wieerwill/platform
1
0
Fork 0
mirror of https://github.com/hcengineering/platform.git synced 2025-04-08 00:52:30 +00:00
Code Issues Actions 5 Packages Projects Releases Wiki Activity

UBERF-8455: Fix admin users (#6909)

Browse Source 
Signed-off-by: Andrey Sobolev <haiodo@gmail.com>
This commit is contained in:
Andrey Sobolev 2024-10-13 23:59:38 +07:00 committed by Andrey Sobolev
parent 0d0c410b86
commit 8e840c7d3c
No known key found for this signature in database
GPG Key ID: BD80F68D68D8F7F2
6 changed files with 40 additions and 29 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
models/tracker/src/viewlets.ts
View File

@ -528,7 +528,13 @@ export function defineViewlets (builder: Builder): void {
hiddenKeys: ['identifier', 'name', 'description'] hiddenKeys: ['identifier', 'name', 'description']
}, },
config: [ config: [
'', {
key: '',
presenter: tracker.component.ProjectPresenter,
props: {
openIssues: true
}
},
'members', 'members',
{ {
key: 'defaultAssignee', key: 'defaultAssignee',

13
plugins/tracker-resources/src/components/projects/ProjectPresenter.svelte
View File

@ -13,7 +13,7 @@
// limitations under the License. // limitations under the License.
--> -->
<script lang="ts"> <script lang="ts">
import presentation from '@hcengineering/presentation' import presentation, { isAdminUser } from '@hcengineering/presentation'
import { Project } from '@hcengineering/tracker' import { Project } from '@hcengineering/tracker'
import { import {
Icon, Icon,
@ -24,12 +24,15 @@
themeStore themeStore
} from '@hcengineering/ui' } from '@hcengineering/ui'
import view from '@hcengineering/view' import view from '@hcengineering/view'
import { NavLink } from '@hcengineering/view-resources'
import tracker from '../../plugin' import tracker from '../../plugin'
import { getCurrentAccount } from '@hcengineering/core'
export let value: Project | undefined export let value: Project | undefined
export let inline: boolean = false export let inline: boolean = false
export let accent: boolean = false export let accent: boolean = false
export let colorInherit: boolean = false export let colorInherit: boolean = false
export let openIssues: boolean
</script> </script>
{#if value} {#if value}
@ -49,7 +52,13 @@
/> />
</div> </div>
<span class="label no-underline nowrap" class:fs-bold={accent}> <span class="label no-underline nowrap" class:fs-bold={accent}>
{value.name} {#if openIssues && (isAdminUser() || value.members.includes(getCurrentAccount()._id))}
<NavLink space={value._id} special={'issues'} noUnderline={false}>
{value.name}
</NavLink>
{:else}
{value.name}
{/if}
{#if value.archived} {#if value.archived}
<Label label={presentation.string.Archived} /> <Label label={presentation.string.Archived} />
{/if} {/if}

3
plugins/view-resources/src/components/navigator/NavLink.svelte
View File

@ -22,6 +22,7 @@
export let disabled = false export let disabled = false
export let shrink: number | undefined = undefined export let shrink: number | undefined = undefined
export let restoreLastLocation = false export let restoreLastLocation = false
export let noUnderline = true
$: loc = createLocation($location, app, space, special) $: loc = createLocation($location, app, space, special)
@ -76,7 +77,7 @@
{#if disabled} {#if disabled}
<slot /> <slot />
{:else} {:else}
<a class="noUnderline noBold" style:flex-shrink={shrink} {href} on:click={clickHandler}> <a class:noUnderline class="noBold" style:flex-shrink={shrink} {href} on:click={clickHandler}>
<slot /> <slot />
</a> </a>
{/if} {/if}

16
plugins/workbench-resources/src/components/Navigator.svelte
View File

@ -16,7 +16,7 @@
import core, { Doc, Ref, SortingOrder, Space, getCurrentAccount, hasAccountRole } from '@hcengineering/core' import core, { Doc, Ref, SortingOrder, Space, getCurrentAccount, hasAccountRole } from '@hcengineering/core'
import { getResource } from '@hcengineering/platform' import { getResource } from '@hcengineering/platform'
import preference, { SpacePreference } from '@hcengineering/preference' import preference, { SpacePreference } from '@hcengineering/preference'
import { createQuery, getClient } from '@hcengineering/presentation' import { createQuery, getClient, isAdminUser } from '@hcengineering/presentation'
import { Scroller, NavItem } from '@hcengineering/ui' import { Scroller, NavItem } from '@hcengineering/ui'
import { NavLink } from '@hcengineering/view-resources' import { NavLink } from '@hcengineering/view-resources'
import type { Application, NavigatorModel, SpecialNavModel } from '@hcengineering/workbench' import type { Application, NavigatorModel, SpecialNavModel } from '@hcengineering/workbench'
@ -40,6 +40,8 @@
let starred: Space[] = [] let starred: Space[] = []
let shownSpaces: Space[] = [] let shownSpaces: Space[] = []
const adminUser = isAdminUser()
$: if (model) { $: if (model) {
const classes = Array.from(new Set(getSpecialSpaceClass(model).flatMap((c) => hierarchy.getDescendants(c)))).filter( const classes = Array.from(new Set(getSpecialSpaceClass(model).flatMap((c) => hierarchy.getDescendants(c)))).filter(
(it) => !hierarchy.isMixin(it) (it) => !hierarchy.isMixin(it)
@ -47,10 +49,12 @@
if (classes.length > 0) { if (classes.length > 0) {
query.query( query.query(
classes.length === 1 ? classes[0] : core.class.Space, classes.length === 1 ? classes[0] : core.class.Space,
{ !adminUser
...(classes.length === 1 ? {} : { _class: { $in: classes } }), ? {
members: getCurrentAccount()._id ...(classes.length === 1 ? {} : { _class: { $in: classes } }),
}, members: getCurrentAccount()._id
}
: { ...(classes.length === 1 ? {} : { _class: { $in: classes } }) },
(result) => { (result) => {
spaces = result spaces = result
}, },
@ -187,7 +191,7 @@
/> />
{/if} {/if}
{#each model.spaces as m, i (m.label)} {#each model.spaces as m (m.label)}
<SpacesNav <SpacesNav
spaces={shownSpaces.filter((it) => hierarchy.isDerived(it._class, m.spaceClass))} spaces={shownSpaces.filter((it) => hierarchy.isDerived(it._class, m.spaceClass))}
{currentSpace} {currentSpace}

25
server/middleware/src/spaceSecurity.ts
View File

@ -503,17 +503,14 @@ export class SpaceSecurityMiddleware extends BaseMiddleware implements Middlewar
const isSpace = this.context.hierarchy.isDerived(_class, core.class.Space) const isSpace = this.context.hierarchy.isDerived(_class, core.class.Space)
const field = this.getKey(domain) const field = this.getKey(domain)
if (
ctx.contextData.admin === true &&
this.context.hierarchy.isDerived(_class, core.class.Space) &&
(newQuery as DocumentQuery<Space>).members !== undefined
) {
delete (newQuery as any).members
}
let clientFilterSpaces: Set<Ref<Space>> | undefined let clientFilterSpaces: Set<Ref<Space>> | undefined
if (!this.skipFindCheck && !isSystem(account) && account.role !== AccountRole.DocGuest && domain !== DOMAIN_MODEL) { if (
!this.skipFindCheck &&
!isSystem(account, ctx) &&
account.role !== AccountRole.DocGuest &&
domain !== DOMAIN_MODEL
) {
if (!isOwner(account, ctx) || !isSpace) { if (!isOwner(account, ctx) || !isSpace) {
if (query[field] !== undefined) { if (query[field] !== undefined) {
const res = await this.mergeQuery(ctx, account, query[field], domain, isSpace) const res = await this.mergeQuery(ctx, account, query[field], domain, isSpace)
@ -566,12 +563,6 @@ export class SpaceSecurityMiddleware extends BaseMiddleware implements Middlewar
} }
} }
} }
if (ctx.contextData.admin === true && this.context.hierarchy.isDerived(_class, core.class.Space)) {
// We need to add amin to all spaces.
for (const d of findResult) {
;(d as unknown as Space).members = [...((d as unknown as Space).members ?? []), ctx.contextData.account._id]
}
}
return findResult return findResult
} }
@ -583,7 +574,7 @@ export class SpaceSecurityMiddleware extends BaseMiddleware implements Middlewar
await this.init(ctx) await this.init(ctx)
const newQuery = { ...query } const newQuery = { ...query }
const account = ctx.contextData.account const account = ctx.contextData.account
if (!isSystem(account)) { if (!isSystem(account, ctx)) {
const allSpaces = this.getAllAllowedSpaces(account, true) const allSpaces = this.getAllAllowedSpaces(account, true)
if (query.classes !== undefined) { if (query.classes !== undefined) {
const res = new Set<Ref<Space>>() const res = new Set<Ref<Space>>()
@ -610,7 +601,7 @@ export class SpaceSecurityMiddleware extends BaseMiddleware implements Middlewar
async isUnavailable (ctx: MeasureContext<SessionData>, space: Ref<Space>): Promise<boolean> { async isUnavailable (ctx: MeasureContext<SessionData>, space: Ref<Space>): Promise<boolean> {
const account = ctx.contextData.account const account = ctx.contextData.account
if (isSystem(account)) return false if (isSystem(account, ctx)) return false
return !this.getAllAllowedSpaces(account, true).includes(space) return !this.getAllAllowedSpaces(account, true).includes(space)
} }

4
server/middleware/src/utils.ts
View File

@ -19,6 +19,6 @@ export function isOwner (account: Account, ctx: MeasureContext<SessionData>): bo
return account.role === AccountRole.Owner || account._id === core.account.System || ctx.contextData.admin === true return account.role === AccountRole.Owner || account._id === core.account.System || ctx.contextData.admin === true
} }
export function isSystem (account: Account): boolean { export function isSystem (account: Account, ctx: MeasureContext<SessionData>): boolean {
return account._id === core.account.System || account._id.startsWith('system:') return account._id === core.account.System || ctx.contextData.admin === true
} }