Added test case for no authorization exception when no change to upda…

…te Document
utopia-php · Jul 18, 2023 · 657cbc1 · 657cbc1
1 parent 1878678
commit 657cbc1
Show file tree

Hide file tree

Showing 2 changed files with 44 additions and 1 deletion.
diff --git a/src/Database/Database.php b/src/Database/Database.php
@@ -2791,8 +2791,8 @@ public function updateDocument(string $collection, string $id, Document $documen
         }
 
         $time = DateTime::now();
-
         $old = Authorization::skip(fn () => $this->silent(fn () => $this->getDocument($collection, $id))); // Skip ensures user does not need read permission for this
+
         $collection = $this->silent(fn () => $this->getCollection($collection));
 
         $validator = new Authorization(self::PERMISSION_UPDATE);
@@ -2801,7 +2801,9 @@ public function updateDocument(string $collection, string $id, Document $documen
             $documentSecurity = $collection->getAttribute('documentSecurity', false);
 
             $skipPermission = true;
+            //compare if the document any changes
             foreach ($document as $key=>$value) {
+                //skip the nested documents as they will be checked later in recursions.
                 if ($old->getAttribute($key) instanceof Document) {
                     continue;
                 }

diff --git a/tests/Database/Base.php b/tests/Database/Base.php
@@ -2739,6 +2739,47 @@ public function testWritePermissionsUpdateFailure(Document $document): Document
         return $document;
     }
 
+
+    /**
+     * @depends testCreateDocument
+     */
+    public function testNoChangeUpdateDocumentWithoutPermission(Document $document): Document
+    {
+        Authorization::cleanRoles();
+        Authorization::setRole(Role::any()->toString());
+
+
+        $document = static::getDatabase()->createDocument('documents', new Document([
+            'string' => 'text📝',
+            'integer' => 5,
+            'bigint' => 8589934592, // 2^33
+            'float' => 5.55,
+            'boolean' => true,
+            'colors' => ['pink', 'green', 'blue'],
+        ]));
+        Authorization::cleanRoles();
+        //no changes in document
+        $documentToUpdate = new Document([
+            '$id' => ID::custom($document->getId()),
+            'string' => 'text📝',
+            'integer' => 5,
+            'bigint' => 8589934592, // 2^33
+            'float' => 5.55,
+            'boolean' => true,
+            'colors' => ['pink', 'green', 'blue'],
+            '$collection' => 'documents',
+        ]);
+        $documentToUpdate->setAttribute('$createdAt', $document->getAttribute('$createdAt'));
+        $documentToUpdate->setAttribute('$updatedAt', $document->getAttribute('$updatedAt'));
+        $updatedDocument = static::getDatabase()->updateDocument('documents', $document->getId(), $documentToUpdate);
+
+
+        // Document should be updated without any problem and without any authorization exception as there is no change in document.
+        $this->assertEquals(true, $updatedDocument->getUpdatedAt() > $document->getUpdatedAt());
+
+        return $document;
+    }
+
     public function testExceptionAttributeLimit(): void
     {
         if ($this->getDatabase()->getLimitForAttributes() > 0) {