Use Auth method to simplify code

kodumbeats · kodumbeats · commit 4dd6f63fb910 · 2021-11-11T20:14:40.000-05:00
diff --git a/app/controllers/api/database.php b/app/controllers/api/database.php
@@ -1577,14 +1577,15 @@ function createAttribute($collectionId, $attribute, $response, $dbForInternal, $
         $data['$write'] = (is_null($write) && !$user->isEmpty()) ? ['user:'.$user->getId()] : $write ?? []; //  By default set write permissions for user
 
         // Users can only add their roles to documents, API keys can add any
+        $roles = Authorization::getRoles();
         foreach ($data['$read'] as $read) {
-            if (!Authorization::isRole('role:'.Auth::USER_ROLE_APP) && !Authorization::isRole($read)) {
-                throw new Exception('Read permissions must be one of: ('.\implode(', ', Authorization::getRoles()).')', 400);
+            if (!Auth::isAppUser($roles) && !Authorization::isRole($read)) {
+                throw new Exception('Read permissions must be one of: ('.\implode(', ', $roles).')', 400);
             }
         }
         foreach ($data['$write'] as $write) {
-            if (!Authorization::isRole('role:'.Auth::USER_ROLE_APP) && !Authorization::isRole($write)) {
-                throw new Exception('Write permissions must be one of: ('.\implode(', ', Authorization::getRoles()).')', 400);
+            if (!Auth::isAppUser($roles) && !Authorization::isRole($write)) {
+                throw new Exception('Write permissions must be one of: ('.\implode(', ', $roles).')', 400);
             }
         }
 
@@ -1827,14 +1828,15 @@ function createAttribute($collectionId, $attribute, $response, $dbForInternal, $
         $data['$write'] = (is_null($write)) ? ($document->getWrite() ?? []) : $write; // By default inherit write permissions
 
         // Users can only add their roles to documents, API keys can add any
+        $roles = Authorization::getRoles();
         foreach ($data['$read'] as $read) {
-            if (!Authorization::isRole('role:'.Auth::USER_ROLE_APP) && !Authorization::isRole($read)) {
-                throw new Exception('Read permissions must be one of: ('.\implode(', ', Authorization::getRoles()).')', 400);
+            if (!Auth::isAppUser($roles) && !Authorization::isRole($read)) {
+                throw new Exception('Read permissions must be one of: ('.\implode(', ', $roles).')', 400);
             }
         }
         foreach ($data['$write'] as $write) {
-            if (!Authorization::isRole('role:'.Auth::USER_ROLE_APP) && !Authorization::isRole($write)) {
-                throw new Exception('Write permissions must be one of: ('.\implode(', ', Authorization::getRoles()).')', 400);
+            if (!Auth::isAppUser($roles) && !Authorization::isRole($write)) {
+                throw new Exception('Write permissions must be one of: ('.\implode(', ', $roles).')', 400);
             }
         }
 

Original file line number	Diff line number	Diff line change
`@@ -1577,14 +1577,15 @@ function createAttribute($collectionId, $attribute, $response, $dbForInternal, $`
`1577`	`1577`	`$data['$write'] = (is_null($write) && !$user->isEmpty()) ? ['user:'.$user->getId()] : $write ?? []; // By default set write permissions for user`
`1578`	`1578`
`1579`	`1579`	`// Users can only add their roles to documents, API keys can add any`
	`1580`	`+ $roles = Authorization::getRoles();`
`1580`	`1581`	`foreach ($data['$read'] as $read) {`
`1581`		`- if (!Authorization::isRole('role:'.Auth::USER_ROLE_APP) && !Authorization::isRole($read)) {`
`1582`		`- throw new Exception('Read permissions must be one of: ('.\implode(', ', Authorization::getRoles()).')', 400);`
	`1582`	`+ if (!Auth::isAppUser($roles) && !Authorization::isRole($read)) {`
	`1583`	`+ throw new Exception('Read permissions must be one of: ('.\implode(', ', $roles).')', 400);`
`1583`	`1584`	`}`
`1584`	`1585`	`}`
`1585`	`1586`	`foreach ($data['$write'] as $write) {`
`1586`		`- if (!Authorization::isRole('role:'.Auth::USER_ROLE_APP) && !Authorization::isRole($write)) {`
`1587`		`- throw new Exception('Write permissions must be one of: ('.\implode(', ', Authorization::getRoles()).')', 400);`
	`1587`	`+ if (!Auth::isAppUser($roles) && !Authorization::isRole($write)) {`
	`1588`	`+ throw new Exception('Write permissions must be one of: ('.\implode(', ', $roles).')', 400);`
`1588`	`1589`	`}`
`1589`	`1590`	`}`
`1590`	`1591`
`@@ -1827,14 +1828,15 @@ function createAttribute($collectionId, $attribute, $response, $dbForInternal, $`
`1827`	`1828`	`$data['$write'] = (is_null($write)) ? ($document->getWrite() ?? []) : $write; // By default inherit write permissions`
`1828`	`1829`
`1829`	`1830`	`// Users can only add their roles to documents, API keys can add any`
	`1831`	`+ $roles = Authorization::getRoles();`
`1830`	`1832`	`foreach ($data['$read'] as $read) {`
`1831`		`- if (!Authorization::isRole('role:'.Auth::USER_ROLE_APP) && !Authorization::isRole($read)) {`
`1832`		`- throw new Exception('Read permissions must be one of: ('.\implode(', ', Authorization::getRoles()).')', 400);`
	`1833`	`+ if (!Auth::isAppUser($roles) && !Authorization::isRole($read)) {`
	`1834`	`+ throw new Exception('Read permissions must be one of: ('.\implode(', ', $roles).')', 400);`
`1833`	`1835`	`}`
`1834`	`1836`	`}`
`1835`	`1837`	`foreach ($data['$write'] as $write) {`
`1836`		`- if (!Authorization::isRole('role:'.Auth::USER_ROLE_APP) && !Authorization::isRole($write)) {`
`1837`		`- throw new Exception('Write permissions must be one of: ('.\implode(', ', Authorization::getRoles()).')', 400);`
	`1838`	`+ if (!Auth::isAppUser($roles) && !Authorization::isRole($write)) {`
	`1839`	`+ throw new Exception('Write permissions must be one of: ('.\implode(', ', $roles).')', 400);`
`1838`	`1840`	`}`
`1839`	`1841`	`}`
`1840`	`1842`