Fixes an issue with public role access, some old roles have a slightly different role ID format which needs to be accounted for in the comparison. Tests will come after, want to get the fix out.

This commit is contained in:
mike12345567 2024-10-29 11:00:45 +00:00
parent ec9f854dd8
commit 4da185a843
1 changed files with 20 additions and 11 deletions

View File

@ -219,7 +219,10 @@ export function getBuiltinRole(roleId: string): Role | undefined {
export function builtinRoleToNumber(id: string) { export function builtinRoleToNumber(id: string) {
const builtins = getBuiltinRoles() const builtins = getBuiltinRoles()
const MAX = Object.values(builtins).length + 1 const MAX = Object.values(builtins).length + 1
if (id === BUILTIN_IDS.ADMIN || id === BUILTIN_IDS.BUILDER) { if (
compareRoleIds(id, BUILTIN_IDS.ADMIN) ||
compareRoleIds(id, BUILTIN_IDS.BUILDER)
) {
return MAX return MAX
} }
let role = builtins[id], let role = builtins[id],
@ -256,7 +259,9 @@ export async function roleToNumber(id: string) {
// find the built-in roles, get their number, sort it, then get the last one // find the built-in roles, get their number, sort it, then get the last one
const highestBuiltin: number | undefined = role.inherits const highestBuiltin: number | undefined = role.inherits
.map(roleId => { .map(roleId => {
const foundRole = hierarchy.find(role => role._id === roleId) const foundRole = hierarchy.find(role =>
compareRoleIds(role._id!, roleId)
)
if (foundRole) { if (foundRole) {
return findNumber(foundRole) + 1 return findNumber(foundRole) + 1
} }
@ -380,7 +385,7 @@ async function getAllUserRoles(
): Promise<RoleDoc[]> { ): Promise<RoleDoc[]> {
const allRoles = await getAllRoles() const allRoles = await getAllRoles()
// admins have access to all roles // admins have access to all roles
if (userRoleId === BUILTIN_IDS.ADMIN) { if (compareRoleIds(userRoleId, BUILTIN_IDS.ADMIN)) {
return allRoles return allRoles
} }
@ -491,17 +496,21 @@ export async function getAllRoles(appId?: string): Promise<RoleDoc[]> {
// need to combine builtin with any DB record of them (for sake of permissions) // need to combine builtin with any DB record of them (for sake of permissions)
for (let builtinRoleId of externalBuiltinRoles) { for (let builtinRoleId of externalBuiltinRoles) {
const builtinRole = builtinRoles[builtinRoleId] const builtinRole = builtinRoles[builtinRoleId]
const dbBuiltin = roles.filter( const dbBuiltin = roles.filter(dbRole =>
dbRole => compareRoleIds(dbRole._id!, builtinRoleId)
getExternalRoleID(dbRole._id!, dbRole.version) === builtinRoleId
)[0] )[0]
if (dbBuiltin == null) { if (dbBuiltin == null) {
roles.push(builtinRole || builtinRoles.BASIC) roles.push(builtinRole || builtinRoles.BASIC)
} else { } else {
// remove role and all back after combining with the builtin // remove role and all back after combining with the builtin
roles = roles.filter(role => role._id !== dbBuiltin._id) roles = roles.filter(role => role._id !== dbBuiltin._id)
dbBuiltin._id = getExternalRoleID(dbBuiltin._id!, dbBuiltin.version) dbBuiltin._id = getExternalRoleID(builtinRole._id!, dbBuiltin.version)
roles.push(Object.assign(builtinRole, dbBuiltin)) roles.push({
...builtinRole,
...dbBuiltin,
name: builtinRole.name,
_id: getExternalRoleID(builtinRole._id!, builtinRole.version),
})
} }
} }
// check permissions // check permissions
@ -544,9 +553,9 @@ export class AccessController {
if ( if (
tryingRoleId == null || tryingRoleId == null ||
tryingRoleId === "" || tryingRoleId === "" ||
tryingRoleId === userRoleId || compareRoleIds(tryingRoleId, BUILTIN_IDS.BUILDER) ||
tryingRoleId === BUILTIN_IDS.BUILDER || compareRoleIds(userRoleId!, tryingRoleId) ||
userRoleId === BUILTIN_IDS.BUILDER compareRoleIds(userRoleId!, BUILTIN_IDS.BUILDER)
) { ) {
return true return true
} }