noth/surrealpatch
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Ensure document permissions are rechecked after updating

Browse source
This commit is contained in:
Tobie Morgan Hitchcock 2018-12-30 23:03:38 +01:00
parent a8f9198695
commit f089dc4d7f
4 changed files with 34 additions and 7 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

9
db/check.go
View file

@ -141,6 +141,15 @@ func (d *document) allow(ctx context.Context, met method) (ok bool, err error) {
return true, nil return true, nil
} }
// If this document is being created
// for the first time, then allow this
// check, and recheck after the fields
// have been merged into the document.
if met == _CREATE && !d.current.Exists("id") {
return true, nil
}
// If we are authenticated using DB, NS, // If we are authenticated using DB, NS,
// or KV permissions level, then we can // or KV permissions level, then we can
// ignore all permissions checks, but we // ignore all permissions checks, but we

8
db/relate.go
View file

@ -118,10 +118,16 @@ func (d *document) runRelate(ctx context.Context, stm *sql.RelateStatement) (int
return nil, err return nil, err
} }
if d.val.Exi() == false { if d.val.Exi() == true {
met = _UPDATE met = _UPDATE
} }
if ok, err = d.allow(ctx, met); err != nil {
return nil, err
} else if ok == false {
return nil, nil
}
if err = d.merge(ctx, met, stm.Data); err != nil { if err = d.merge(ctx, met, stm.Data); err != nil {
return nil, err return nil, err
} }

12
db/update.go
View file

@ -111,7 +111,7 @@ func (d *document) runUpdate(ctx context.Context, stm *sql.UpdateStatement) (int
var ok bool var ok bool
var err error var err error
var met = _UPDATE var met = _CREATE
if err = d.init(ctx); err != nil { if err = d.init(ctx); err != nil {
return nil, err return nil, err
@ -125,8 +125,8 @@ func (d *document) runUpdate(ctx context.Context, stm *sql.UpdateStatement) (int
return nil, err return nil, err
} }
if d.val.Exi() == false { if d.val.Exi() == true {
met = _CREATE met = _UPDATE
} }
if ok, err = d.allow(ctx, met); err != nil { if ok, err = d.allow(ctx, met); err != nil {
@ -145,6 +145,12 @@ func (d *document) runUpdate(ctx context.Context, stm *sql.UpdateStatement) (int
return nil, err return nil, err
} }
if ok, err = d.allow(ctx, met); err != nil {
return nil, err
} else if ok == false {
return nil, nil
}
if err = d.storeIndex(ctx); err != nil { if err = d.storeIndex(ctx); err != nil {
return nil, err return nil, err
} }

12
db/upsert.go
View file

@ -80,7 +80,7 @@ func (d *document) runUpsert(ctx context.Context, stm *sql.UpsertStatement) (int
var ok bool var ok bool
var err error var err error
var met = _UPDATE var met = _CREATE
if err = d.init(ctx); err != nil { if err = d.init(ctx); err != nil {
return nil, err return nil, err
@ -94,8 +94,8 @@ func (d *document) runUpsert(ctx context.Context, stm *sql.UpsertStatement) (int
return nil, err return nil, err
} }
if d.val.Exi() == false { if d.val.Exi() == true {
met = _CREATE met = _UPDATE
} }
if ok, err = d.allow(ctx, met); err != nil { if ok, err = d.allow(ctx, met); err != nil {
@ -108,6 +108,12 @@ func (d *document) runUpsert(ctx context.Context, stm *sql.UpsertStatement) (int
return nil, err return nil, err
} }
if ok, err = d.allow(ctx, met); err != nil {
return nil, err
} else if ok == false {
return nil, nil
}
if err = d.storeIndex(ctx); err != nil { if err = d.storeIndex(ctx); err != nil {
return nil, err return nil, err
} }