Harmonization with IVIS

2019-01-04 21:31:01 +01:00 · 2019-01-04 21:31:01 +01:00 · 397f85dac4
commit 397f85dac4
parent 428fb9db7b
41 changed files with 8587 additions and 10940 deletions
--- a/server/lib/dt-helpers.js
+++ b/server/lib/dt-helpers.js
@ -2,6 +2,8 @@

 const knex = require('./knex');
 const entitySettings = require('./entity-settings');
+const { enforce } = require('./helpers');
+const shares = require('../models/shares');

 async function ajaxListTx(tx, params, queryFun, columns, options) {
    options = options || {};
@ -109,7 +111,8 @@ async function ajaxListTx(tx, params, queryFun, columns, options) {
 }

 async function ajaxListWithPermissionsTx(tx, context, fetchSpecs, params, queryFun, columns, options) {
-    // Note that this function is not intended to be used with the synthetic admin context obtained by contextHelpers.getAdminContext()
+    enforce(!context.user.admin, 'ajaxListWithPermissionsTx is not supposed to be called by assumed admin');
+
    options = options || {};

    const permCols = [];
@ -138,13 +141,18 @@ async function ajaxListWithPermissionsTx(tx, context, fetchSpecs, params, queryF
                const entityType = entitySettings.getEntityType(fetchSpec.entityTypeId);

                if (fetchSpec.requiredOperations) {
+                    const requiredOperations = shares.filterPermissionsByRestrictedAccessHandler(context, fetchSpec.entityTypeId, null, fetchSpec.requiredOperations, 'ajaxListWithPermissionsTx');
                    const entityIdColumn = fetchSpec.column ? fetchSpec.column : entityType.entitiesTable + '.id';

-                    query = query.innerJoin(
-                        function () {
-                            return this.from(entityType.permissionsTable).distinct('entity').where('user', context.user.id).whereIn('operation', fetchSpec.requiredOperations).as(`permitted__${fetchSpec.entityTypeId}`);
-                        },
-                        `permitted__${fetchSpec.entityTypeId}.entity`, entityIdColumn)
+                    if (requiredOperations.length > 0) {
+                        query = query.innerJoin(
+                            function () {
+                                return this.from(entityType.permissionsTable).distinct('entity').where('user', context.user.id).whereIn('operation', requiredOperations).as(`permitted__${fetchSpec.entityTypeId}`);
+                            },
+                            `permitted__${fetchSpec.entityTypeId}.entity`, entityIdColumn)
+                    } else {
+                        query = query.whereRaw('FALSE');
+                    }
                }
            }

@ -186,9 +194,7 @@ async function ajaxListWithPermissions(context, fetchSpecs, params, queryFun, co
    });
 }

-module.exports = {
-    ajaxListTx,
-    ajaxList,
-    ajaxListWithPermissionsTx,
-    ajaxListWithPermissions
-};
+module.exports.ajaxListTx = ajaxListTx;
+module.exports.ajaxList = ajaxList;
+module.exports.ajaxListWithPermissionsTx = ajaxListWithPermissionsTx;
+module.exports.ajaxListWithPermissions = ajaxListWithPermissions;