]> BookStack Code Mirror - bookstack/commit
projects / bookstack / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: afe1a04)
Fixed a couple of non-intended logical permission issues
authorDan Brown <redacted>
Sat, 16 Jul 2022 19:55:32 +0000 (20:55 +0100)
committerDan Brown <redacted>
Sat, 16 Jul 2022 19:55:32 +0000 (20:55 +0100)
commit23324018540624d7a6beafd0514f4b7dbe327431
tree8d3e6051203f09a61ab08f49b87b230bffac20cbtree | snapshot
parentafe1a042396454e071b4b3bb5bb0043586ba333acommit | diff
Fixed a couple of non-intended logical permission issues

Both caught in tests:
Fixed loss of permissions for admin users when entity restrictions were
active, since there are no entity-restrictions for the admin role but
we'd force generate them in joint permissions, which would be queried.
Fixed new role permission checks when permissions given with only the
action (eg. 'view'), since the type prefix would be required for role
permission checks. Was previously not needed as only the simpler form
was used in the jointpermissions after merge & calculation.
app/Auth/Permissions/PermissionApplicator.php diff | blob | history
app/Entities/Models/Bookshelf.php diff | blob | history
app/Entities/Tools/ShelfContext.php diff | blob | history
app/Http/Controllers/BookshelfController.php diff | blob | history
The core source code for the BookStack project.
Morty Proxy This is a proxified and sanitized view of the page, visit original site.