From 229498332eff5791a929adbf3c039969649f17f9 Mon Sep 17 00:00:00 2001 From: mike12345567 Date: Fri, 26 Feb 2021 10:06:02 +0000 Subject: [PATCH 1/2] Two character change, some API calls with sub resources and primary resources weren't working, should allow either the sub resource or the main resource to trigger allowance. --- packages/server/src/utilities/security/permissions.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packages/server/src/utilities/security/permissions.js b/packages/server/src/utilities/security/permissions.js index 083de730b5..e6028ac2da 100644 --- a/packages/server/src/utilities/security/permissions.js +++ b/packages/server/src/utilities/security/permissions.js @@ -156,7 +156,7 @@ exports.doesHaveResourcePermission = ( break } } - return foundMain && foundSub + return foundMain || foundSub } exports.doesHaveBasePermission = (permType, permLevel, permissionIds) => { From acba31d29da183d370667c8a4c366884ee74e7e6 Mon Sep 17 00:00:00 2001 From: mike12345567 Date: Fri, 26 Feb 2021 10:19:06 +0000 Subject: [PATCH 2/2] Fixing an issue discovered by test case. --- packages/server/src/utilities/security/permissions.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packages/server/src/utilities/security/permissions.js b/packages/server/src/utilities/security/permissions.js index e6028ac2da..03fa5fa562 100644 --- a/packages/server/src/utilities/security/permissions.js +++ b/packages/server/src/utilities/security/permissions.js @@ -138,7 +138,7 @@ exports.doesHaveResourcePermission = ( ) => { // set foundSub to not subResourceId, incase there is no subResource let foundMain = false, - foundSub = !subResourceId + foundSub = false for (let [resource, level] of Object.entries(permissions)) { const levels = getAllowedLevels(level) if (resource === resourceId && levels.indexOf(permLevel) !== -1) {