From d72a4c982620a5b24b6fca0885bb9f7732eeec87 Mon Sep 17 00:00:00 2001 From: webplusai Date: Mon, 23 Dec 2024 14:07:43 +0000 Subject: [PATCH] #8854 fix acl error in anon mode (#8857) * #8854 fix acl error in anon mode * #8854 fix test failure --- .../modules/routes/handlers/get-acl.js | 5 +++- .../modules/routes/handlers/get-index.js | 7 ++++- .../modules/store/sql-tiddler-database.js | 3 ++- .../store/tests-sql-tiddler-database.js | 8 +++--- .../modules/store/tests-sql-tiddler-store.js | 2 +- .../multiwikiserver/templates/get-index.tid | 26 ++++++++++--------- 6 files changed, 31 insertions(+), 20 deletions(-) diff --git a/plugins/tiddlywiki/multiwikiserver/modules/routes/handlers/get-acl.js b/plugins/tiddlywiki/multiwikiserver/modules/routes/handlers/get-acl.js index 2cee7f275..1c6e2f1b7 100644 --- a/plugins/tiddlywiki/multiwikiserver/modules/routes/handlers/get-acl.js +++ b/plugins/tiddlywiki/multiwikiserver/modules/routes/handlers/get-acl.js @@ -39,7 +39,10 @@ exports.handler = function (request, response, state) { var permissions = state.server.sqlTiddlerDatabase.listPermissions(); // This ensures that the user attempting to view the ACL management page has permission to do so - if(!state.authenticatedUser?.isAdmin && (!state.authenticatedUser || (recipeAclRecords.length > 0 && !sqlTiddlerDatabase.hasRecipePermission(state.authenticatedUser.user_id, recipeName, 'WRITE')))){ + if(!state.authenticatedUser?.isAdmin && + !state.firstGuestUser && + (!state.authenticatedUser || (recipeAclRecords.length > 0 && !sqlTiddlerDatabase.hasRecipePermission(state.authenticatedUser.user_id, recipeName, 'WRITE'))) + ){ response.writeHead(403, "Forbidden"); response.end(); return diff --git a/plugins/tiddlywiki/multiwikiserver/modules/routes/handlers/get-index.js b/plugins/tiddlywiki/multiwikiserver/modules/routes/handlers/get-index.js index bcaa6482a..5dd58ffb6 100644 --- a/plugins/tiddlywiki/multiwikiserver/modules/routes/handlers/get-index.js +++ b/plugins/tiddlywiki/multiwikiserver/modules/routes/handlers/get-index.js @@ -33,7 +33,12 @@ exports.handler = function(request,response,state) { // filter bags and recipies by user's read access from ACL var allowedRecipes = recipeList.filter(recipe => recipe.recipe_name.startsWith("$:/") || state.authenticatedUser?.isAdmin || sqlTiddlerDatabase.hasRecipePermission(state.authenticatedUser?.user_id, recipe.recipe_name, 'READ') || state.allowAnon && state.allowAnonReads); var allowedBags = bagList.filter(bag => bag.bag_name.startsWith("$:/") || state.authenticatedUser?.isAdmin || sqlTiddlerDatabase.hasBagPermission(state.authenticatedUser?.user_id, bag.bag_name, 'READ') || state.allowAnon && state.allowAnonReads); - + allowedRecipes = allowedRecipes.map(recipe => { + return { + ...recipe, + has_acl_access: state.authenticatedUser?.isAdmin || recipe.owner_id === state.authenticatedUser?.user_id || sqlTiddlerDatabase.hasRecipePermission(state.authenticatedUser?.user_id, recipe.recipe_name, 'WRITE') + } + }); // Render the html var html = $tw.mws.store.adminWiki.renderTiddler("text/plain","$:/plugins/tiddlywiki/multiwikiserver/templates/page",{ variables: { diff --git a/plugins/tiddlywiki/multiwikiserver/modules/store/sql-tiddler-database.js b/plugins/tiddlywiki/multiwikiserver/modules/store/sql-tiddler-database.js index 2eec8adfa..0c8fe8237 100644 --- a/plugins/tiddlywiki/multiwikiserver/modules/store/sql-tiddler-database.js +++ b/plugins/tiddlywiki/multiwikiserver/modules/store/sql-tiddler-database.js @@ -234,7 +234,7 @@ Returns array of {recipe_name:,recipe_id:,description:,bag_names: []} */ SqlTiddlerDatabase.prototype.listRecipes = function() { const rows = this.engine.runStatementGetAll(` - SELECT r.recipe_name, r.recipe_id, r.description, b.bag_name, rb.position + SELECT r.recipe_name, r.recipe_id, r.description, r.owner_id, b.bag_name, rb.position FROM recipes AS r JOIN recipe_bags AS rb ON rb.recipe_id = r.recipe_id JOIN bags AS b ON rb.bag_id = b.bag_id @@ -250,6 +250,7 @@ SqlTiddlerDatabase.prototype.listRecipes = function() { recipe_name: row.recipe_name, recipe_id: row.recipe_id, description: row.description, + owner_id: row.owner_id, bag_names: [] }); } diff --git a/plugins/tiddlywiki/multiwikiserver/modules/store/tests-sql-tiddler-database.js b/plugins/tiddlywiki/multiwikiserver/modules/store/tests-sql-tiddler-database.js index 4a5b94792..13e25e94a 100644 --- a/plugins/tiddlywiki/multiwikiserver/modules/store/tests-sql-tiddler-database.js +++ b/plugins/tiddlywiki/multiwikiserver/modules/store/tests-sql-tiddler-database.js @@ -49,10 +49,10 @@ function runSqlDatabaseTests(engine) { expect(sqlTiddlerDatabase.createRecipe("recipe-tau",["bag-alpha"],"Recipe tau")).toEqual(3); expect(sqlTiddlerDatabase.createRecipe("recipe-upsilon",["bag-alpha","bag-gamma","bag-beta"],"Recipe upsilon")).toEqual(4); expect(sqlTiddlerDatabase.listRecipes()).toEqual([ - { recipe_name: 'recipe-rho', recipe_id: 1, bag_names: ["bag-alpha","bag-beta"], description: "Recipe rho" }, - { recipe_name: 'recipe-sigma', recipe_id: 2, bag_names: ["bag-alpha","bag-gamma"], description: "Recipe sigma" }, - { recipe_name: 'recipe-tau', recipe_id: 3, bag_names: ["bag-alpha"], description: "Recipe tau" }, - { recipe_name: 'recipe-upsilon', recipe_id: 4, bag_names: ["bag-alpha","bag-gamma","bag-beta"], description: "Recipe upsilon" } + { recipe_name: 'recipe-rho', recipe_id: 1, bag_names: ["bag-alpha","bag-beta"], description: "Recipe rho", owner_id: null }, + { recipe_name: 'recipe-sigma', recipe_id: 2, bag_names: ["bag-alpha","bag-gamma"], description: "Recipe sigma", owner_id: null }, + { recipe_name: 'recipe-tau', recipe_id: 3, bag_names: ["bag-alpha"], description: "Recipe tau", owner_id: null }, + { recipe_name: 'recipe-upsilon', recipe_id: 4, bag_names: ["bag-alpha","bag-gamma","bag-beta"], description: "Recipe upsilon", owner_id: null } ]); expect(sqlTiddlerDatabase.getRecipeBags("recipe-rho")).toEqual(["bag-alpha","bag-beta"]); expect(sqlTiddlerDatabase.getRecipeBags("recipe-sigma")).toEqual(["bag-alpha","bag-gamma"]); diff --git a/plugins/tiddlywiki/multiwikiserver/modules/store/tests-sql-tiddler-store.js b/plugins/tiddlywiki/multiwikiserver/modules/store/tests-sql-tiddler-store.js index b8177e7dd..c5888b2ce 100644 --- a/plugins/tiddlywiki/multiwikiserver/modules/store/tests-sql-tiddler-store.js +++ b/plugins/tiddlywiki/multiwikiserver/modules/store/tests-sql-tiddler-store.js @@ -96,7 +96,7 @@ function runSqlStoreTests(engine) { expect(store.createRecipe("recipe-rho",["bag-alpha","bag-beta"],"Recipe rho")).toEqual(null); expect(store.listRecipes()).toEqual([ - { recipe_name: "recipe-rho", recipe_id: 1, bag_names: ["bag-alpha","bag-beta"], description: "Recipe rho" } + { recipe_name: "recipe-rho", recipe_id: 1, bag_names: ["bag-alpha","bag-beta"], description: "Recipe rho", owner_id: null } ]); }); diff --git a/plugins/tiddlywiki/multiwikiserver/templates/get-index.tid b/plugins/tiddlywiki/multiwikiserver/templates/get-index.tid index 1df7e7d75..da81e2be9 100644 --- a/plugins/tiddlywiki/multiwikiserver/templates/get-index.tid +++ b/plugins/tiddlywiki/multiwikiserver/templates/get-index.tid @@ -89,18 +89,20 @@ title: $:/plugins/tiddlywiki/multiwikiserver/templates/get-index
- <$set name="last-bag" value={{{ [jsonget[bag_names]last[]] }}}> - addprefix[/admin/acl/]addsuffix[/]addsuffix] }}} - class="mws-wiki-card-action" - title="Manage ACL" - > - - - - - - + <$list filter="[jsonget[has_acl_access]match[true]]"> + <$set name="last-bag" value={{{ [jsonget[bag_names]last[]] }}}> + addprefix[/admin/acl/]addsuffix[/]addsuffix] }}} + class="mws-wiki-card-action" + title="Manage ACL" + > + + + + + + +