fix: support permissions by tags for basic db search engine (#2416)

This code will allow the "search" component to correctly filter pages by usergroup permissions based on tags instead of paths Co-authored-by: Riccardo Re <riccardo.re@clevermind.cloud>
2020-09-13 19:53:31 +02:00 · 2020-09-13 19:53:31 +02:00 · 660b78d9e2
commit 660b78d9e2
parent 2d52ba3303
2 changed files with 7 additions and 2 deletions
--- a/server/graph/resolvers/page.js
+++ b/server/graph/resolvers/page.js
@ -57,7 +57,8 @@ module.exports = {
          results: _.filter(resp.results, r => {
            return WIKI.auth.checkAccess(context.req.user, ['read:pages'], {
              path: r.path,
-              locale: r.locale
+              locale: r.locale,
+              tags: r.tags // Tags are needed since access permissions can be limited by page tags too
            })
          })
        }
--- a/server/modules/search/db/engine.js
+++ b/server/modules/search/db/engine.js
@ -21,7 +21,11 @@ module.exports = {
   */
  async query(q, opts) {
    const results = await WIKI.models.pages.query()
-      .column('id', 'title', 'description', 'path', 'localeCode as locale')
+      .column('pages.id', 'title', 'description', 'path', 'localeCode as locale')
+      .withGraphJoined('tags') // Adding page tags since they can be used to check resource access permissions
+      .modifyGraph('tags', builder => {
+        builder.select('tag')
+      })
      .where(builder => {
        builder.where('isPublished', true)
        if (opts.locale) {