github/directus
1
0
Fork 0
mirror of https://github.com/directus/directus.git synced 2026-02-04 07:25:01 -05:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'main' into feature-rate-limiting

Browse Source
This commit is contained in:
rijkvanzanten
2020-09-08 12:31:57 -04:00
parent 6b0b96591c 8811d2a3b4
commit 7f1f105349
248 changed files with 3387 additions and 34724 deletions
Download Patch File Download Diff File Expand all files Collapse all files

32
api/src/services/authorization.ts
View File

@@ -16,6 +16,7 @@ import { ForbiddenException, InvalidPayloadException } from '../exceptions';
import { uniq, merge } from 'lodash';
import generateJoi from '../utils/generate-joi';
import ItemsService from './items';
import { parseFilter } from '../utils/parse-filter';
export default class AuthorizationService {
knex: Knex;
@@ -64,8 +65,7 @@ export default class AuthorizationService {
}
validateFields(ast);
applyFilters(ast);
applyFilters(ast, this.accountability);
return ast;
@@ -126,7 +126,8 @@ export default class AuthorizationService {
}
function applyFilters(
ast: AST | NestedCollectionAST | FieldAST
ast: AST | NestedCollectionAST | FieldAST,
accountability: Accountability | null
): AST | NestedCollectionAST | FieldAST {
if (ast.type === 'collection') {
const collection = ast.name;
@@ -136,11 +137,12 @@ export default class AuthorizationService {
(permission) => permission.collection === collection
)!;
const parsedPermissions = parseFilter(permissions.permissions, accountability);
ast.query = {
...ast.query,
filter: {
...(ast.query.filter || {}),
...permissions.permissions,
_and: [ast.query.filter || {}, parsedPermissions],
},
};
@@ -155,7 +157,10 @@ export default class AuthorizationService {
ast.query.limit = permissions.limit;
}
ast.children = ast.children.map(applyFilters) as (NestedCollectionAST | FieldAST)[];
ast.children = ast.children.map((child) => applyFilters(child, accountability)) as (
| NestedCollectionAST
| FieldAST
)[];
}
return ast;
@@ -202,7 +207,7 @@ export default class AuthorizationService {
if (invalidKeys.length > 0) {
throw new ForbiddenException(
`You're not allowed to ${action} field "${invalidKeys[0]}" in collection "${collection}".`
)
);
}
}
}
@@ -228,7 +233,11 @@ export default class AuthorizationService {
}
}
async checkAccess(action: PermissionsAction, collection: string, pk: PrimaryKey | PrimaryKey[]) {
async checkAccess(
action: PermissionsAction,
collection: string,
pk: PrimaryKey | PrimaryKey[]
) {
const itemsService = new ItemsService(collection, { accountability: this.accountability });
try {
@@ -242,8 +251,11 @@ export default class AuthorizationService {
if (Array.isArray(pk) && result.length !== pk.length) throw '';
} catch {
throw new ForbiddenException(
`You're not allowed to ${action} item "${pk}" in collection "${collection}".`, {
collection, item: pk, action
`You're not allowed to ${action} item "${pk}" in collection "${collection}".`,
{
collection,
item: pk,
action,
}
);
}