Ensure PERMISSIONS clauses are not run for ROOT / NS / DB users

This commit is contained in:
Tobie Morgan Hitchcock 2022-10-16 22:22:13 +01:00
parent e6eb6168a1
commit 400ed09ecb

View file

@ -55,6 +55,8 @@ impl<'a> Document<'a> {
for fd in self.fd(opt, txn).await?.iter() { for fd in self.fd(opt, txn).await?.iter() {
// Loop over each field in document // Loop over each field in document
for k in out.each(&fd.name).iter() { for k in out.each(&fd.name).iter() {
// Check for a PERMISSIONS clause
if opt.perms && opt.auth.perms() {
// Process field permissions // Process field permissions
match &fd.permissions.select { match &fd.permissions.select {
Permission::Full => (), Permission::Full => (),
@ -66,7 +68,11 @@ impl<'a> Document<'a> {
let mut ctx = Context::new(ctx); let mut ctx = Context::new(ctx);
ctx.add_value("value".into(), &val); ctx.add_value("value".into(), &val);
// Process the PERMISSION clause // Process the PERMISSION clause
if !e.compute(&ctx, opt, txn, Some(&self.current)).await?.is_truthy() { if !e
.compute(&ctx, opt, txn, Some(&self.current))
.await?
.is_truthy()
{
out.del(&ctx, opt, txn, k).await? out.del(&ctx, opt, txn, k).await?
} }
} }
@ -74,6 +80,7 @@ impl<'a> Document<'a> {
} }
} }
} }
}
// Remove metadata fields on output // Remove metadata fields on output
out.del(ctx, opt, txn, &*META).await?; out.del(ctx, opt, txn, &*META).await?;
// Output result // Output result