mirror of
https://github.com/HeyPuter/puter.git
synced 2025-01-23 14:20:22 +08:00
fix: implicit app permissions bug
This commit is contained in:
KernelDeimos
parent
48fea77a20
commit
6b4a19e12a
@ -24,6 +24,7 @@ const {
|
||||
const { get_user, get_app } = require("../../helpers");
|
||||
const { AssignableMethodsFeature } = require("../../traits/AssignableMethodsFeature");
|
||||
const { Context } = require("../../util/context");
|
||||
const { get_a_letter, cylog } = require("../../util/debugutil");
|
||||
const BaseService = require("../BaseService");
|
||||
const { DB_WRITE } = require("../database/consts");
|
||||
const { UserActorType, Actor, AppUnderUserActorType, AccessTokenActorType, SiteActorType } = require("./Actor");
|
||||
@ -221,6 +222,10 @@ class PermissionService extends BaseService {
|
||||
permission_options = [permission_options];
|
||||
}
|
||||
|
||||
// TODO: command to enable these logs
|
||||
// const l = get_a_letter();
|
||||
// cylog(l, 'ACT & PERM:', actor.uid, permission_options);
|
||||
|
||||
const start_ts = Date.now();
|
||||
await require('../../structured/sequence/scan-permission')
|
||||
.call(this, {
|
||||
@ -229,6 +234,10 @@ class PermissionService extends BaseService {
|
||||
reading,
|
||||
});
|
||||
const end_ts = Date.now();
|
||||
|
||||
// TODO: command to enable these logs
|
||||
// cylog(l, 'READING', JSON.stringify(reading, null, ' '));
|
||||
|
||||
reading.push({
|
||||
$: 'time',
|
||||
value: end_ts - start_ts,
|
||||
|
||||
@ -56,7 +56,12 @@ module.exports = new Sequence([
|
||||
}
|
||||
},
|
||||
async function explode_permission (a) {
|
||||
const { reading, permission_options } = a.values();
|
||||
let { reading, permission_options } = a.values();
|
||||
|
||||
// VERY nasty bugs can happen if this array is not cloned!
|
||||
// (this was learned the hard way)
|
||||
permission_options = [...permission_options];
|
||||
|
||||
for ( let i=0 ; i < permission_options.length ; i++ ) {
|
||||
const permission = permission_options[i];
|
||||
permission_options[i] =
|
||||
|
||||
@ -213,15 +213,22 @@ const PERMISSION_SCANNERS = [
|
||||
|
||||
const app_uid = actor.type.app.uid;
|
||||
|
||||
const issuer_actor = actor.get_related_actor(UserActorType);
|
||||
const issuer_reading = await a.icall('scan', issuer_actor, permission_options);
|
||||
|
||||
for ( const permission of permission_options ) {
|
||||
{
|
||||
|
||||
const implied = default_implicit_user_app_permissions[permission];
|
||||
if ( implied ) {
|
||||
reading.push({
|
||||
$: 'option',
|
||||
source: 'implied',
|
||||
$: 'path',
|
||||
permission,
|
||||
source: 'user-app-implied',
|
||||
by: 'user-app-hc-1',
|
||||
data: implied,
|
||||
issuer_username: actor.type.user.username,
|
||||
reading: issuer_reading,
|
||||
});
|
||||
}
|
||||
} {
|
||||
@ -233,11 +240,13 @@ const PERMISSION_SCANNERS = [
|
||||
}
|
||||
if ( implicit_permissions[permission] ) {
|
||||
reading.push({
|
||||
$: 'option',
|
||||
$: 'path',
|
||||
permission,
|
||||
source: 'implied',
|
||||
source: 'user-app-implied',
|
||||
by: 'user-app-hc-2',
|
||||
data: implicit_permissions[permission],
|
||||
issuer_username: actor.type.user.username,
|
||||
reading: issuer_reading,
|
||||
});
|
||||
}
|
||||
}
|
||||
|
||||
17
src/backend/src/util/debugutil.js
Normal file
17
src/backend/src/util/debugutil.js
Normal file
@ -0,0 +1,17 @@
|
||||
const LETTERS = ['A','B','C','D','E','F','G','H','I','J','K','L','M','N'];
|
||||
|
||||
let curr_letter_ = 0;
|
||||
|
||||
const ind = () => {
|
||||
let v = curr_letter_;
|
||||
curr_letter_++;
|
||||
curr_letter_ = curr_letter_ % LETTERS.length;
|
||||
return v;
|
||||
};
|
||||
|
||||
module.exports = {
|
||||
get_a_letter: () => LETTERS[ind()],
|
||||
cylog: (...a) => {
|
||||
console.log(`\x1B[36;1m`, ...a);
|
||||
}
|
||||
};
|
||||
Loading…
Reference in New Issue
Block a user