string>|null
-     * @throws Exception
-     */
-    public static function aggregate(?array $permissions, array $allowed = Database::PERMISSIONS): ?array
-    {
-        if (\is_null($permissions)) {
-            return null;
-        }
-        $mutated = [];
-        foreach ($permissions as $i => $permission) {
-            $permission = self::parse($permission);
-            foreach (self::$aggregates as $type => $subTypes) {
-                if ($permission->getPermission() != $type) {
-                    $mutated[] = $permission->toString();
-                    continue;
-                }
-                foreach ($subTypes as $subType) {
-                    if (!\in_array($subType, $allowed)) {
-                        continue;
-                    }
-                    $mutated[] = (new self(
-                        $subType,
-                        $permission->getRole(),
-                        $permission->getIdentifier(),
-                        $permission->getDimension()
-                    ))->toString();
-                }
-            }
-        }
-        return \array_values(\array_unique($mutated));
-    }
-
     /**
      * Create a read permission string from the given Role
      *
@@ -244,21 +196,4 @@ public static function delete(Role $role): string
         );
         return $permission->toString();
     }
-
-    /**
-     * Create a write permission string from the given Role
-     *
-     * @param Role $role
-     * @return string
-     */
-    public static function write(Role $role): string
-    {
-        $permission = new self(
-            'write',
-            $role->getRole(),
-            $role->getIdentifier(),
-            $role->getDimension()
-        );
-        return $permission->toString();
-    }
 }

src/Database/Validator/Permissions.php

@@ -22,7 +22,7 @@ class Permissions extends Roles
      * @param int $length maximum amount of permissions. 0 means unlimited.
      * @param array<string> $allowed allowed permissions. Defaults to all available.
      */
-    public function __construct(int $length = 0, array $allowed = [...Database::PERMISSIONS, Database::PERMISSION_WRITE])
+    public function __construct(int $length = 0, array $allowed = Database::PERMISSIONS)
     {
         $this->length = $length;
         $this->allowed = $allowed;

tests/unit/PermissionTest.php

@@ -3,7 +3,6 @@
 namespace Tests\Unit;
 
 use PHPUnit\Framework\TestCase;
-use Utopia\Database\Database;
 use Utopia\Database\Helpers\ID;
 use Utopia\Database\Helpers\Permission;
 use Utopia\Database\Helpers\Role;
@@ -253,9 +252,6 @@ public function testInputFromRoles(): void
 
         $permission = Permission::delete(Role::guests());
         $this->assertEquals('delete("guests")', $permission);
-
-        $permission = Permission::write(Role::any());
-        $this->assertEquals('write("any")', $permission);
     }
 
     public function testInvalidFormats(): void
@@ -288,35 +284,4 @@ public function testInvalidFormats(): void
             $this->assertEquals('Dimension must not be empty', $e->getMessage());
         }
     }
-
-    /**
-     * @throws \Exception
-     */
-    public function testAggregation(): void
-    {
-        $permissions = ['write("any")'];
-        $parsed = Permission::aggregate($permissions);
-        $this->assertEquals(['create("any")', 'update("any")', 'delete("any")'], $parsed);
-
-        $parsed = Permission::aggregate($permissions, [Database::PERMISSION_UPDATE, Database::PERMISSION_DELETE]);
-        $this->assertEquals(['update("any")', 'delete("any")'], $parsed);
-
-        $permissions = [
-            'read("any")',
-            'read("user:123")',
-            'read("user:123")',
-            'write("user:123")',
-            'update("user:123")',
-            'delete("user:123")'
-        ];
-
-        $parsed = Permission::aggregate($permissions, Database::PERMISSIONS);
-        $this->assertEquals([
-            'read("any")',
-            'read("user:123")',
-            'create("user:123")',
-            'update("user:123")',
-            'delete("user:123")',
-        ], $parsed);
-    }
 }

tests/unit/Validator/PermissionsTest.php

@@ -222,11 +222,11 @@ public function testInvalidPermissions(): void
 
         // Only contains a single ':'
         $this->assertFalse($object->isValid(['user1234']));
-        $this->assertEquals('Permission "user1234" is not allowed. Must be one of: create, read, update, delete, write.', $object->getDescription());
+        $this->assertEquals('Permission "user1234" is not allowed. Must be one of: create, read, update, delete.', $object->getDescription());
         $this->assertFalse($object->isValid(['user::1234']));
-        $this->assertEquals('Permission "user::1234" is not allowed. Must be one of: create, read, update, delete, write.', $object->getDescription());
+        $this->assertEquals('Permission "user::1234" is not allowed. Must be one of: create, read, update, delete.', $object->getDescription());
         $this->assertFalse($object->isValid(['user:123:4']));
-        $this->assertEquals('Permission "user:123:4" is not allowed. Must be one of: create, read, update, delete, write.', $object->getDescription());
+        $this->assertEquals('Permission "user:123:4" is not allowed. Must be one of: create, read, update, delete.', $object->getDescription());
 
         // Split role into format {$type}:{$value}
         // Permission must have value
@@ -316,7 +316,6 @@ public function testDuplicateMethods(): void
                 Permission::read(Role::any()),
                 Permission::read(Role::user($user)),
                 Permission::read(Role::user($user)),
-                Permission::write(Role::user($user)),
                 Permission::update(Role::user($user)),
                 Permission::delete(Role::user($user)),
             ],
@@ -332,11 +331,10 @@ public function testDuplicateMethods(): void
         ]);
         $this->assertTrue($validator->isValid($document->getPermissions()));
         $permissions = $document->getPermissions();
-        $this->assertEquals(5, count($permissions));
+        $this->assertEquals(4, count($permissions));
         $this->assertEquals([
             'read("any")',
             'read("user:' . $user . '")',
-            'write("user:' . $user . '")',
             'update("user:' . $user . '")',
             'delete("user:' . $user . '")',
         ], $permissions);