noth/surrealpatch
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Ensure field permissions are correctly applied

Browse source
This commit is contained in:
Tobie Morgan Hitchcock 2018-04-27 00:40:59 +01:00
parent eb62515a05
commit 444a38986a
1 changed files with 14 additions and 14 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

28
db/yield.go
View file

@ -25,48 +25,48 @@ import (
func (d *document) cold(ctx context.Context) (doc *data.Doc, err error) {
// We need to copy the document so that
// we can add and remove the fields which
// are relevant to the particular query.
doc = d.initial.Copy()
// If we are not authenticated using DB,
// NS, or KV level, then we need to check
// document permissions for this query.
if k, ok := ctx.Value(ctxKeyKind).(cnf.Kind); ok {
if k == cnf.AuthSC {
if err = d.perms(ctx, d.initial); err != nil {
if err = d.perms(ctx, doc); err != nil {
return nil, err
}
}
}
// We need to copy the document so that
// we can add and remove the fields which
// are relevant to the particular query.
doc = d.initial.Copy()
return
}
func (d *document) cnow(ctx context.Context) (doc *data.Doc, err error) {
// We need to copy the document so that
// we can add and remove the fields which
// are relevant to the particular query.
doc = d.current.Copy()
// If we are not authenticated using DB,
// NS, or KV level, then we need to check
// document permissions for this query.
if k, ok := ctx.Value(ctxKeyKind).(cnf.Kind); ok {
if k == cnf.AuthSC {
if err = d.perms(ctx, d.current); err != nil {
if err = d.perms(ctx, doc); err != nil {
return nil, err
}
}
}
// We need to copy the document so that
// we can add and remove the fields which
// are relevant to the particular query.
doc = d.current.Copy()
return
}