hcengineering/platform
1
0
Fork 0
mirror of https://github.com/hcengineering/platform.git synced 2025-01-05 10:29:51 +03:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

UBERF-7985: Fix private targets (#6439)

Browse Source 
Signed-off-by: Andrey Sobolev <haiodo@gmail.com>
This commit is contained in:
Andrey Sobolev 2024-08-29 16:47:29 +07:00 committed by GitHub
parent 63aa456011
commit 1667581b5f
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 21 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

32
server/middleware/src/private.ts
View File

@ -49,20 +49,30 @@ export class PrivateMiddleware extends BaseMiddleware implements Middleware {
return new PrivateMiddleware(storage, next) return new PrivateMiddleware(storage, next)
} }
async tx (ctx: SessionContext, tx: Tx): Promise<TxMiddlewareResult> { isTargetDomain (tx: Tx): boolean {
let target: string[] | undefined
if (TxProcessor.isExtendsCUD(tx._class)) { if (TxProcessor.isExtendsCUD(tx._class)) {
const txCUD = tx as TxCUD<Doc> const txCUD = tx as TxCUD<Doc>
const domain = this.storage.hierarchy.getDomain(txCUD.objectClass) const domain = this.storage.hierarchy.getDomain(txCUD.objectClass)
if (this.targetDomains.includes(domain)) { return this.targetDomains.includes(domain)
const account = (await getUser(this.storage, ctx))._id }
if (account !== tx.modifiedBy && account !== core.account.System) { return false
throw new PlatformError(new Status(Severity.ERROR, platform.status.Forbidden, {})) }
}
const modifiedByAccount = await this.storage.modelDb.findAll(core.class.Account, { _id: tx.modifiedBy }) async tx (ctx: SessionContext, tx: Tx): Promise<TxMiddlewareResult> {
target = [ctx.userEmail, systemAccountEmail] let target: string[] | undefined
if (modifiedByAccount.length > 0 && !target.includes(modifiedByAccount[0].email)) { if (this.isTargetDomain(tx)) {
target.push(modifiedByAccount[0].email) const account = (await getUser(this.storage, ctx))._id
if (account !== tx.modifiedBy && account !== core.account.System) {
throw new PlatformError(new Status(Severity.ERROR, platform.status.Forbidden, {}))
}
const modifiedByAccount = await this.storage.modelDb.findAll(core.class.Account, { _id: tx.modifiedBy })
target = [ctx.userEmail, systemAccountEmail]
if (modifiedByAccount.length > 0 && !target.includes(modifiedByAccount[0].email)) {
target.push(modifiedByAccount[0].email)
}
ctx.derived.targets.checkDomain = (tx) => {
if (this.isTargetDomain(tx)) {
return target
} }
} }
} }