Skip to content

Commit

Permalink
Allow meeting user restriction mode E for related user (#1018)
Browse files Browse the repository at this point in the history
  • Loading branch information
@bastianjoel
bastianjoel authored Sep 25, 2024
1 parent cc6d3cf commit 2168628
Show file tree
Hide file tree
Showing 2 changed files with 41 additions and 2 deletions.
29 changes: 27 additions & 2 deletions internal/restrict/collection/meeting_user.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -21,7 +21,10 @@ import (
// The request user has the OML can_manage_users or higher.
// The request user has user.can_manage in the meeting
//
// Mode E: User has the permissoin can_see_sensible_data.
// Mode E: Y can see these fields if at least one condition is true:
//
// Y has the permissoin can_see_sensible_data.
// Y is the related user.
type MeetingUser struct{}

// Name returns the collection name.
Expand Down Expand Up @@ -120,5 +123,27 @@ func (m MeetingUser) modeD(ctx context.Context, ds *dsfetch.Fetch, meetingUserID
}

func (m MeetingUser) modeE(ctx context.Context, ds *dsfetch.Fetch, meetingUserIDs ...int) ([]int, error) {
return meetingPerm(ctx, ds, m, meetingUserIDs, perm.UserCanSeeSensitiveData)
requestUser, err := perm.RequestUserFromContext(ctx)
if err != nil {
return nil, fmt.Errorf("getting request user: %w", err)
}

return eachMeeting(ctx, ds, m, meetingUserIDs, func(meetingID int, idsInMeeting []int) ([]int, error) {
perms, err := perm.FromContext(ctx, meetingID)
if err != nil {
return nil, fmt.Errorf("getting permission: %w", err)
}

if perms.Has(perm.UserCanSeeSensitiveData) {
return idsInMeeting, nil
}

return eachRelationField(ctx, ds.MeetingUser_UserID, idsInMeeting, func(userID int, ids []int) ([]int, error) {
if userID == requestUser {
return ids, nil
}

return nil, nil
})
})
}
14 changes: 14 additions & 0 deletions internal/restrict/collection/meeting_user_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -222,6 +222,20 @@ func TestMeetingUserModeE(t *testing.T) {
withElementID(20),
)

testCase(
"Without perms themselves",
t,
mode,
true,
`---
user/1/id: 1
meeting_user/20:
user_id: 1
meeting_id: 5
`,
withElementID(20),
)

testCase(
"Can see",
t,
Expand Down

0 comments on commit 2168628

Please sign in to comment.