diff --git a/app/src/composables/use-permissions.ts b/app/src/composables/use-permissions.ts index 774cfa423b..8cbe7623ff 100644 --- a/app/src/composables/use-permissions.ts +++ b/app/src/composables/use-permissions.ts @@ -26,9 +26,14 @@ export function usePermissions(collection: Ref, item: Ref, isNew: R const archiveAllowed = computed(() => { if (!collectionInfo.value?.meta?.archive_field) return false; - return isAllowed(collection.value, 'update', { - [collectionInfo.value.meta.archive_field]: collectionInfo.value.meta.archive_value, - }); + return isAllowed( + collection.value, + 'update', + { + [collectionInfo.value.meta.archive_field]: collectionInfo.value.meta.archive_value, + }, + true + ); }); const fields = computed(() => { diff --git a/app/src/modules/collections/routes/item.vue b/app/src/modules/collections/routes/item.vue index 87cf866c26..9ed4ed8c18 100644 --- a/app/src/modules/collections/routes/item.vue +++ b/app/src/modules/collections/routes/item.vue @@ -213,7 +213,6 @@ import useShortcut from '@/composables/use-shortcut'; import { NavigationGuard } from 'vue-router'; import { useUserStore, usePermissionsStore } from '@/stores'; import generateJoi from '@/utils/generate-joi'; -import { isAllowed } from '@/utils/is-allowed'; import { cloneDeep } from 'lodash'; import { Field } from '@/types'; import { usePermissions } from '@/composables/use-permissions'; @@ -223,7 +222,7 @@ type Values = { }; export default defineComponent({ - name: 'collections-detail', + name: 'collections-item', components: { CollectionsNavigation, CollectionsNotFound, diff --git a/app/src/modules/users/routes/item.vue b/app/src/modules/users/routes/item.vue index 73d8715341..fb293c5fb7 100644 --- a/app/src/modules/users/routes/item.vue +++ b/app/src/modules/users/routes/item.vue @@ -177,7 +177,6 @@ import { Field } from '@/types'; import UserInfoSidebarDetail from '../components/user-info-sidebar-detail.vue'; import { getRootPath } from '@/utils/get-root-path'; import useShortcut from '@/composables/use-shortcut'; -import { isAllowed } from '@/utils/is-allowed'; import useCollection from '@/composables/use-collection'; import { userName } from '@/utils/user-name'; import { usePermissions } from '@/composables/use-permissions'; diff --git a/app/src/utils/is-allowed.ts b/app/src/utils/is-allowed.ts index 78f29ee0cf..151023f957 100644 --- a/app/src/utils/is-allowed.ts +++ b/app/src/utils/is-allowed.ts @@ -2,7 +2,12 @@ import { usePermissionsStore, useUserStore } from '@/stores'; import { Permission } from '@/types'; import generateJoi from '@/utils/generate-joi'; -export function isAllowed(collection: string, action: Permission['action'], value: Record | null) { +export function isAllowed( + collection: string, + action: Permission['action'], + value: Record | null, + strict = false +) { const permissionsStore = usePermissionsStore(); const userStore = useUserStore(); @@ -15,8 +20,18 @@ export function isAllowed(collection: string, action: Permission['action'], valu ); if (!permissionInfo) return false; + if (!permissionInfo.fields) return false; - const schema = generateJoi(permissionInfo.permissions, { allowUnknown: true }); + if (strict && permissionInfo.fields.includes('*') === false && value) { + const allowedFields = permissionInfo.fields; + const attemptedFields = Object.keys(value); + + if (attemptedFields.every((field) => allowedFields.includes(field)) === false) return false; + } + + const schema = generateJoi(['create', 'update'] ? permissionInfo.validation : permissionInfo.permissions, { + allowUnknown: true, + }); const { error } = schema.validate(value); if (!error) {