wieerwill/platform
1
0
Fork 0
mirror of https://github.com/hcengineering/platform.git synced 2025-04-19 23:00:13 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

UBERF-7690: Skip space security for >=85% of spaces and do on result check (#6338)

Browse Source 
Signed-off-by: Andrey Sobolev <haiodo@gmail.com>
This commit is contained in:
Andrey Sobolev 2024-08-15 17:58:51 +07:00 committed by GitHub
parent f0727bf42f
commit cab8ded85a
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 19 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
server/middleware/src/spaceSecurity.ts
View File

@ -42,7 +42,8 @@ import core, {
TxWorkspaceEvent, TxWorkspaceEvent,
WorkspaceEvent, WorkspaceEvent,
generateId, generateId,
systemAccountEmail systemAccountEmail,
toFindResult
} from '@hcengineering/core' } from '@hcengineering/core'
import platform, { PlatformError, Severity, Status } from '@hcengineering/platform' import platform, { PlatformError, Severity, Status } from '@hcengineering/platform'
import { Middleware, SessionContext, TxMiddlewareResult, type ServerStorage } from '@hcengineering/server-core' import { Middleware, SessionContext, TxMiddlewareResult, type ServerStorage } from '@hcengineering/server-core'
@ -491,6 +492,8 @@ export class SpaceSecurityMiddleware extends BaseMiddleware implements Middlewar
const isSpace = this.storage.hierarchy.isDerived(_class, core.class.Space) const isSpace = this.storage.hierarchy.isDerived(_class, core.class.Space)
const field = this.getKey(domain) const field = this.getKey(domain)
let clientFilterSpaces: Set<Ref<Space>> | undefined
if (!isSystem(account) && account.role !== AccountRole.DocGuest && domain !== DOMAIN_MODEL) { if (!isSystem(account) && account.role !== AccountRole.DocGuest && domain !== DOMAIN_MODEL) {
if (!isOwner(account, ctx) || !isSpace) { if (!isOwner(account, ctx) || !isSpace) {
if (query[field] !== undefined) { if (query[field] !== undefined) {
@ -513,14 +516,27 @@ export class SpaceSecurityMiddleware extends BaseMiddleware implements Middlewar
delete (newQuery as any)[field] delete (newQuery as any)[field]
} else if (spaces.result.length === 1) { } else if (spaces.result.length === 1) {
;(newQuery as any)[field] = spaces.result[0] ;(newQuery as any)[field] = spaces.result[0]
} else {
// Check if spaces > 85% of all domain spaces, in this case return all and filter on client.
if (spaces.result.length / spaces.domainSpaces.size > 0.85 && options?.limit === undefined) {
clientFilterSpaces = new Set(spaces.result)
delete newQuery.space
} else { } else {
;(newQuery as any)[field] = { $in: spaces.result } ;(newQuery as any)[field] = { $in: spaces.result }
} }
} }
} }
} }
}
const findResult = await this.provideFindAll(ctx, _class, newQuery, options) let findResult = await this.provideFindAll(ctx, _class, newQuery, options)
if (clientFilterSpaces !== undefined) {
findResult = toFindResult(
findResult.filter((it) => (clientFilterSpaces as Set<Ref<Space>>).has(it.space)),
findResult.total,
findResult.lookupMap
)
}
if (!isOwner(account, ctx) && account.role !== AccountRole.DocGuest) { if (!isOwner(account, ctx) && account.role !== AccountRole.DocGuest) {
if (options?.lookup !== undefined) { if (options?.lookup !== undefined) {
for (const object of findResult) { for (const object of findResult) {