mirrors/TiddlyWiki5
1
0
Fork 0
mirror of https://github.com/Jermolene/TiddlyWiki5 synced 2025-01-08 16:30:26 +00:00
Code Issues Releases Wiki Activity

#8854 fix acl error in anon mode (#8857)

Browse Source 
* #8854 fix acl error in anon mode

* #8854 fix test failure
This commit is contained in:
webplusai 2024-12-23 14:07:43 +00:00 committed by GitHub
parent ddfc8c469c
commit d72a4c9826
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
6 changed files with 31 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
plugins/tiddlywiki/multiwikiserver/modules/routes/handlers/get-acl.js
View File

@ -39,7 +39,10 @@ exports.handler = function (request, response, state) {
var permissions = state.server.sqlTiddlerDatabase.listPermissions(); var permissions = state.server.sqlTiddlerDatabase.listPermissions();
// This ensures that the user attempting to view the ACL management page has permission to do so // This ensures that the user attempting to view the ACL management page has permission to do so
if(!state.authenticatedUser?.isAdmin && (!state.authenticatedUser || (recipeAclRecords.length > 0 && !sqlTiddlerDatabase.hasRecipePermission(state.authenticatedUser.user_id, recipeName, 'WRITE')))){ if(!state.authenticatedUser?.isAdmin &&
!state.firstGuestUser &&
(!state.authenticatedUser || (recipeAclRecords.length > 0 && !sqlTiddlerDatabase.hasRecipePermission(state.authenticatedUser.user_id, recipeName, 'WRITE')))
){
response.writeHead(403, "Forbidden"); response.writeHead(403, "Forbidden");
response.end(); response.end();
return return

7
plugins/tiddlywiki/multiwikiserver/modules/routes/handlers/get-index.js
View File

@ -33,7 +33,12 @@ exports.handler = function(request,response,state) {
// filter bags and recipies by user's read access from ACL // filter bags and recipies by user's read access from ACL
var allowedRecipes = recipeList.filter(recipe => recipe.recipe_name.startsWith("$:/") || state.authenticatedUser?.isAdmin || sqlTiddlerDatabase.hasRecipePermission(state.authenticatedUser?.user_id, recipe.recipe_name, 'READ') || state.allowAnon && state.allowAnonReads); var allowedRecipes = recipeList.filter(recipe => recipe.recipe_name.startsWith("$:/") || state.authenticatedUser?.isAdmin || sqlTiddlerDatabase.hasRecipePermission(state.authenticatedUser?.user_id, recipe.recipe_name, 'READ') || state.allowAnon && state.allowAnonReads);
var allowedBags = bagList.filter(bag => bag.bag_name.startsWith("$:/") || state.authenticatedUser?.isAdmin || sqlTiddlerDatabase.hasBagPermission(state.authenticatedUser?.user_id, bag.bag_name, 'READ') || state.allowAnon && state.allowAnonReads); var allowedBags = bagList.filter(bag => bag.bag_name.startsWith("$:/") || state.authenticatedUser?.isAdmin || sqlTiddlerDatabase.hasBagPermission(state.authenticatedUser?.user_id, bag.bag_name, 'READ') || state.allowAnon && state.allowAnonReads);
allowedRecipes = allowedRecipes.map(recipe => {
return {
...recipe,
has_acl_access: state.authenticatedUser?.isAdmin || recipe.owner_id === state.authenticatedUser?.user_id || sqlTiddlerDatabase.hasRecipePermission(state.authenticatedUser?.user_id, recipe.recipe_name, 'WRITE')
}
});
// Render the html // Render the html
var html = $tw.mws.store.adminWiki.renderTiddler("text/plain","$:/plugins/tiddlywiki/multiwikiserver/templates/page",{ var html = $tw.mws.store.adminWiki.renderTiddler("text/plain","$:/plugins/tiddlywiki/multiwikiserver/templates/page",{
variables: { variables: {

3
plugins/tiddlywiki/multiwikiserver/modules/store/sql-tiddler-database.js
View File

@ -234,7 +234,7 @@ Returns array of {recipe_name:,recipe_id:,description:,bag_names: []}
*/ */
SqlTiddlerDatabase.prototype.listRecipes = function() { SqlTiddlerDatabase.prototype.listRecipes = function() {
const rows = this.engine.runStatementGetAll(` const rows = this.engine.runStatementGetAll(`
SELECT r.recipe_name, r.recipe_id, r.description, b.bag_name, rb.position SELECT r.recipe_name, r.recipe_id, r.description, r.owner_id, b.bag_name, rb.position
FROM recipes AS r FROM recipes AS r
JOIN recipe_bags AS rb ON rb.recipe_id = r.recipe_id JOIN recipe_bags AS rb ON rb.recipe_id = r.recipe_id
JOIN bags AS b ON rb.bag_id = b.bag_id JOIN bags AS b ON rb.bag_id = b.bag_id
@ -250,6 +250,7 @@ SqlTiddlerDatabase.prototype.listRecipes = function() {
recipe_name: row.recipe_name, recipe_name: row.recipe_name,
recipe_id: row.recipe_id, recipe_id: row.recipe_id,
description: row.description, description: row.description,
owner_id: row.owner_id,
bag_names: [] bag_names: []
}); });
} }

8
plugins/tiddlywiki/multiwikiserver/modules/store/tests-sql-tiddler-database.js
View File

@ -49,10 +49,10 @@ function runSqlDatabaseTests(engine) {
expect(sqlTiddlerDatabase.createRecipe("recipe-tau",["bag-alpha"],"Recipe tau")).toEqual(3); expect(sqlTiddlerDatabase.createRecipe("recipe-tau",["bag-alpha"],"Recipe tau")).toEqual(3);
expect(sqlTiddlerDatabase.createRecipe("recipe-upsilon",["bag-alpha","bag-gamma","bag-beta"],"Recipe upsilon")).toEqual(4); expect(sqlTiddlerDatabase.createRecipe("recipe-upsilon",["bag-alpha","bag-gamma","bag-beta"],"Recipe upsilon")).toEqual(4);
expect(sqlTiddlerDatabase.listRecipes()).toEqual([ expect(sqlTiddlerDatabase.listRecipes()).toEqual([
{ recipe_name: 'recipe-rho', recipe_id: 1, bag_names: ["bag-alpha","bag-beta"], description: "Recipe rho" }, { recipe_name: 'recipe-rho', recipe_id: 1, bag_names: ["bag-alpha","bag-beta"], description: "Recipe rho", owner_id: null },
{ recipe_name: 'recipe-sigma', recipe_id: 2, bag_names: ["bag-alpha","bag-gamma"], description: "Recipe sigma" }, { recipe_name: 'recipe-sigma', recipe_id: 2, bag_names: ["bag-alpha","bag-gamma"], description: "Recipe sigma", owner_id: null },
{ recipe_name: 'recipe-tau', recipe_id: 3, bag_names: ["bag-alpha"], description: "Recipe tau" }, { recipe_name: 'recipe-tau', recipe_id: 3, bag_names: ["bag-alpha"], description: "Recipe tau", owner_id: null },
{ recipe_name: 'recipe-upsilon', recipe_id: 4, bag_names: ["bag-alpha","bag-gamma","bag-beta"], description: "Recipe upsilon" } { recipe_name: 'recipe-upsilon', recipe_id: 4, bag_names: ["bag-alpha","bag-gamma","bag-beta"], description: "Recipe upsilon", owner_id: null }
]); ]);
expect(sqlTiddlerDatabase.getRecipeBags("recipe-rho")).toEqual(["bag-alpha","bag-beta"]); expect(sqlTiddlerDatabase.getRecipeBags("recipe-rho")).toEqual(["bag-alpha","bag-beta"]);
expect(sqlTiddlerDatabase.getRecipeBags("recipe-sigma")).toEqual(["bag-alpha","bag-gamma"]); expect(sqlTiddlerDatabase.getRecipeBags("recipe-sigma")).toEqual(["bag-alpha","bag-gamma"]);

2
plugins/tiddlywiki/multiwikiserver/modules/store/tests-sql-tiddler-store.js
View File

@ -96,7 +96,7 @@ function runSqlStoreTests(engine) {
expect(store.createRecipe("recipe-rho",["bag-alpha","bag-beta"],"Recipe rho")).toEqual(null); expect(store.createRecipe("recipe-rho",["bag-alpha","bag-beta"],"Recipe rho")).toEqual(null);
expect(store.listRecipes()).toEqual([ expect(store.listRecipes()).toEqual([
{ recipe_name: "recipe-rho", recipe_id: 1, bag_names: ["bag-alpha","bag-beta"], description: "Recipe rho" } { recipe_name: "recipe-rho", recipe_id: 1, bag_names: ["bag-alpha","bag-beta"], description: "Recipe rho", owner_id: null }
]); ]);
}); });

2
plugins/tiddlywiki/multiwikiserver/templates/get-index.tid
View File

@ -89,6 +89,7 @@ title: $:/plugins/tiddlywiki/multiwikiserver/templates/get-index
</div> </div>
</div> </div>
<div class="mws-wiki-card-actions"> <div class="mws-wiki-card-actions">
<$list filter="[<recipe-info>jsonget[has_acl_access]match[true]]">
<$set name="last-bag" value={{{ [<recipe-info>jsonget[bag_names]last[]] }}}> <$set name="last-bag" value={{{ [<recipe-info>jsonget[bag_names]last[]] }}}>
<a <a
href={{{ [<recipe-name>addprefix[/admin/acl/]addsuffix[/]addsuffix<last-bag>] }}} href={{{ [<recipe-name>addprefix[/admin/acl/]addsuffix[/]addsuffix<last-bag>] }}}
@ -101,6 +102,7 @@ title: $:/plugins/tiddlywiki/multiwikiserver/templates/get-index
</svg> </svg>
</a> </a>
</$set> </$set>
</$list>
</div> </div>
</div> </div>
</$let> </$let>