From 660b78d9e2bea922e46d675f6cb4e1a6e65fc0e0 Mon Sep 17 00:00:00 2001 From: Riccardo Re Date: Sun, 13 Sep 2020 19:53:31 +0200 Subject: [PATCH] fix: support permissions by tags for basic db search engine (#2416) This code will allow the "search" component to correctly filter pages by usergroup permissions based on tags instead of paths Co-authored-by: Riccardo Re --- server/graph/resolvers/page.js | 3 ++- server/modules/search/db/engine.js | 6 +++++- 2 files changed, 7 insertions(+), 2 deletions(-) diff --git a/server/graph/resolvers/page.js b/server/graph/resolvers/page.js index 1d16a9e4..d1e60121 100644 --- a/server/graph/resolvers/page.js +++ b/server/graph/resolvers/page.js @@ -57,7 +57,8 @@ module.exports = { results: _.filter(resp.results, r => { return WIKI.auth.checkAccess(context.req.user, ['read:pages'], { path: r.path, - locale: r.locale + locale: r.locale, + tags: r.tags // Tags are needed since access permissions can be limited by page tags too }) }) } diff --git a/server/modules/search/db/engine.js b/server/modules/search/db/engine.js index 14bea0a4..04cb4280 100644 --- a/server/modules/search/db/engine.js +++ b/server/modules/search/db/engine.js @@ -21,7 +21,11 @@ module.exports = { */ async query(q, opts) { const results = await WIKI.models.pages.query() - .column('id', 'title', 'description', 'path', 'localeCode as locale') + .column('pages.id', 'title', 'description', 'path', 'localeCode as locale') + .withGraphJoined('tags') // Adding page tags since they can be used to check resource access permissions + .modifyGraph('tags', builder => { + builder.select('tag') + }) .where(builder => { builder.where('isPublished', true) if (opts.locale) {