Ensure PERMISSIONS clauses are not run for ROOT / NS / DB users
This commit is contained in:
Tobie Morgan Hitchcock
parent
e6eb6168a1
commit
400ed09ecb
1 changed files with 20 additions and 13 deletions
|
|
@ -55,6 +55,8 @@ impl<'a> Document<'a> {
|
|||
for fd in self.fd(opt, txn).await?.iter() {
|
||||
// Loop over each field in document
|
||||
for k in out.each(&fd.name).iter() {
|
||||
// Check for a PERMISSIONS clause
|
||||
if opt.perms && opt.auth.perms() {
|
||||
// Process field permissions
|
||||
match &fd.permissions.select {
|
||||
Permission::Full => (),
|
||||
|
|
@ -66,7 +68,11 @@ impl<'a> Document<'a> {
|
|||
let mut ctx = Context::new(ctx);
|
||||
ctx.add_value("value".into(), &val);
|
||||
// Process the PERMISSION clause
|
||||
if !e.compute(&ctx, opt, txn, Some(&self.current)).await?.is_truthy() {
|
||||
if !e
|
||||
.compute(&ctx, opt, txn, Some(&self.current))
|
||||
.await?
|
||||
.is_truthy()
|
||||
{
|
||||
out.del(&ctx, opt, txn, k).await?
|
||||
}
|
||||
}
|
||||
|
|
@ -74,6 +80,7 @@ impl<'a> Document<'a> {
|
|||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
// Remove metadata fields on output
|
||||
out.del(ctx, opt, txn, &*META).await?;
|
||||
// Output result
|
||||
|
|
|
|||
Loading…
Reference in a new issue