Protect against old roles with differences when it comes to loops.

This commit is contained in:
mike12345567 2024-10-16 22:08:07 +01:00
parent 1f9c33c53a
commit 97b1c52f70
2 changed files with 19 additions and 4 deletions

View File

@ -1,4 +1,11 @@
import { Role, SEPARATOR, DocumentType } from "@budibase/types" import { Role, DocumentType, SEPARATOR } from "@budibase/types"
// need to have a way to prefix, so we can check if the ID has its prefix or not
// all new IDs should be the same in the future, but old roles they are never prefixed
// while the role IDs always are - best to check both, also we can't access backend-core here
function prefixForCheck(id: string) {
return `${DocumentType.ROLE}${SEPARATOR}${id}`
}
// Function to detect loops in roles // Function to detect loops in roles
export function checkForRoleInheritanceLoops(roles: Role[]): boolean { export function checkForRoleInheritanceLoops(roles: Role[]): boolean {
@ -11,16 +18,17 @@ export function checkForRoleInheritanceLoops(roles: Role[]): boolean {
const checking = new Set<string>() const checking = new Set<string>()
function hasLoop(roleId: string): boolean { function hasLoop(roleId: string): boolean {
if (checking.has(roleId)) { const prefixed = prefixForCheck(roleId)
if (checking.has(roleId) || checking.has(prefixed)) {
return true return true
} }
if (checked.has(roleId)) { if (checked.has(roleId) || checked.has(prefixed)) {
return false return false
} }
checking.add(roleId) checking.add(roleId)
const role = roleMap.get(roleId) const role = roleMap.get(prefixed) || roleMap.get(roleId)
if (!role) { if (!role) {
// role not found - ignore // role not found - ignore
checking.delete(roleId) checking.delete(roleId)

View File

@ -57,5 +57,12 @@ describe("role utilities", () => {
] ]
check(true) check(true)
}) })
it("should handle new and old inherits structure", () => {
const role1 = role("role_role_1", "role_1")
role("role_role_2", ["role_1"])
role1.inherits = "role_2"
check(true)
})
}) })
}) })