apunkt/SurfSense
1
0
Fork 0
mirror of https://github.com/MODSetter/SurfSense.git synced 2026-06-26 21:39:43 +02:00
Code Issues Projects Releases Packages Wiki Activity

fix(zero):load authz context for queries

Browse source
This commit is contained in:
Anish Sarkar 2026-06-23 12:59:16 +05:30
parent 54ff86dcc2
commit 3cbd109e8d
4 changed files with 155 additions and 42 deletions
Download patch file Download diff file Expand all files Collapse all files

28
surfsense_web/zero/queries/authz.ts Normal file
View file

@ -0,0 +1,28 @@
import type { Context } from "@/types/zero";
type SpaceScopedQuery = {
where: (...args: unknown[]) => SpaceScopedQuery;
};
const DENIED_SPACE_ID = -1;
export function canReadSpace(ctx: Context, searchSpaceId: number): boolean {
return !!ctx?.allowedSpaceIds?.includes(searchSpaceId);
}
export function denySpace<T extends SpaceScopedQuery>(query: T): T {
return query.where("searchSpaceId", DENIED_SPACE_ID) as T;
}
export function constrainToAllowedSpaces<T extends SpaceScopedQuery>(query: T, ctx: Context): T {
const allowedSpaceIds = ctx?.allowedSpaceIds ?? [];
if (allowedSpaceIds.length === 0) {
return denySpace(query);
}
if (allowedSpaceIds.length === 1) {
return query.where("searchSpaceId", allowedSpaceIds[0]) as T;
}
return query.where(({ cmp, or }: { cmp: (column: string, value: number) => unknown; or: (...args: unknown[]) => unknown }) =>
or(...allowedSpaceIds.map((id) => cmp("searchSpaceId", id)))
) as T;
}