Mirrors/unleash.unleash
1
0
Fork 0
mirror of https://github.com/Unleash/unleash.git synced 2025-09-05 17:53:12 +02:00
Code Issues Projects Releases Wiki Activity

fix: backend check on the service layer

Browse Source
This commit is contained in:
Nuno Góis 2024-06-18 10:16:26 +01:00
parent afbb1b6192
commit dc33f3a7fc
No known key found for this signature in database
GPG Key ID: 71ECC689F1091765
1 changed files with 12 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
src/lib/features/project/project-service.ts
View File

@ -52,6 +52,7 @@ import {
SYSTEM_USER_ID, SYSTEM_USER_ID,
type ProjectCreated, type ProjectCreated,
type IProjectOwnersReadModel, type IProjectOwnersReadModel,
ADMIN,
} from '../../types'; } from '../../types';
import type { import type {
IProjectAccessModel, IProjectAccessModel,
@ -838,16 +839,21 @@ export default class ProjectService {
} }
private async isAllowedToAddAccess( private async isAllowedToAddAccess(
userAddingAccess: number, userAddingAccess: IAuditUser,
projectId: string, projectId: string,
rolesBeingAdded: number[], rolesBeingAdded: number[],
): Promise<boolean> { ): Promise<boolean> {
const userPermissions =
await this.accessService.getPermissionsForUser(userAddingAccess);
if (userPermissions.some(({ permission }) => permission === ADMIN)) {
return true;
}
const userRoles = await this.accessService.getAllProjectRolesForUser( const userRoles = await this.accessService.getAllProjectRolesForUser(
userAddingAccess, userAddingAccess.id,
projectId, projectId,
); );
if ( if (
this.isAdmin(userAddingAccess, userRoles) || this.isAdmin(userAddingAccess.id, userRoles) ||
this.isProjectOwner(userRoles, projectId) this.isProjectOwner(userRoles, projectId)
) { ) {
return true; return true;
@ -864,7 +870,7 @@ export default class ProjectService {
users: number[], users: number[],
auditUser: IAuditUser, auditUser: IAuditUser,
): Promise<void> { ): Promise<void> {
if (await this.isAllowedToAddAccess(auditUser.id, projectId, roles)) { if (await this.isAllowedToAddAccess(auditUser, projectId, roles)) {
await this.accessService.addAccessToProject( await this.accessService.addAccessToProject(
roles, roles,
groups, groups,
@ -915,7 +921,7 @@ export default class ProjectService {
await this.validateAtLeastOneOwner(projectId, ownerRole); await this.validateAtLeastOneOwner(projectId, ownerRole);
} }
const isAllowedToAssignRoles = await this.isAllowedToAddAccess( const isAllowedToAssignRoles = await this.isAllowedToAddAccess(
auditUser.id, auditUser,
projectId, projectId,
newRoles, newRoles,
); );
@ -966,7 +972,7 @@ export default class ProjectService {
await this.validateAtLeastOneOwner(projectId, ownerRole); await this.validateAtLeastOneOwner(projectId, ownerRole);
} }
const isAllowedToAssignRoles = await this.isAllowedToAddAccess( const isAllowedToAssignRoles = await this.isAllowedToAddAccess(
auditUser.id, auditUser,
projectId, projectId,
newRoles, newRoles,
); );