From 74dfeb7c7b67f1ddc2bdce79f5655e4b973da09d Mon Sep 17 00:00:00 2001 From: mike12345567 Date: Fri, 26 Feb 2021 10:06:02 +0000 Subject: [PATCH 1/2] Two character change, some API calls with sub resources and primary resources weren't working, should allow either the sub resource or the main resource to trigger allowance. --- packages/server/src/utilities/security/permissions.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packages/server/src/utilities/security/permissions.js b/packages/server/src/utilities/security/permissions.js index 083de730b5..e6028ac2da 100644 --- a/packages/server/src/utilities/security/permissions.js +++ b/packages/server/src/utilities/security/permissions.js @@ -156,7 +156,7 @@ exports.doesHaveResourcePermission = ( break } } - return foundMain && foundSub + return foundMain || foundSub } exports.doesHaveBasePermission = (permType, permLevel, permissionIds) => { From 491eb00ea1243f4ede99bceb1fbd5a81b264c0a6 Mon Sep 17 00:00:00 2001 From: mike12345567 Date: Fri, 26 Feb 2021 10:19:06 +0000 Subject: [PATCH 2/2] Fixing an issue discovered by test case. --- packages/server/src/utilities/security/permissions.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packages/server/src/utilities/security/permissions.js b/packages/server/src/utilities/security/permissions.js index e6028ac2da..03fa5fa562 100644 --- a/packages/server/src/utilities/security/permissions.js +++ b/packages/server/src/utilities/security/permissions.js @@ -138,7 +138,7 @@ exports.doesHaveResourcePermission = ( ) => { // set foundSub to not subResourceId, incase there is no subResource let foundMain = false, - foundSub = !subResourceId + foundSub = false for (let [resource, level] of Object.entries(permissions)) { const levels = getAllowedLevels(level) if (resource === resourceId && levels.indexOf(permLevel) !== -1) {