Merge pull request #795 from utopia-php/ser-541-tag-4.5.2

Author: abnegate

src/Database/Validator/Roles.php

@@ -237,8 +237,15 @@ protected function isValidRole(
         string $identifier,
         string $dimension
     ): bool {
-        $key = new Key();
-        $label = new Label();
+        $identifierValidator = match ($role) {
+            self::ROLE_LABEL => new Label(),
+            default => new Key(),
+        };
+        /**
+         * For project-specific permissions, roles will be in the format `project-<projectId>-<role>`.
+         * Template takes 9 characters, `projectId` and `role` can be upto 36 characters. In total, 81 characters.
+         */
+        $dimensionValidator = new Key(maxLength: 81);
 
         $config = self::CONFIG[$role] ?? null;
 
@@ -264,14 +271,9 @@ protected function isValidRole(
         }
 
         // Allowed and has an invalid identifier
-        if ($allowed && !empty($identifier)) {
-            if ($role === self::ROLE_LABEL && !$label->isValid($identifier)) {
-                $this->message = 'Role "' . $role . '"' . ' identifier value is invalid: ' . $label->getDescription();
-                return false;
-            } elseif ($role !== self::ROLE_LABEL && !$key->isValid($identifier)) {
-                $this->message = 'Role "' . $role . '"' . ' identifier value is invalid: ' . $key->getDescription();
-                return false;
-            }
+        if ($allowed && !empty($identifier) && !$identifierValidator->isValid($identifier)) {
+            $this->message = 'Role "' . $role . '"' . ' identifier value is invalid: ' . $identifierValidator->getDescription();
+            return false;
         }
 
         // Process dimension configuration
@@ -300,8 +302,8 @@ protected function isValidRole(
                 return false;
             }
             // Allowed and dimension is not a valid key
-            if (!$key->isValid($dimension)) {
-                $this->message = 'Role "' . $role . '"' . ' dimension value is invalid: ' . $key->getDescription();
+            if (!$dimensionValidator->isValid($dimension)) {
+                $this->message = 'Role "' . $role . '"' . ' dimension value is invalid: ' . $dimensionValidator->getDescription();
                 return false;
             }
         }

tests/unit/RoleTest.php

@@ -40,6 +40,16 @@ public function testOutputFromString(): void
         $this->assertEquals('123', $role->getIdentifier());
         $this->assertEquals('456', $role->getDimension());
 
+        $role = Role::parse('team:123/project-456-owner');
+        $this->assertEquals('team', $role->getRole());
+        $this->assertEquals('123', $role->getIdentifier());
+        $this->assertEquals('project-456-owner', $role->getDimension());
+
+        $role = Role::parse('team:123/project-456');
+        $this->assertEquals('team', $role->getRole());
+        $this->assertEquals('123', $role->getIdentifier());
+        $this->assertEquals('project-456', $role->getDimension());
+
         $role = Role::parse('user:123/verified');
         $this->assertEquals('user', $role->getRole());
         $this->assertEquals('123', $role->getIdentifier());
@@ -76,6 +86,12 @@ public function testInputFromParameters(): void
         $role = new Role('team', '123', '456');
         $this->assertEquals('team:123/456', $role->toString());
 
+        $role = new Role('team', '123', 'project-456-owner');
+        $this->assertEquals('team:123/project-456-owner', $role->toString());
+
+        $role = new Role('team', '123', 'project-456');
+        $this->assertEquals('team:123/project-456', $role->toString());
+
         $role = new Role('label', 'vip');
         $this->assertEquals('label:vip', $role->toString());
     }
@@ -100,6 +116,12 @@ public function testInputFromRoles(): void
         $role = Role::team(ID::custom('123'), '456');
         $this->assertEquals('team:123/456', $role->toString());
 
+        $role = Role::team(ID::custom('123'), 'project-456-owner');
+        $this->assertEquals('team:123/project-456-owner', $role->toString());
+
+        $role = Role::team(ID::custom('123'), 'project-456');
+        $this->assertEquals('team:123/project-456', $role->toString());
+
         $role = Role::label('vip');
         $this->assertEquals('label:vip', $role->toString());
     }

tests/unit/Validator/PermissionsTest.php

@@ -289,8 +289,12 @@ public function testInvalidPermissions(): void
         $this->assertEquals('Only one dimension can be provided', $object->getDescription());
         $this->assertFalse($object->isValid([Permission::read(Role::team(ID::custom('ab&cd3'), 'efgh'))]));
         $this->assertEquals('Role "team" identifier value is invalid: Parameter must contain at most 36 chars. Valid chars are a-z, A-Z, 0-9, period, hyphen, and underscore. Can\'t start with a special char', $object->getDescription());
+        $this->assertFalse($object->isValid([Permission::read(Role::team(ID::custom(str_repeat('a', 37)), 'efgh'))]));
+        $this->assertEquals('Role "team" identifier value is invalid: Parameter must contain at most 36 chars. Valid chars are a-z, A-Z, 0-9, period, hyphen, and underscore. Can\'t start with a special char', $object->getDescription());
         $this->assertFalse($object->isValid([Permission::read(Role::team(ID::custom('abcd'), 'ef*gh'))]));
-        $this->assertEquals('Role "team" dimension value is invalid: Parameter must contain at most 36 chars. Valid chars are a-z, A-Z, 0-9, period, hyphen, and underscore. Can\'t start with a special char', $object->getDescription());
+        $this->assertEquals('Role "team" dimension value is invalid: Parameter must contain at most 81 chars. Valid chars are a-z, A-Z, 0-9, period, hyphen, and underscore. Can\'t start with a special char', $object->getDescription());
+        $this->assertFalse($object->isValid([Permission::read(Role::team(ID::custom('abcd'), str_repeat('a', 82)))]));
+        $this->assertEquals('Role "team" dimension value is invalid: Parameter must contain at most 81 chars. Valid chars are a-z, A-Z, 0-9, period, hyphen, and underscore. Can\'t start with a special char', $object->getDescription());
 
         // Permission-list length must be valid
         $object = new Permissions(100);

tests/unit/Validator/RolesTest.php

@@ -3,6 +3,7 @@
 namespace Tests\Unit\Validator;
 
 use PHPUnit\Framework\TestCase;
+use Utopia\Database\Helpers\ID;
 use Utopia\Database\Helpers\Role;
 use Utopia\Database\Validator\Roles;
 
@@ -23,6 +24,12 @@ public function testValidRole(): void
     {
         $object = new Roles();
         $this->assertTrue($object->isValid([Role::users()->toString()]));
+        $this->assertTrue($object->isValid([Role::users(Roles::DIMENSION_VERIFIED)->toString()]));
+        $this->assertTrue($object->isValid([Role::users(Roles::DIMENSION_UNVERIFIED)->toString()]));
+        $this->assertTrue($object->isValid([Role::team(ID::custom('696f34ea003d48edab8e'))->toString()]));
+        $this->assertTrue($object->isValid([Role::team(ID::custom('696f34ea003d48edab8e'), 'project-696f34ea003d48edab8e-owner')->toString()]));
+        $this->assertTrue($object->isValid([Role::team(ID::custom('696f34ea003d48edab8e'), 'project-696f34ea003d48edab8e')->toString()]));
+        $this->assertTrue($object->isValid([Role::label('vip')->toString()]));
     }
 
     public function testNotAnArray(): void