wieerwill/platform
1
0
Fork 0
mirror of https://github.com/hcengineering/platform.git synced 2025-04-15 21:03:30 +00:00
Code Issues Actions 5 Packages Projects Releases Wiki Activity

UBER-852: Owner should only see a list of spaces (#3677)

Browse Source 
Signed-off-by: Andrey Sobolev <haiodo@gmail.com>
This commit is contained in:
Andrey Sobolev 2023-09-11 18:47:23 +07:00 committed by GitHub
parent f281fa1149
commit 1246b5a924
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
server/middleware/src/spaceSecurity.ts
View File

@ -376,7 +376,8 @@ export class SpaceSecurityMiddleware extends BaseMiddleware implements Middlewar
const newQuery = query
const account = await getUser(this.storage, ctx)
const field = this.getKey(_class)
if (!isOwner(account)) {
if (!isOwner(account) || !this.storage.hierarchy.isDerived(_class, core.class.Space)) {
if (query[field] !== undefined) {
;(newQuery as any)[field] = await this.mergeQuery(account, query[field])
} else {