Project-specific roles

hmacr · hmacr · commit a074126df965 · 2026-01-20T13:52:15.000+05:30
diff --git a/src/Database/Validator/Roles.php b/src/Database/Validator/Roles.php
@@ -237,8 +237,9 @@ protected function isValidRole(
         string $identifier,
         string $dimension
     ): bool {
-        $key = new Key();
-        $label = new Label();
+        $identifierValidator = new Key();
+        $labelValidator = new Label();
+        $dimensionValidator = new Key(maxLength: 60);
 
         $config = self::CONFIG[$role] ?? null;
 
@@ -265,11 +266,11 @@ protected function isValidRole(
 
         // Allowed and has an invalid identifier
         if ($allowed && !empty($identifier)) {
-            if ($role === self::ROLE_LABEL && !$label->isValid($identifier)) {
-                $this->message = 'Role "' . $role . '"' . ' identifier value is invalid: ' . $label->getDescription();
+            if ($role === self::ROLE_LABEL && !$labelValidator->isValid($identifier)) {
+                $this->message = 'Role "' . $role . '"' . ' identifier value is invalid: ' . $labelValidator->getDescription();
                 return false;
-            } elseif ($role !== self::ROLE_LABEL && !$key->isValid($identifier)) {
-                $this->message = 'Role "' . $role . '"' . ' identifier value is invalid: ' . $key->getDescription();
+            } elseif ($role !== self::ROLE_LABEL && !$identifierValidator->isValid($identifier)) {
+                $this->message = 'Role "' . $role . '"' . ' identifier value is invalid: ' . $identifierValidator->getDescription();
                 return false;
             }
         }
@@ -300,8 +301,8 @@ protected function isValidRole(
                 return false;
             }
             // Allowed and dimension is not a valid key
-            if (!$key->isValid($dimension)) {
-                $this->message = 'Role "' . $role . '"' . ' dimension value is invalid: ' . $key->getDescription();
+            if (!$dimensionValidator->isValid($dimension)) {
+                $this->message = 'Role "' . $role . '"' . ' dimension value is invalid: ' . $dimensionValidator->getDescription();
                 return false;
             }
         }
diff --git a/tests/unit/RoleTest.php b/tests/unit/RoleTest.php
@@ -40,6 +40,16 @@ public function testOutputFromString(): void
         $this->assertEquals('123', $role->getIdentifier());
         $this->assertEquals('456', $role->getDimension());
 
+        $role = Role::parse('team:123/project-456-owner');
+        $this->assertEquals('team', $role->getRole());
+        $this->assertEquals('123', $role->getIdentifier());
+        $this->assertEquals('project-456-owner', $role->getDimension());
+
+        $role = Role::parse('team:123/project-456');
+        $this->assertEquals('team', $role->getRole());
+        $this->assertEquals('123', $role->getIdentifier());
+        $this->assertEquals('project-456', $role->getDimension());
+
         $role = Role::parse('user:123/verified');
         $this->assertEquals('user', $role->getRole());
         $this->assertEquals('123', $role->getIdentifier());
@@ -76,6 +86,12 @@ public function testInputFromParameters(): void
         $role = new Role('team', '123', '456');
         $this->assertEquals('team:123/456', $role->toString());
 
+        $role = new Role('team', '123', 'project-456-owner');
+        $this->assertEquals('team:123/project-456-owner', $role->toString());
+
+        $role = new Role('team', '123', 'project-456');
+        $this->assertEquals('team:123/project-456', $role->toString());
+
         $role = new Role('label', 'vip');
         $this->assertEquals('label:vip', $role->toString());
     }
@@ -100,6 +116,12 @@ public function testInputFromRoles(): void
         $role = Role::team(ID::custom('123'), '456');
         $this->assertEquals('team:123/456', $role->toString());
 
+        $role = Role::team(ID::custom('123'), 'project-456-owner');
+        $this->assertEquals('team:123/project-456-owner', $role->toString());
+
+        $role = Role::team(ID::custom('123'), 'project-456');
+        $this->assertEquals('team:123/project-456', $role->toString());
+
         $role = Role::label('vip');
         $this->assertEquals('label:vip', $role->toString());
     }
diff --git a/tests/unit/Validator/RolesTest.php b/tests/unit/Validator/RolesTest.php
@@ -3,6 +3,7 @@
 namespace Tests\Unit\Validator;
 
 use PHPUnit\Framework\TestCase;
+use Utopia\Database\Helpers\ID;
 use Utopia\Database\Helpers\Role;
 use Utopia\Database\Validator\Roles;
 
@@ -23,6 +24,12 @@ public function testValidRole(): void
     {
         $object = new Roles();
         $this->assertTrue($object->isValid([Role::users()->toString()]));
+        $this->assertTrue($object->isValid([Role::users(Roles::DIMENSION_VERIFIED)->toString()]));
+        $this->assertTrue($object->isValid([Role::users(Roles::DIMENSION_UNVERIFIED)->toString()]));
+        $this->assertTrue($object->isValid([Role::team(ID::custom('696f34ea003d48edab8e'))->toString()]));
+        $this->assertTrue($object->isValid([Role::team(ID::custom('696f34ea003d48edab8e'), 'project-696f34ea003d48edab8e-owner')->toString()]));
+        $this->assertTrue($object->isValid([Role::team(ID::custom('696f34ea003d48edab8e'), 'project-696f34ea003d48edab8e')->toString()]));
+        $this->assertTrue($object->isValid([Role::label('vip')->toString()]));
     }
 
     public function testNotAnArray(): void
