Add support for tablesdb in event generation and realtime channels#11404
Add support for tablesdb in event generation and realtime channels#11404
Conversation
📝 WalkthroughWalkthroughThis change adds database context awareness to event generation and realtime channel subscription logic. The Event class's Estimated code review effort🎯 3 (Moderate) | ⏱️ ~22 minutes 🚥 Pre-merge checks | ✅ 1 | ❌ 2❌ Failed checks (2 warnings)
✅ Passed checks (1 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing Touches
🧪 Generate unit tests (beta)
Tip Try Coding Plans. Let us write the prompt for your AI agent so you can ship faster (with fewer bugs). Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
Security Scan Results for PRDocker Image Scan Results
Source Code Scan Results🎉 No vulnerabilities found! |
✨ Benchmark results
⚡ Benchmark Comparison
|
There was a problem hiding this comment.
Actionable comments posted: 1
Caution
Some comments are outside the diff and can’t be posted inline due to platform limitations.
⚠️ Outside diff range comments (1)
src/Appwrite/Messaging/Adapter/Realtime.php (1)
533-535:⚠️ Potential issue | 🔴 CriticalFix row-security flag check for TablesDB table events.
Line 533 checks only
documentSecurity, but Table objects userowSecurity. When handling TablesDB table row events,$collection->getAttribute('documentSecurity', false)returns false (Table.php removes this attribute in favor ofrowSecurity), incorrectly skipping row-level read permissions from$payload->getRead(). Update the condition to check both flags or differentiate between Collection and Table objects.🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@src/Appwrite/Messaging/Adapter/Realtime.php` around lines 533 - 535, The current check uses $collection->getAttribute('documentSecurity', false) which misses TablesDB tables that use rowSecurity; update the condition in the Realtime handler (around $collection->getAttribute('documentSecurity', false)) to also check $collection->getAttribute('rowSecurity', false) (or OR the two flags) so that when either documentSecurity or rowSecurity is true you merge $collection->getRead() with $payload->getRead(); ensure the change still preserves the existing behavior for non-table collections.
🧹 Nitpick comments (2)
src/Appwrite/Event/Event.php (1)
537-539: Use a root-prefix check for database remapping.Line 537 currently uses
str_contains($pattern, 'databases.'). Considerstr_starts_with($pattern, 'databases.')to avoid remapping non-root patterns that merely contain that token.💡 Suggested refinement
- if ((str_contains($pattern, 'databases.') && $database && $database->getAttribute('type') !== 'legacy')) { + if ((str_starts_with($pattern, 'databases.') && $database && $database->getAttribute('type') !== 'legacy')) { $parsed = self::getDatabaseTypeEvents($database, $parsed); }🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@src/Appwrite/Event/Event.php` around lines 537 - 539, The conditional that decides to remap database events currently checks str_contains($pattern, 'databases.') which can match non-root patterns; update the check in Event:: (the if using $pattern and $database) to use str_starts_with($pattern, 'databases.') so only root-prefixed patterns trigger getDatabaseTypeEvents($database, $parsed); keep the rest of the condition and call to self::getDatabaseTypeEvents unchanged.tests/e2e/Services/Realtime/RealtimeCustomClientTest.php (1)
2674-2676: Asserttablesdb.*event names explicitly in this E2E case.At Line 2675 the test only validates the databases-prefixed compatibility event. Add a
tablesdb.{db}.tables.{table}.rows.{row}.createassertion so regressions in primary tablesdb event generation are caught directly.💡 Suggested assertion addition
// Primary event should still be present $this->assertContains("databases.{$databaseId}.tables.{$tableId}.rows.{$rowId}.create", $response['data']['events']); + $this->assertContains("tablesdb.{$databaseId}.tables.{$tableId}.rows.{$rowId}.create", $response['data']['events']); $this->assertNotEmpty($response['data']['payload']);🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@tests/e2e/Services/Realtime/RealtimeCustomClientTest.php` around lines 2674 - 2676, Add an explicit assertion for the tablesdb-prefixed primary event in the RealtimeCustomClientTest so regressions are caught: in the test method where $response, $databaseId, $tableId, and $rowId are used (around the existing assertions that check "databases.{$databaseId}.tables.{$tableId}.rows.{$rowId}.create" and $response['data']['payload']), add an assertContains for the string "tablesdb.{$databaseId}.tables.{$tableId}.rows.{$rowId}.create" against $response['data']['events'] to ensure the tablesdb.{db}.tables.{table}.rows.{row}.create event is present.
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Inline comments:
In `@src/Appwrite/Event/Event.php`:
- Around line 727-729: The return uses array_unique($events) which preserves
numeric keys and can produce sparse arrays that serialize to JSON objects;
change the return to reindex the result so JSON encodes as an array (e.g., wrap
array_unique($events) with array_values) in the method in Event.php that
currently returns array_unique($events) so downstream consumers like
EventProcessor and Functions workers receive a proper JSON array.
---
Outside diff comments:
In `@src/Appwrite/Messaging/Adapter/Realtime.php`:
- Around line 533-535: The current check uses
$collection->getAttribute('documentSecurity', false) which misses TablesDB
tables that use rowSecurity; update the condition in the Realtime handler
(around $collection->getAttribute('documentSecurity', false)) to also check
$collection->getAttribute('rowSecurity', false) (or OR the two flags) so that
when either documentSecurity or rowSecurity is true you merge
$collection->getRead() with $payload->getRead(); ensure the change still
preserves the existing behavior for non-table collections.
---
Nitpick comments:
In `@src/Appwrite/Event/Event.php`:
- Around line 537-539: The conditional that decides to remap database events
currently checks str_contains($pattern, 'databases.') which can match non-root
patterns; update the check in Event:: (the if using $pattern and $database) to
use str_starts_with($pattern, 'databases.') so only root-prefixed patterns
trigger getDatabaseTypeEvents($database, $parsed); keep the rest of the
condition and call to self::getDatabaseTypeEvents unchanged.
In `@tests/e2e/Services/Realtime/RealtimeCustomClientTest.php`:
- Around line 2674-2676: Add an explicit assertion for the tablesdb-prefixed
primary event in the RealtimeCustomClientTest so regressions are caught: in the
test method where $response, $databaseId, $tableId, and $rowId are used (around
the existing assertions that check
"databases.{$databaseId}.tables.{$tableId}.rows.{$rowId}.create" and
$response['data']['payload']), add an assertContains for the string
"tablesdb.{$databaseId}.tables.{$tableId}.rows.{$rowId}.create" against
$response['data']['events'] to ensure the
tablesdb.{db}.tables.{table}.rows.{row}.create event is present.
ℹ️ Review info
Configuration used: Path: .coderabbit.yaml
Review profile: CHILL
Plan: Pro
📒 Files selected for processing (4)
src/Appwrite/Event/Event.phpsrc/Appwrite/Event/Realtime.phpsrc/Appwrite/Messaging/Adapter/Realtime.phptests/e2e/Services/Realtime/RealtimeCustomClientTest.php
What does this PR do?
(Provide a description of what this PR does and why it's needed.)
Test Plan
(Write your test plan here. If you changed any code, please provide us with clear instructions on how you verified your changes work. Screenshots may also be helpful.)
Related PRs and Issues
Checklist