yujunjun/strapi
1
0
Fork 0
mirror of https://github.com/strapi/strapi.git synced 2025-11-10 23:29:33 +00:00
Code Issues Packages Projects Releases Wiki Activity

Fix RBAC permissions without subject ignoring conditions (#10291)

Browse Source 
* Fix RBAC permissions without subject ignoring conditions

* Add unit test for nil subject in the permission engine
This commit is contained in:
Jean-Sébastien Herbaux 2021-05-17 08:14:58 +02:00 committed by GitHub
parent 43b947b2ba
commit 15c04d0612
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 39 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

31
packages/strapi-admin/services/__tests__/permissions.engine.test.js
View File

@ -349,6 +349,25 @@ describe('Permissions Engine', () => {
}); });
}); });
test('It should register the condition even if the subject is Nil', async () => {
const permission = {
action: 'read',
subject: null,
properties: {},
conditions: ['plugins::test.isCreatedBy'],
};
const user = getUser('alice');
const can = jest.fn();
const registerFn = engine.createRegisterFunction(can, {}, user);
await engine.evaluate({ permission, user, registerFn });
expect(can).toHaveBeenCalledWith('read', 'all', undefined, {
$and: [{ $or: [{ created_by: user.firstname }] }],
});
});
describe('Create Register Function', () => { describe('Create Register Function', () => {
let can; let can;
let registerFn; let registerFn;
@ -376,6 +395,18 @@ describe('Permissions Engine', () => {
expect(can).toHaveBeenCalledTimes(1); expect(can).toHaveBeenCalledTimes(1);
expect(can).toHaveBeenCalledWith('read', 'article', '*', { created_by: 1 }); expect(can).toHaveBeenCalledWith('read', 'article', '*', { created_by: 1 });
}); });
test(`It should use 'all' as a subject if it's Nil`, async () => {
await registerFn({
action: 'read',
subject: null,
fields: null,
condition: { created_by: 1 },
});
expect(can).toHaveBeenCalledTimes(1);
expect(can).toHaveBeenCalledWith('read', 'all', null, { created_by: 1 });
});
}); });
describe('Check Many', () => { describe('Check Many', () => {

10
packages/strapi-admin/services/permission/engine.js
View File

@ -8,6 +8,7 @@ const {
isFunction, isFunction,
isBoolean, isBoolean,
isArray, isArray,
isNil,
isEmpty, isEmpty,
isObject, isObject,
prop, prop,
@ -160,7 +161,7 @@ module.exports = conditionProvider => {
await this.applyPermissionProcessors(permission); await this.applyPermissionProcessors(permission);
// Extract the up-to-date components from the permission // Extract the up-to-date components from the permission
const { action, subject = 'all', properties = {}, conditions } = permission; const { action, subject, properties = {}, conditions } = permission;
// Register the permission if there is no condition // Register the permission if there is no condition
if (isEmpty(conditions)) { if (isEmpty(conditions)) {
@ -239,7 +240,12 @@ module.exports = conditionProvider => {
const registerToCasl = caslPermission => { const registerToCasl = caslPermission => {
const { action, subject, fields, condition } = caslPermission; const { action, subject, fields, condition } = caslPermission;
can(action, subject, fields, isObject(condition) ? condition : undefined); can(
action,
isNil(subject) ? 'all' : subject,
fields,
isObject(condition) ? condition : undefined
);
}; };
const runWillRegisterHook = async caslPermission => { const runWillRegisterHook = async caslPermission => {