Feat: Make authorization per-instance

src/Database/Adapter.php

@@ -4,6 +4,7 @@
 
 use Exception;
 use Utopia\Database\Exception as DatabaseException;
+use Utopia\Database\Validator\Authorization;
 
 abstract class Adapter
 {
@@ -24,6 +25,23 @@ abstract class Adapter
 
     protected static ?int $timeout = null;
 
+    /**
+     * @var Authorization
+     */
+    protected Authorization $authorization;
+
+    /**
+     * @param Authorization $authorization
+     *
+     * @return $this
+     */
+    public function setAuthorization(Authorization $authorization): self
+    {
+        $this->authorization = $authorization;
+
+        return $this;
+    }
+
     /**
      * @param string $key
      * @param mixed $value

src/Database/Adapter/MariaDB.php

@@ -11,7 +11,6 @@
 use Utopia\Database\Exception\Duplicate;
 use Utopia\Database\Exception\Timeout;
 use Utopia\Database\Query;
-use Utopia\Database\Validator\Authorization;
 
 class MariaDB extends SQL
 {
@@ -953,7 +952,7 @@ public function deleteDocument(string $collection, string $id): bool
     public function find(string $collection, array $queries = [], ?int $limit = 25, ?int $offset = null, array $orderAttributes = [], array $orderTypes = [], array $cursor = [], string $cursorDirection = Database::CURSOR_AFTER, ?int $timeout = null): array
     {
         $name = $this->filter($collection);
-        $roles = Authorization::getRoles();
+        $roles = $this->authorization->getRoles();
         $where = [];
         $orders = [];
 
@@ -1039,7 +1038,7 @@ public function find(string $collection, array $queries = [], ?int $limit = 25,
         }
 
 
-        if (Authorization::$status) {
+        if ($this->authorization->status) {
             $where[] = $this->getSQLPermissionsCondition($name, $roles);
         }
 
@@ -1144,15 +1143,15 @@ public function find(string $collection, array $queries = [], ?int $limit = 25,
     public function count(string $collection, array $queries = [], ?int $max = null, ?int $timeout = null): int
     {
         $name = $this->filter($collection);
-        $roles = Authorization::getRoles();
+        $roles = $this->authorization->getRoles();
         $where = [];
         $limit = \is_null($max) ? '' : 'LIMIT :max';
 
         foreach ($queries as $query) {
             $where[] = $this->getSQLCondition($query);
         }
 
-        if (Authorization::$status) {
+        if ($this->authorization->status) {
             $where[] = $this->getSQLPermissionsCondition($name, $roles);
         }
 
@@ -1200,15 +1199,15 @@ public function count(string $collection, array $queries = [], ?int $max = null,
     public function sum(string $collection, string $attribute, array $queries = [], ?int $max = null, ?int $timeout = null): int|float
     {
         $name = $this->filter($collection);
-        $roles = Authorization::getRoles();
+        $roles = $this->authorization->getRoles();
         $where = [];
         $limit = \is_null($max) ? '' : 'LIMIT :max';
 
         foreach ($queries as $query) {
             $where[] = $this->getSQLCondition($query);
         }
 
-        if (Authorization::$status) {
+        if ($this->authorization->status) {
             $where[] = $this->getSQLPermissionsCondition($name, $roles);
         }
 

src/Database/Adapter/Mongo.php

@@ -825,8 +825,8 @@ public function find(string $collection, array $queries = [], ?int $limit = 25,
         $filters = $this->buildFilters($queries);
 
         // permissions
-        if (Authorization::$status) { // skip if authorization is disabled
-            $roles = \implode('|', Authorization::getRoles());
+        if ($this->authorization->status) { // skip if authorization is disabled
+            $roles = \implode('|', $this->authorization->getRoles());
             $filters['_permissions']['$in'] = [new Regex("read\(\".*(?:{$roles}).*\"\)", 'i')];
         }
 
@@ -1096,8 +1096,8 @@ public function count(string $collection, array $queries = [], ?int $max = null,
         $filters = $this->buildFilters($queries);
 
         // permissions
-        if (Authorization::$status) { // skip if authorization is disabled
-            $roles = \implode('|', Authorization::getRoles());
+        if ($this->authorization->status) { // skip if authorization is disabled
+            $roles = \implode('|', $this->authorization->getRoles());
             $filters['_permissions']['$in'] = [new Regex("read\(\".*(?:{$roles}).*\"\)", 'i')];
         }
 
@@ -1129,8 +1129,8 @@ public function sum(string $collection, string $attribute, array $queries = [],
         $filters = $this->buildFilters($queries);
 
         // permissions
-        if (Authorization::$status) { // skip if authorization is disabled
-            $roles = \implode('|', Authorization::getRoles());
+        if ($this->authorization->status) { // skip if authorization is disabled
+            $roles = \implode('|', $this->authorization->getRoles());
             $filters['_permissions']['$in'] = [new Regex("read\(\".*(?:{$roles}).*\"\)", 'i')];
         }
 

src/Database/Adapter/Postgres.php

@@ -966,7 +966,7 @@ public function deleteDocument(string $collection, string $id): bool
     public function find(string $collection, array $queries = [], ?int $limit = 25, ?int $offset = null, array $orderAttributes = [], array $orderTypes = [], array $cursor = [], string $cursorDirection = Database::CURSOR_AFTER, ?int $timeout = null): array
     {
         $name = $this->filter($collection);
-        $roles = Authorization::getRoles();
+        $roles = $this->authorization->getRoles();
         $where = [];
         $orders = [];
 
@@ -1046,7 +1046,7 @@ public function find(string $collection, array $queries = [], ?int $limit = 25,
         }
 
 
-        if (Authorization::$status) {
+        if ($this->authorization->status) {
             $where[] = $this->getSQLPermissionsCondition($name, $roles);
         }
 
@@ -1151,15 +1151,15 @@ public function find(string $collection, array $queries = [], ?int $limit = 25,
     public function count(string $collection, array $queries = [], ?int $max = null, ?int $timeout = null): int
     {
         $name = $this->filter($collection);
-        $roles = Authorization::getRoles();
+        $roles = $this->authorization->getRoles();
         $where = [];
         $limit = \is_null($max) ? '' : 'LIMIT :max';
 
         foreach ($queries as $query) {
             $where[] = $this->getSQLCondition($query);
         }
 
-        if (Authorization::$status) {
+        if ($this->authorization->status) {
             $where[] = $this->getSQLPermissionsCondition($name, $roles);
         }
 
@@ -1209,17 +1209,17 @@ public function count(string $collection, array $queries = [], ?int $max = null,
     public function sum(string $collection, string $attribute, array $queries = [], ?int $max = null, ?int $timeout = null): int|float
     {
         $name = $this->filter($collection);
-        $roles = Authorization::getRoles();
+        $roles = $this->authorization->getRoles();
         $where = [];
         $limit = \is_null($max) ? '' : 'LIMIT :max';
 
-        $permissions = (Authorization::$status) ? $this->getSQLPermissionsCondition($collection, $roles) : '1=1'; // Disable join when no authorization required
+        $permissions = ($this->authorization->status) ? $this->getSQLPermissionsCondition($collection, $roles) : '1=1'; // Disable join when no authorization required
 
         foreach ($queries as $query) {
             $where[] = $this->getSQLCondition($query);
         }
 
-        if (Authorization::$status) {
+        if ($this->authorization->status) {
             $where[] = $this->getSQLPermissionsCondition($name, $roles);
         }