fix: remove global readability of namespace nodes
Build and Publish Arch Package / build-arch (amd64, x86_64) (push) Successful in 50s
Build and Publish Arch Package / build-arch (arm64, aarch64) (push) Successful in 43s
Build and Publish Docker Image / build-apk (amd64, x86_64) (push) Successful in 44s
Build and Publish Docker Image / build-apk (arm64, aarch64) (push) Successful in 55s
Build and Publish Docker Image / build-and-push-docker (push) Successful in 10m46s
Build and Publish Arch Package / build-arch (amd64, x86_64) (push) Successful in 50s
Build and Publish Arch Package / build-arch (arm64, aarch64) (push) Successful in 43s
Build and Publish Docker Image / build-apk (amd64, x86_64) (push) Successful in 44s
Build and Publish Docker Image / build-apk (arm64, aarch64) (push) Successful in 55s
Build and Publish Docker Image / build-and-push-docker (push) Successful in 10m46s
This commit is contained in:
@@ -185,16 +185,15 @@ func (s *nodeServiceImpl) getPermContext() (*permContext, error) {
|
||||
}
|
||||
}
|
||||
|
||||
// User and namespace nodes are globally readable (they represent identities,
|
||||
// User nodes are globally readable (they represent identities,
|
||||
// and anyone can reference or assign to them).
|
||||
for _, nodeType := range []string{"user", "namespace"} {
|
||||
nodes, _ := s.store.FindNodes([]*models.Rel{{Type: models.RelType("_type::" + nodeType), Target: ""}})
|
||||
// Namespace nodes are NOT globally readable; access must be explicitly granted.
|
||||
nodes, _ := s.store.FindNodes([]*models.Rel{{Type: "_type::user", Target: ""}})
|
||||
for _, n := range nodes {
|
||||
if pc.levels[n.ID] < permRead {
|
||||
pc.levels[n.ID] = permRead
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
return pc, nil
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user