hcengineering/platform
1
0
Fork 0
mirror of https://github.com/hcengineering/platform.git synced 2024-12-22 19:11:33 +03:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

Fix space security (#2868)

Browse Source 
Signed-off-by: Denis Bykhov <bykhov.denis@gmail.com>
This commit is contained in:
Denis Bykhov 2023-03-31 22:54:18 +06:00 committed by GitHub
parent 0a91451c7c
commit f0b1676135
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 46 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

44
plugins/tracker-resources/src/components/projects/CreateProject.svelte
View File

@ -15,7 +15,7 @@
<script lang="ts"> <script lang="ts">
import { Employee } from '@hcengineering/contact' import { Employee } from '@hcengineering/contact'
import { AccountArrayEditor } from '@hcengineering/contact-resources' import { AccountArrayEditor } from '@hcengineering/contact-resources'
import core, { Account, generateId, getCurrentAccount, Ref, SortingOrder } from '@hcengineering/core' import core, { Account, DocumentUpdate, generateId, getCurrentAccount, Ref, SortingOrder } from '@hcengineering/core'
import { Asset } from '@hcengineering/platform' import { Asset } from '@hcengineering/platform'
import presentation, { Card, getClient } from '@hcengineering/presentation' import presentation, { Card, getClient } from '@hcengineering/presentation'
import { AssigneeBox } from '@hcengineering/contact-resources' import { AssigneeBox } from '@hcengineering/contact-resources'
@ -29,17 +29,20 @@
export let project: Project | undefined = undefined export let project: Project | undefined = undefined
const client = getClient()
const hierarchy = client.getHierarchy()
let name: string = project?.name ?? '' let name: string = project?.name ?? ''
let description: string = project?.description ?? '' let description: string = project?.description ?? ''
let isPrivate: boolean = project?.private ?? false let isPrivate: boolean = project?.private ?? false
let icon: Asset | undefined = project?.icon ?? undefined let icon: Asset | undefined = project?.icon ?? undefined
let selectedWorkDayType: TimeReportDayType | undefined = let selectedWorkDayType: TimeReportDayType | undefined =
project?.defaultTimeReportDay ?? TimeReportDayType.PreviousWorkDay project?.defaultTimeReportDay ?? TimeReportDayType.PreviousWorkDay
let defaultAssignee: Ref<Employee> | null | undefined = null let defaultAssignee: Ref<Employee> | null | undefined = project?.defaultAssignee ?? null
let members: Ref<Account>[] = project?.members ?? [getCurrentAccount()._id] let members: Ref<Account>[] =
project?.members !== undefined ? hierarchy.clone(project.members) : [getCurrentAccount()._id]
const dispatch = createEventDispatcher() const dispatch = createEventDispatcher()
const client = getClient()
$: isNew = !project $: isNew = !project
@ -70,7 +73,38 @@
async function updateProject () { async function updateProject () {
const { sequence, issueStatuses, defaultIssueStatus, identifier, ...projectData } = getProjectData() const { sequence, issueStatuses, defaultIssueStatus, identifier, ...projectData } = getProjectData()
await client.update(project!, projectData) const update: DocumentUpdate<Project> = {}
if (projectData.name !== project?.name) {
update.name = projectData.name
}
if (projectData.description !== project?.description) {
update.description = projectData.description
}
if (projectData.private !== project?.private) {
update.private = projectData.private
}
if (projectData.defaultAssignee !== project?.defaultAssignee) {
update.defaultAssignee = projectData.defaultAssignee
}
if (projectData.icon !== project?.icon) {
update.icon = projectData.icon
}
if (projectData.defaultTimeReportDay !== project?.defaultTimeReportDay) {
update.defaultTimeReportDay = projectData.defaultTimeReportDay
}
if (projectData.members.length !== project?.members.length) {
update.members = projectData.members
} else {
for (const member of projectData.members) {
if (project.members.findIndex((p) => p === member) === -1) {
update.members = projectData.members
break
}
}
}
if (Object.keys(update).length > 0) {
await client.update(project!, update)
}
} }
async function createProject () { async function createProject () {

14
server/middleware/src/spaceSecurity.ts
View File

@ -148,17 +148,17 @@ export class SpaceSecurityMiddleware extends BaseMiddleware implements Middlewar
} }
} }
private syncMembers (members: Ref<Account>[], space: Ref<Space>): void { private syncMembers (members: Ref<Account>[], space: Space): void {
const oldMembers = new Set(members) const oldMembers = new Set(space.members)
const newMembers = new Set(members) const newMembers = new Set(members)
for (const old of oldMembers) { for (const old of oldMembers) {
if (!oldMembers.has(old)) { if (!newMembers.has(old)) {
this.removeMemberSpace(old, space) this.removeMemberSpace(old, space._id)
} }
} }
for (const newMem of newMembers) { for (const newMem of newMembers) {
if (!newMembers.has(newMem)) { if (!oldMembers.has(newMem)) {
this.addMemberSpace(newMem, space) this.addMemberSpace(newMem, space._id)
} }
} }
} }
@ -191,7 +191,7 @@ export class SpaceSecurityMiddleware extends BaseMiddleware implements Middlewar
let space = this.privateSpaces[updateDoc.objectId] let space = this.privateSpaces[updateDoc.objectId]
if (space !== undefined) { if (space !== undefined) {
if (updateDoc.operations.members !== undefined) { if (updateDoc.operations.members !== undefined) {
this.syncMembers(updateDoc.operations.members, space._id) this.syncMembers(updateDoc.operations.members, space)
} }
if (updateDoc.operations.$push?.members !== undefined) { if (updateDoc.operations.$push?.members !== undefined) {
this.pushMembersHandle(updateDoc.operations.$push.members, space._id) this.pushMembersHandle(updateDoc.operations.$push.members, space._id)