Ensure PERMISSIONS clauses are not run for ROOT / NS / DB users

2022-10-16 22:22:13 +01:00 · 2022-10-16 22:22:13 +01:00 · 400ed09ecb
commit 400ed09ecb
parent e6eb6168a1
1 changed files with 20 additions and 13 deletions
--- a/lib/src/doc/pluck.rs
+++ b/lib/src/doc/pluck.rs
@ -55,19 +55,26 @@ impl<'a> Document<'a> {
 			for fd in self.fd(opt, txn).await?.iter() {
 				// Loop over each field in document
 				for k in out.each(&fd.name).iter() {
-					// Process field permissions
-					match &fd.permissions.select {
-						Permission::Full => (),
-						Permission::None => out.del(ctx, opt, txn, k).await?,
-						Permission::Specific(e) => {
-							// Get the current value
-							let val = self.current.pick(k);
-							// Configure the context
-							let mut ctx = Context::new(ctx);
-							ctx.add_value("value".into(), &val);
-							// Process the PERMISSION clause
-							if !e.compute(&ctx, opt, txn, Some(&self.current)).await?.is_truthy() {
-								out.del(&ctx, opt, txn, k).await?
+					// Check for a PERMISSIONS clause
+					if opt.perms && opt.auth.perms() {
+						// Process field permissions
+						match &fd.permissions.select {
+							Permission::Full => (),
+							Permission::None => out.del(ctx, opt, txn, k).await?,
+							Permission::Specific(e) => {
+								// Get the current value
+								let val = self.current.pick(k);
+								// Configure the context
+								let mut ctx = Context::new(ctx);
+								ctx.add_value("value".into(), &val);
+								// Process the PERMISSION clause
+								if !e
+									.compute(&ctx, opt, txn, Some(&self.current))
+									.await?
+									.is_truthy()
+								{
+									out.del(&ctx, opt, txn, k).await?
+								}
 							}
 						}
 					}