hcengineering/platform
1
0
Fork 0
mirror of https://github.com/hcengineering/platform.git synced 2024-12-19 00:41:47 +03:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

Fix space security (#7278)
Some checks are pending
CI / build (push) Waiting to run
Details
CI / svelte-check (push) Blocked by required conditions
Details
CI / formatting (push) Blocked by required conditions
Details
CI / test (push) Blocked by required conditions
Details
CI / uitest (push) Waiting to run
Details
CI / uitest-pg (push) Waiting to run
Details
CI / uitest-qms (push) Waiting to run
Details
CI / docker-build (push) Blocked by required conditions
Details
CI / dist-build (push) Blocked by required conditions
Details

Browse Source 
Signed-off-by: Denis Bykhov <bykhov.denis@gmail.com>
This commit is contained in:
Denis Bykhov 2024-12-06 16:21:33 +05:00 committed by GitHub
parent 34daf3a7f5
commit f3b6682d1f
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 31 additions and 30 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

61
server/middleware/src/spaceSecurity.ts
View File

@ -118,30 +118,33 @@ export class SpaceSecurityMiddleware extends BaseMiddleware implements Middlewar
}
if (this.wasInit === false) {
this.wasInit = (async () => {
const spaces: SpaceWithMembers[] =
(await this.next?.findAll(
ctx,
core.class.Space,
{},
{
projection: {
private: 1,
_class: 1,
_id: 1,
members: 1
await ctx.with('init-space-security', {}, async (ctx) => {
ctx.contextData = undefined
const spaces: SpaceWithMembers[] =
(await this.next?.findAll(
ctx,
core.class.Space,
{},
{
projection: {
private: 1,
_class: 1,
_id: 1,
members: 1
}
}
)) ?? []
this.spacesMap.clear()
this.publicSpaces.clear()
this.systemSpaces.clear()
for (const space of spaces) {
if (space._class === core.class.SystemSpace) {
this.systemSpaces.add(space._id)
} else {
this.addSpace(space)
}
)) ?? []
this.spacesMap.clear()
this.publicSpaces.clear()
this.systemSpaces.clear()
for (const space of spaces) {
if (space._class === core.class.SystemSpace) {
this.systemSpaces.add(space._id)
} else {
this.addSpace(space)
}
}
})
})()
}
if (this.wasInit instanceof Promise) {
@ -559,7 +562,7 @@ export class SpaceSecurityMiddleware extends BaseMiddleware implements Middlewar
if (options?.lookup !== undefined) {
for (const object of findResult) {
if (object.$lookup !== undefined) {
await this.filterLookup(ctx, object.$lookup)
this.filterLookup(ctx, object.$lookup)
}
}
}
@ -600,25 +603,23 @@ export class SpaceSecurityMiddleware extends BaseMiddleware implements Middlewar
return result
}
async isUnavailable (ctx: MeasureContext<SessionData>, space: Ref<Space>): Promise<boolean> {
filterLookup<T extends Doc>(ctx: MeasureContext, lookup: LookupData<T>): void {
if (Object.keys(lookup).length === 0) return
const account = ctx.contextData.account
if (isSystem(account, ctx)) return false
return !this.getAllAllowedSpaces(account, true).includes(space)
}
async filterLookup<T extends Doc>(ctx: MeasureContext, lookup: LookupData<T>): Promise<void> {
if (isSystem(account, ctx)) return
const allowedSpaces = this.getAllAllowedSpaces(account, true)
for (const key in lookup) {
const val = lookup[key]
if (Array.isArray(val)) {
const arr: AttachedDoc[] = []
for (const value of val) {
if (!(await this.isUnavailable(ctx, value.space))) {
if (allowedSpaces.includes(value.space)) {
arr.push(value)
}
}
lookup[key] = arr as any
} else if (val !== undefined) {
if (await this.isUnavailable(ctx, val.space)) {
if (!allowedSpaces.includes(val.space)) {
lookup[key] = undefined
}
}