github/infisical
1
0
Fork 0
mirror of https://github.com/Infisical/infisical.git synced 2026-01-09 07:28:09 -05:00
Code Issues Packages Projects Releases Wiki Activity

fix(global-approvals): make canAccess path normalized

Browse Source
This commit is contained in:
x032205
2025-12-17 14:38:16 -05:00
parent fedf0c2a1b
commit c45289ebcf
1 changed files with 7 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
backend/src/services/approval-policy/pam-access/pam-access-policy-factory.ts
View File

@@ -68,11 +68,16 @@ export const pamAccessPolicyFactory: TApprovalResourceFactory<
revokedAt: null
});
const normalizedAccountPath = inputs.accountPath.startsWith("/") ? inputs.accountPath.slice(1) : inputs.accountPath;
// TODO(andrey): Move some of this check to be part of SQL query
return grants.some((grant) => {
const grantAttributes = grant.attributes as TPamAccessPolicyInputs;
const isMatch = picomatch(grantAttributes.accountPath);
return isMatch(inputs.accountPath) && (!grant.expiresAt || grant.expiresAt > new Date());
const normalizedGrantPath = grantAttributes.accountPath.startsWith("/")
? grantAttributes.accountPath.slice(1)
: grantAttributes.accountPath;
const isMatch = picomatch(normalizedGrantPath);
return isMatch(normalizedAccountPath) && (!grant.expiresAt || grant.expiresAt > new Date());
});
};