Evaluate permission filters also on all joined relations

This commit is contained in:
Yonas Habteab 2022-10-05 17:52:29 +02:00
parent 607f7ab5ca
commit 72e6894bbb
1 changed files with 23 additions and 0 deletions

View File

@ -191,6 +191,7 @@ bool ObjectQueryHandler::HandleRequest(
} }
std::unordered_map<Type*, std::pair<bool, Expression::Ptr>> typePermissions; std::unordered_map<Type*, std::pair<bool, Expression::Ptr>> typePermissions;
std::unordered_map<Object*, bool> objectAccessAllowed;
for (const ConfigObject::Ptr& obj : objs) { for (const ConfigObject::Ptr& obj : objs) {
DictionaryData result1{ DictionaryData result1{
@ -283,6 +284,28 @@ bool ObjectQueryHandler::HandleRequest(
continue; continue;
} }
auto relation = objectAccessAllowed.find(joinedObj.get());
bool accessAllowed;
if (relation == objectAccessAllowed.end()) {
ScriptFrame permissionFrame(false, new Namespace());
try {
accessAllowed = FilterUtility::EvaluateFilter(permissionFrame, permissionFilter.get(), joinedObj);
} catch (const ScriptError& err) {
accessAllowed = false;
}
objectAccessAllowed.insert({joinedObj.get(), accessAllowed});
} else {
accessAllowed = relation->second;
}
if (!accessAllowed) {
// Access denied
continue;
}
String prefix = field.NavigationName; String prefix = field.NavigationName;
try { try {