hcengineering/platform
1
0
Fork 0
mirror of https://github.com/hcengineering/platform.git synced 2024-12-19 00:41:47 +03:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

Fix space security (#7278)
Some checks are pending
CI / build (push) Waiting to run
Details
CI / svelte-check (push) Blocked by required conditions
Details
CI / formatting (push) Blocked by required conditions
Details
CI / test (push) Blocked by required conditions
Details
CI / uitest (push) Waiting to run
Details
CI / uitest-pg (push) Waiting to run
Details
CI / uitest-qms (push) Waiting to run
Details
CI / docker-build (push) Blocked by required conditions
Details
CI / dist-build (push) Blocked by required conditions
Details

Browse Source 
Signed-off-by: Denis Bykhov <bykhov.denis@gmail.com>
This commit is contained in:
Denis Bykhov 2024-12-06 16:21:33 +05:00 committed by GitHub
parent 34daf3a7f5
commit f3b6682d1f
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 31 additions and 30 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
server/middleware/src/spaceSecurity.ts
View File

@ -118,6 +118,8 @@ export class SpaceSecurityMiddleware extends BaseMiddleware implements Middlewar
} }
if (this.wasInit === false) { if (this.wasInit === false) {
this.wasInit = (async () => { this.wasInit = (async () => {
await ctx.with('init-space-security', {}, async (ctx) => {
ctx.contextData = undefined
const spaces: SpaceWithMembers[] = const spaces: SpaceWithMembers[] =
(await this.next?.findAll( (await this.next?.findAll(
ctx, ctx,
@ -142,6 +144,7 @@ export class SpaceSecurityMiddleware extends BaseMiddleware implements Middlewar
this.addSpace(space) this.addSpace(space)
} }
} }
})
})() })()
} }
if (this.wasInit instanceof Promise) { if (this.wasInit instanceof Promise) {
@ -559,7 +562,7 @@ export class SpaceSecurityMiddleware extends BaseMiddleware implements Middlewar
if (options?.lookup !== undefined) { if (options?.lookup !== undefined) {
for (const object of findResult) { for (const object of findResult) {
if (object.$lookup !== undefined) { if (object.$lookup !== undefined) {
await this.filterLookup(ctx, object.$lookup) this.filterLookup(ctx, object.$lookup)
} }
} }
} }
@ -600,25 +603,23 @@ export class SpaceSecurityMiddleware extends BaseMiddleware implements Middlewar
return result return result
} }
async isUnavailable (ctx: MeasureContext<SessionData>, space: Ref<Space>): Promise<boolean> { filterLookup<T extends Doc>(ctx: MeasureContext, lookup: LookupData<T>): void {
if (Object.keys(lookup).length === 0) return
const account = ctx.contextData.account const account = ctx.contextData.account
if (isSystem(account, ctx)) return false if (isSystem(account, ctx)) return
return !this.getAllAllowedSpaces(account, true).includes(space) const allowedSpaces = this.getAllAllowedSpaces(account, true)
}
async filterLookup<T extends Doc>(ctx: MeasureContext, lookup: LookupData<T>): Promise<void> {
for (const key in lookup) { for (const key in lookup) {
const val = lookup[key] const val = lookup[key]
if (Array.isArray(val)) { if (Array.isArray(val)) {
const arr: AttachedDoc[] = [] const arr: AttachedDoc[] = []
for (const value of val) { for (const value of val) {
if (!(await this.isUnavailable(ctx, value.space))) { if (allowedSpaces.includes(value.space)) {
arr.push(value) arr.push(value)
} }
} }
lookup[key] = arr as any lookup[key] = arr as any
} else if (val !== undefined) { } else if (val !== undefined) {
if (await this.isUnavailable(ctx, val.space)) { if (!allowedSpaces.includes(val.space)) {
lookup[key] = undefined lookup[key] = undefined
} }
} }