MirrorSave
/
budibase
mirror of https://github.com/Budibase/budibase.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #1207 from Budibase/bug/perms-fix 

Permissions fix - fetch enriched was 403ing in public
This commit is contained in:
Michael Drury 2021-02-26 11:45:27 +00:00 committed by GitHub
parent 9c8c3bd5fe 491eb00ea1
commit 257df940d1
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
packages/server/src/utilities/security/permissions.js
View File

@ -138,7 +138,7 @@ exports.doesHaveResourcePermission = (
) => {
// set foundSub to not subResourceId, incase there is no subResource
let foundMain = false,
foundSub = !subResourceId
foundSub = false
for (let [resource, level] of Object.entries(permissions)) {
const levels = getAllowedLevels(level)
if (resource === resourceId && levels.indexOf(permLevel) !== -1) {
@ -156,7 +156,7 @@ exports.doesHaveResourcePermission = (
break
}
}
return foundMain && foundSub
return foundMain || foundSub
}
exports.doesHaveBasePermission = (permType, permLevel, permissionIds) => {