fix: Page Rules based on Tag Matches do not work for comment permissions (#5819)

This commit is contained in:
natsutteatsuiyone 2022-11-08 06:47:42 +09:00 committed by GitHub
parent 1893fd499a
commit 2cb304100c
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 18 additions and 6 deletions

View File

@ -40,9 +40,13 @@ module.exports = {
* Fetch list of comments for a page * Fetch list of comments for a page
*/ */
async list (obj, args, context) { async list (obj, args, context) {
const page = await WIKI.models.pages.query().select('id').findOne({ localeCode: args.locale, path: args.path }) const page = await WIKI.models.pages.query().select('pages.id').findOne({ localeCode: args.locale, path: args.path })
.withGraphJoined('tags')
.modifyGraph('tags', builder => {
builder.select('tag')
})
if (page) { if (page) {
if (WIKI.auth.checkAccess(context.req.user, ['read:comments'], args)) { if (WIKI.auth.checkAccess(context.req.user, ['read:comments'], { tags: page.tags, ...args })) {
const comments = await WIKI.models.comments.query().where('pageId', page.id).orderBy('createdAt') const comments = await WIKI.models.comments.query().where('pageId', page.id).orderBy('createdAt')
return comments.map(c => ({ return comments.map(c => ({
...c, ...c,
@ -66,10 +70,15 @@ module.exports = {
throw new WIKI.Error.CommentNotFound() throw new WIKI.Error.CommentNotFound()
} }
const page = await WIKI.models.pages.query().select('localeCode', 'path').findById(cm.pageId) const page = await WIKI.models.pages.query().select('localeCode', 'path').findById(cm.pageId)
.withGraphJoined('tags')
.modifyGraph('tags', builder => {
builder.select('tag')
})
if (page) { if (page) {
if (WIKI.auth.checkAccess(context.req.user, ['read:comments'], { if (WIKI.auth.checkAccess(context.req.user, ['read:comments'], {
path: page.path, path: page.path,
locale: page.localeCode locale: page.localeCode,
tags: page.tags
})) { })) {
return { return {
...cm, ...cm,

View File

@ -99,7 +99,8 @@ module.exports = class Comment extends Model {
if (page) { if (page) {
if (!WIKI.auth.checkAccess(user, ['write:comments'], { if (!WIKI.auth.checkAccess(user, ['write:comments'], {
path: page.path, path: page.path,
locale: page.localeCode locale: page.localeCode,
tags: page.tags
})) { })) {
throw new WIKI.Error.CommentPostForbidden() throw new WIKI.Error.CommentPostForbidden()
} }
@ -136,7 +137,8 @@ module.exports = class Comment extends Model {
if (page) { if (page) {
if (!WIKI.auth.checkAccess(user, ['manage:comments'], { if (!WIKI.auth.checkAccess(user, ['manage:comments'], {
path: page.path, path: page.path,
locale: page.localeCode locale: page.localeCode,
tags: page.tags
})) { })) {
throw new WIKI.Error.CommentManageForbidden() throw new WIKI.Error.CommentManageForbidden()
} }
@ -169,7 +171,8 @@ module.exports = class Comment extends Model {
if (page) { if (page) {
if (!WIKI.auth.checkAccess(user, ['manage:comments'], { if (!WIKI.auth.checkAccess(user, ['manage:comments'], {
path: page.path, path: page.path,
locale: page.localeCode locale: page.localeCode,
tags: page.tags
})) { })) {
throw new WIKI.Error.CommentManageForbidden() throw new WIKI.Error.CommentManageForbidden()
} }