hcengineering/platform
1
0
Fork 0
mirror of https://github.com/hcengineering/platform.git synced 2024-11-22 21:50:34 +03:00
Code Issues Actions 4 Packages Projects Releases Wiki Activity

Fix spotlight security leak (#5601)

Browse Source 
Signed-off-by: Denis Bykhov <bykhov.denis@gmail.com>
This commit is contained in:
Denis Bykhov 2024-05-15 20:40:20 +05:00 committed by GitHub
parent 249fd6b596
commit 2249425265
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 19 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
server/middleware/src/spaceSecurity.ts
View File

@ -545,7 +545,25 @@ export class SpaceSecurityMiddleware extends BaseMiddleware implements Middlewar
const newQuery = { ...query }
const account = await getUser(this.storage, ctx)
if (!isSystem(account)) {
newQuery.spaces = this.getAllAllowedSpaces(account, true)
const allSpaces = this.getAllAllowedSpaces(account, true)
if (query.classes !== undefined) {
const res = new Set<Ref<Space>>()
const passedDomains = new Set<string>()
for (const _class of query.classes) {
const domain = this.storage.hierarchy.getDomain(_class)
if (passedDomains.has(domain)) {
continue
}
passedDomains.add(domain)
const spaces = await this.filterByDomain(domain, allSpaces)
for (const space of spaces) {
res.add(space)
}
}
newQuery.spaces = [...res]
} else {
newQuery.spaces = allSpaces
}
}
const result = await this.provideSearchFulltext(ctx, newQuery, options)
return result