wieerwill/platform
1
0
Fork 0
mirror of https://github.com/hcengineering/platform.git synced 2025-06-12 05:27:56 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

UBERF-7798: Space security for inbox

Browse Source 
Signed-off-by: Andrey Sobolev <haiodo@gmail.com>
This commit is contained in:
Andrey Sobolev 2024-08-04 22:09:56 +07:00
parent 7bf2a7c8d1
commit 16d87509be
No known key found for this signature in database
GPG Key ID: BD80F68D68D8F7F2
2 changed files with 9 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
server/middleware/package.json
View File

@ -41,6 +41,7 @@
"@hcengineering/platform": "^0.6.11",
"@hcengineering/server-core": "^0.6.1",
"@hcengineering/server-preference": "^0.6.0",
"@hcengineering/notification": "^0.6.23",
"fast-equals": "^5.0.1"
}
}

9
server/middleware/src/spaceSecurity.ts
View File

@ -49,6 +49,8 @@ import { Middleware, SessionContext, TxMiddlewareResult, type ServerStorage } fr
import { BaseMiddleware } from './base'
import { getUser, isOwner, isSystem } from './utils'
import notification from '@hcengineering/notification'
type SpaceWithMembers = Pick<Space, '_id' | 'members' | 'private' | '_class'>
/**
@ -513,7 +515,12 @@ export class SpaceSecurityMiddleware extends BaseMiddleware implements Middlewar
if (!isSystem(account) && account.role !== AccountRole.DocGuest && domain !== DOMAIN_MODEL) {
if (!isOwner(account, ctx) || !isSpace) {
if (query[field] !== undefined) {
if (
this.storage.hierarchy.isDerived(_class, notification.class.InboxNotification) ||
this.storage.hierarchy.isDerived(_class, notification.class.DocNotifyContext)
) {
;(query as any).user = account._id
} else if (query[field] !== undefined) {
const res = await this.mergeQuery(account, query[field], domain, isSpace)
;(newQuery as any)[field] = res
if (typeof res === 'object') {