mirror of
https://github.com/HeyPuter/puter
synced 2024-11-14 22:06:00 +00:00
feat: add subdomain permission (if applicable) on app share
This commit is contained in:
parent
0cf90ee39a
commit
13e2f72c9f
@ -15,6 +15,7 @@ const { UsernameNotifSelector } = require('../services/NotificationService');
|
||||
const { quot } = require('../util/strutil');
|
||||
const { UtilFn } = require('../util/fnutil');
|
||||
const { WorkList } = require('../util/workutil');
|
||||
const { DB_WRITE } = require('../services/database/consts');
|
||||
|
||||
const router = express.Router();
|
||||
|
||||
@ -29,6 +30,8 @@ const v0_2 = async (req, res) => {
|
||||
|
||||
const actor = Context.get('actor');
|
||||
|
||||
const db = req.services.get('database').get('share', DB_WRITE);
|
||||
|
||||
// === Request Validators ===
|
||||
|
||||
const validate_mode = UtilFn(mode => {
|
||||
@ -372,11 +375,6 @@ const v0_2 = async (req, res) => {
|
||||
continue;
|
||||
}
|
||||
|
||||
// Process: conditionally add permission for subdomain
|
||||
for ( const item of shares_work.list() ) {
|
||||
// NEXT
|
||||
}
|
||||
|
||||
shares_work.clear_invalid();
|
||||
|
||||
for ( const item of shares_work.list() ) {
|
||||
@ -410,11 +408,49 @@ const v0_2 = async (req, res) => {
|
||||
|
||||
shares_work.clear_invalid();
|
||||
|
||||
// Fetch app info for app shares
|
||||
for ( const item of shares_work.list() ) {
|
||||
if ( item.type !== 'app' ) continue;
|
||||
const app = await get_app({});
|
||||
const { thing } = item;
|
||||
|
||||
const app = await get_app(thing.uid ?
|
||||
{ uid: thing.uid } : { name: thing.name });
|
||||
if ( ! app ) {
|
||||
item.invalid = true;
|
||||
result.shares[item.i] =
|
||||
// note: since we're reporting `entity_not_found`
|
||||
// we will report the id as an entity-storage-compatible
|
||||
// identifier.
|
||||
APIError.create('entity_not_found', null, {
|
||||
identifier: thing.uid
|
||||
? { uid: thing.uid }
|
||||
: { id: { name: thing.name } }
|
||||
});
|
||||
}
|
||||
item.app = app;
|
||||
}
|
||||
|
||||
shares_work.clear_invalid();
|
||||
|
||||
// Process: conditionally add permission for subdomain
|
||||
for ( const item of shares_work.list() ) {
|
||||
if ( item.type !== 'app' ) continue;
|
||||
const [subdomain] = await db.read(
|
||||
`SELECT * FROM subdomains WHERE associated_app_id = ? ` +
|
||||
`AND user_id = ? LIMIT 1`,
|
||||
[item.app.id, actor.type.user.id]
|
||||
);
|
||||
if ( ! subdomain ) continue;
|
||||
|
||||
// The subdomain is also owned by this user, so we'll
|
||||
// add a permission for that as well
|
||||
|
||||
const site_selector = `uid#${subdomain.uuid}`;
|
||||
item.share_intent.permissions.push(
|
||||
PermissionUtil.join('site', site_selector, 'access')
|
||||
)
|
||||
}
|
||||
|
||||
shares_work.clear_invalid();
|
||||
|
||||
// Mark files as successful; further errors will be
|
||||
|
Loading…
Reference in New Issue
Block a user