dennii/dbgate
1
0
Fork 0
mirror of https://github.com/DeNNiiInc/dbgate.git synced 2026-04-18 00:56:02 +00:00
Code Issues Packages Projects Releases Wiki Activity

SYNC: fixed permission check, new permission test

Browse Source
This commit is contained in:
SPRINX0\prochazka
2025-08-22 10:33:01 +02:00
committed by Diflow
parent 02a69ea6d9
commit ee40f32b0c
3 changed files with 46 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

30
packages/api/src/utility/hasPermission.js
View File

@@ -48,11 +48,14 @@ async function testConnectionPermission(connection, req, loadedPermissions) {
return;
}
const conid = _.isString(connection) ? connection : connection?._id;
if (hasPermission('internal-storage', loadedPermissions) && conid == '__storage') {
return;
}
const authProvider = getAuthProviderFromReq(req);
if (!req) {
return;
}
if (!await authProvider.checkCurrentConnectionPermission(req, conid)) {
if (!(await authProvider.checkCurrentConnectionPermission(req, conid))) {
throw new Error('Connection permission not granted');
}
} else {
@@ -215,11 +218,23 @@ const TABLE_SCOPE_ID_NAMES = {
'-9': 'collections',
};
function getTablePermissionRole(conid, database, objectTypeField, schemaName, pureName, loadedTablePermissions, databasePermissionRole) {
let res = databasePermissionRole == 'read_content' ? 'read' :
databasePermissionRole == 'write_data' ? 'create_update_delete' :
databasePermissionRole == 'run_script' ? 'run_script' :
'deny';
function getTablePermissionRole(
conid,
database,
objectTypeField,
schemaName,
pureName,
loadedTablePermissions,
databasePermissionRole
) {
let res =
databasePermissionRole == 'read_content'
? 'read'
: databasePermissionRole == 'write_data'
? 'create_update_delete'
: databasePermissionRole == 'run_script'
? 'run_script'
: 'deny';
for (const permissionRow of loadedTablePermissions) {
if (!matchDatabasePermissionRow(conid, database, permissionRow)) {
continue;
@@ -286,7 +301,6 @@ async function testDatabaseRolePermission(conid, database, requiredRole, req) {
}
}
module.exports = {
hasPermission,
connectionHasPermission,
@@ -298,5 +312,5 @@ module.exports = {
getTablePermissionRole,
testStandardPermission,
testDatabaseRolePermission,
getTablePermissionRoleLevelIndex
getTablePermissionRoleLevelIndex,
};