From 38e8b19b509fa7816f3c0a48a5e02dbb71100143 Mon Sep 17 00:00:00 2001 From: KernelDeimos Date: Fri, 5 Apr 2024 23:05:20 -0400 Subject: [PATCH] Cleanup --- .../src/filesystem/ll_operations/ll_read.js | 1 - .../backend/src/services/auth/ACLService.js | 19 ------------------- .../src/services/auth/PermissionService.js | 11 ----------- 3 files changed, 31 deletions(-) diff --git a/packages/backend/src/filesystem/ll_operations/ll_read.js b/packages/backend/src/filesystem/ll_operations/ll_read.js index 1d304042..c2279e9c 100644 --- a/packages/backend/src/filesystem/ll_operations/ll_read.js +++ b/packages/backend/src/filesystem/ll_operations/ll_read.js @@ -60,7 +60,6 @@ class LLRead extends LLFilesystemOperation { const svc_acl = context.get('services').get('acl'); const { fsNode, actor } = a.values(); if ( ! await svc_acl.check(actor, fsNode, 'read') ) { - console.log('\x1B[36;1mACL CHECK FAILED', { actor, fsNode }); throw await svc_acl.get_safe_acl_error(actor, fsNode, 'read'); } }, diff --git a/packages/backend/src/services/auth/ACLService.js b/packages/backend/src/services/auth/ACLService.js index 2eed3ddf..0a6012f6 100644 --- a/packages/backend/src/services/auth/ACLService.js +++ b/packages/backend/src/services/auth/ACLService.js @@ -76,25 +76,6 @@ class ACLService extends BaseService { } } - // Hard rule: if actor is owner, allow - // if ( actor.type instanceof UserActorType ) { - // const owner = await fsNode.get('user_id'); - // if ( this.verbose ) { - // const user = await get_user({ id: owner }); - // this.log.info( - // `user ${user.username} is ` + - // (owner == actor.type.user.id ? '' : 'not ') + - // 'owner of ' + await fsNode.get('path'), { - // actor_user_id: actor.type.user.id, - // fsnode_user_id: owner, - // } - // ); - // } - // if ( owner == actor.type.user.id ) { - // return true; - // } - // } - // app-under-user only works if the user also has permission if ( actor.type instanceof AppUnderUserActorType ) { const user_actor = new Actor({ diff --git a/packages/backend/src/services/auth/PermissionService.js b/packages/backend/src/services/auth/PermissionService.js index fde96c01..e6f45e92 100644 --- a/packages/backend/src/services/auth/PermissionService.js +++ b/packages/backend/src/services/auth/PermissionService.js @@ -221,9 +221,7 @@ class PermissionService extends BaseService { // TODO: context meta for cycle detection async check_user_permission (actor, permission) { - this.log.noticeme('check input: ' + permission); permission = await this._rewrite_permission(permission); - this.log.noticeme('check output: ' + permission); const parent_perms = this.get_parent_permissions(permission); // Check implicit permissions @@ -266,7 +264,6 @@ class PermissionService extends BaseService { const issuer_perm = await this.check(issuer_actor, row.permission); - this.log.noticeme('issuer_perm', { row, issuer_perm }); if ( ! issuer_perm ) continue; return row.extra; @@ -474,13 +471,7 @@ class PermissionService extends BaseService { } async grant_user_user_permission (actor, username, permission, extra = {}, meta) { - this.log.noticeme('input permission: ' + permission); permission = await this._rewrite_permission(permission); - this.log.noticeme('output permission: ' + permission); - this.log.noticeme('fields', { - one_thing: 1, - another: 2 - }); const user = await get_user({ username }); if ( ! user ) { throw new Error('user not found'); @@ -534,8 +525,6 @@ class PermissionService extends BaseService { throw new Error('user not found'); } - console.log('revoking', user.id, actor.type.user.id, permission) - // DELETE permission await this.db.write( 'DELETE FROM `user_to_user_permissions` ' +