Fixes an issue with public role access, some old roles have a slightly different role ID format which needs to be accounted for in the comparison. Tests will come after, want to get the fix out.
This commit is contained in:
parent
ec9f854dd8
commit
4da185a843
|
@ -219,7 +219,10 @@ export function getBuiltinRole(roleId: string): Role | undefined {
|
||||||
export function builtinRoleToNumber(id: string) {
|
export function builtinRoleToNumber(id: string) {
|
||||||
const builtins = getBuiltinRoles()
|
const builtins = getBuiltinRoles()
|
||||||
const MAX = Object.values(builtins).length + 1
|
const MAX = Object.values(builtins).length + 1
|
||||||
if (id === BUILTIN_IDS.ADMIN || id === BUILTIN_IDS.BUILDER) {
|
if (
|
||||||
|
compareRoleIds(id, BUILTIN_IDS.ADMIN) ||
|
||||||
|
compareRoleIds(id, BUILTIN_IDS.BUILDER)
|
||||||
|
) {
|
||||||
return MAX
|
return MAX
|
||||||
}
|
}
|
||||||
let role = builtins[id],
|
let role = builtins[id],
|
||||||
|
@ -256,7 +259,9 @@ export async function roleToNumber(id: string) {
|
||||||
// find the built-in roles, get their number, sort it, then get the last one
|
// find the built-in roles, get their number, sort it, then get the last one
|
||||||
const highestBuiltin: number | undefined = role.inherits
|
const highestBuiltin: number | undefined = role.inherits
|
||||||
.map(roleId => {
|
.map(roleId => {
|
||||||
const foundRole = hierarchy.find(role => role._id === roleId)
|
const foundRole = hierarchy.find(role =>
|
||||||
|
compareRoleIds(role._id!, roleId)
|
||||||
|
)
|
||||||
if (foundRole) {
|
if (foundRole) {
|
||||||
return findNumber(foundRole) + 1
|
return findNumber(foundRole) + 1
|
||||||
}
|
}
|
||||||
|
@ -380,7 +385,7 @@ async function getAllUserRoles(
|
||||||
): Promise<RoleDoc[]> {
|
): Promise<RoleDoc[]> {
|
||||||
const allRoles = await getAllRoles()
|
const allRoles = await getAllRoles()
|
||||||
// admins have access to all roles
|
// admins have access to all roles
|
||||||
if (userRoleId === BUILTIN_IDS.ADMIN) {
|
if (compareRoleIds(userRoleId, BUILTIN_IDS.ADMIN)) {
|
||||||
return allRoles
|
return allRoles
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -491,17 +496,21 @@ export async function getAllRoles(appId?: string): Promise<RoleDoc[]> {
|
||||||
// need to combine builtin with any DB record of them (for sake of permissions)
|
// need to combine builtin with any DB record of them (for sake of permissions)
|
||||||
for (let builtinRoleId of externalBuiltinRoles) {
|
for (let builtinRoleId of externalBuiltinRoles) {
|
||||||
const builtinRole = builtinRoles[builtinRoleId]
|
const builtinRole = builtinRoles[builtinRoleId]
|
||||||
const dbBuiltin = roles.filter(
|
const dbBuiltin = roles.filter(dbRole =>
|
||||||
dbRole =>
|
compareRoleIds(dbRole._id!, builtinRoleId)
|
||||||
getExternalRoleID(dbRole._id!, dbRole.version) === builtinRoleId
|
|
||||||
)[0]
|
)[0]
|
||||||
if (dbBuiltin == null) {
|
if (dbBuiltin == null) {
|
||||||
roles.push(builtinRole || builtinRoles.BASIC)
|
roles.push(builtinRole || builtinRoles.BASIC)
|
||||||
} else {
|
} else {
|
||||||
// remove role and all back after combining with the builtin
|
// remove role and all back after combining with the builtin
|
||||||
roles = roles.filter(role => role._id !== dbBuiltin._id)
|
roles = roles.filter(role => role._id !== dbBuiltin._id)
|
||||||
dbBuiltin._id = getExternalRoleID(dbBuiltin._id!, dbBuiltin.version)
|
dbBuiltin._id = getExternalRoleID(builtinRole._id!, dbBuiltin.version)
|
||||||
roles.push(Object.assign(builtinRole, dbBuiltin))
|
roles.push({
|
||||||
|
...builtinRole,
|
||||||
|
...dbBuiltin,
|
||||||
|
name: builtinRole.name,
|
||||||
|
_id: getExternalRoleID(builtinRole._id!, builtinRole.version),
|
||||||
|
})
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
// check permissions
|
// check permissions
|
||||||
|
@ -544,9 +553,9 @@ export class AccessController {
|
||||||
if (
|
if (
|
||||||
tryingRoleId == null ||
|
tryingRoleId == null ||
|
||||||
tryingRoleId === "" ||
|
tryingRoleId === "" ||
|
||||||
tryingRoleId === userRoleId ||
|
compareRoleIds(tryingRoleId, BUILTIN_IDS.BUILDER) ||
|
||||||
tryingRoleId === BUILTIN_IDS.BUILDER ||
|
compareRoleIds(userRoleId!, tryingRoleId) ||
|
||||||
userRoleId === BUILTIN_IDS.BUILDER
|
compareRoleIds(userRoleId!, BUILTIN_IDS.BUILDER)
|
||||||
) {
|
) {
|
||||||
return true
|
return true
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue