wieerwill/platform
1
0
Fork 0
mirror of https://github.com/hcengineering/platform.git synced 2025-05-30 20:28:20 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

UBER-887 Space security: allow system account see all spaces (#3722)

Browse Source 
Signed-off-by: Alexander Onnikov <alexander.onnikov@xored.com>
This commit is contained in:
Alexander Onnikov 2023-09-20 23:28:09 +07:00 committed by GitHub
parent 5c51f95c6f
commit 450cdec288
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 14 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
plugins/support-resources/src/support.ts
View File

@ -57,7 +57,7 @@ class SupportClientImpl implements SupportClient {
query.query( query.query(
support.class.SupportConversation, support.class.SupportConversation,
{ {
account: this.config.account._id createdBy: this.config.account._id
}, },
(res) => { (res) => {
this.hasUnreadMessages = res.some((p) => p.hasUnreadMessages) this.hasUnreadMessages = res.some((p) => p.hasUnreadMessages)

16
server/middleware/src/spaceSecurity.ts
View File

@ -43,7 +43,7 @@ import core, {
import platform, { PlatformError, Severity, Status } from '@hcengineering/platform' import platform, { PlatformError, Severity, Status } from '@hcengineering/platform'
import { BroadcastFunc, Middleware, SessionContext, TxMiddlewareResult } from '@hcengineering/server-core' import { BroadcastFunc, Middleware, SessionContext, TxMiddlewareResult } from '@hcengineering/server-core'
import { BaseMiddleware } from './base' import { BaseMiddleware } from './base'
import { getUser, isOwner, mergeTargets } from './utils' import { getUser, isOwner, isSystem, mergeTargets } from './utils'
/** /**
* @public * @public
@ -377,12 +377,14 @@ export class SpaceSecurityMiddleware extends BaseMiddleware implements Middlewar
const account = await getUser(this.storage, ctx) const account = await getUser(this.storage, ctx)
const field = this.getKey(_class) const field = this.getKey(_class)
if (!isOwner(account) || !this.storage.hierarchy.isDerived(_class, core.class.Space)) { if (!isSystem(account)) {
if (query[field] !== undefined) { if (!isOwner(account) || !this.storage.hierarchy.isDerived(_class, core.class.Space)) {
;(newQuery as any)[field] = await this.mergeQuery(account, query[field]) if (query[field] !== undefined) {
} else { ;(newQuery as any)[field] = await this.mergeQuery(account, query[field])
const spaces = await this.getAllAllowedSpaces(account) } else {
;(newQuery as any)[field] = { $in: spaces } const spaces = await this.getAllAllowedSpaces(account)
;(newQuery as any)[field] = { $in: spaces }
}
} }
} }
const findResult = await this.provideFindAll(ctx, _class, newQuery, options) const findResult = await this.provideFindAll(ctx, _class, newQuery, options)

4
server/middleware/src/utils.ts
View File

@ -54,3 +54,7 @@ export async function getUser (storage: ServerStorage, ctx: SessionContext): Pro
export function isOwner (account: Account): boolean { export function isOwner (account: Account): boolean {
return account.role === AccountRole.Owner || account._id === core.account.System return account.role === AccountRole.Owner || account._id === core.account.System
} }
export function isSystem (account: Account): boolean {
return account._id === core.account.System
}