wieerwill/platform
1
0
Fork 0
mirror of https://github.com/hcengineering/platform.git synced 2025-05-29 19:56:18 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

UBER-887 Space security: allow system account see all spaces (#3722)

Browse Source 
Signed-off-by: Alexander Onnikov <alexander.onnikov@xored.com>
This commit is contained in:
Alexander Onnikov 2023-09-20 23:28:09 +07:00 committed by GitHub
parent 5c51f95c6f
commit 450cdec288
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 14 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
plugins/support-resources/src/support.ts
View File

@ -57,7 +57,7 @@ class SupportClientImpl implements SupportClient {
query.query(
support.class.SupportConversation,
{
account: this.config.account._id
createdBy: this.config.account._id
},
(res) => {
this.hasUnreadMessages = res.some((p) => p.hasUnreadMessages)

16
server/middleware/src/spaceSecurity.ts
View File

@ -43,7 +43,7 @@ import core, {
import platform, { PlatformError, Severity, Status } from '@hcengineering/platform'
import { BroadcastFunc, Middleware, SessionContext, TxMiddlewareResult } from '@hcengineering/server-core'
import { BaseMiddleware } from './base'
import { getUser, isOwner, mergeTargets } from './utils'
import { getUser, isOwner, isSystem, mergeTargets } from './utils'
/**
* @public
@ -377,12 +377,14 @@ export class SpaceSecurityMiddleware extends BaseMiddleware implements Middlewar
const account = await getUser(this.storage, ctx)
const field = this.getKey(_class)
if (!isOwner(account) || !this.storage.hierarchy.isDerived(_class, core.class.Space)) {
if (query[field] !== undefined) {
;(newQuery as any)[field] = await this.mergeQuery(account, query[field])
} else {
const spaces = await this.getAllAllowedSpaces(account)
;(newQuery as any)[field] = { $in: spaces }
if (!isSystem(account)) {
if (!isOwner(account) || !this.storage.hierarchy.isDerived(_class, core.class.Space)) {
if (query[field] !== undefined) {
;(newQuery as any)[field] = await this.mergeQuery(account, query[field])
} else {
const spaces = await this.getAllAllowedSpaces(account)
;(newQuery as any)[field] = { $in: spaces }
}
}
}
const findResult = await this.provideFindAll(ctx, _class, newQuery, options)

4
server/middleware/src/utils.ts
View File

@ -54,3 +54,7 @@ export async function getUser (storage: ServerStorage, ctx: SessionContext): Pro
export function isOwner (account: Account): boolean {
return account.role === AccountRole.Owner || account._id === core.account.System
}
export function isSystem (account: Account): boolean {
return account._id === core.account.System
}