ti.sil/sourcebot
1
0
Fork 0
mirror of https://github.com/sourcebot-dev/sourcebot.git synced 2025-12-11 20:05:25 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

enforce permitted user check even when no where clause
Some checks are pending
Publish to ghcr / build (linux/amd64, blacksmith-4vcpu-ubuntu-2404) (push) Waiting to run
Details
Publish to ghcr / build (linux/arm64, blacksmith-8vcpu-ubuntu-2204-arm) (push) Waiting to run
Details
Publish to ghcr / merge (push) Blocked by required conditions
Details

Browse source
This commit is contained in:
msukkari 2025-10-26 21:11:42 -07:00
parent 0bd545359e
commit b939d1e420
1 changed files with 20 additions and 20 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

40
packages/web/src/prisma.ts
View file

@ -27,27 +27,27 @@ export const userScopedPrismaClientExtension = (userId?: string) => {
query: { query: {
...(env.EXPERIMENT_EE_PERMISSION_SYNC_ENABLED === 'true' && hasEntitlement('permission-syncing') ? { ...(env.EXPERIMENT_EE_PERMISSION_SYNC_ENABLED === 'true' && hasEntitlement('permission-syncing') ? {
repo: { repo: {
$allOperations({ args, query }) { async $allOperations({ args, query }) {
if ('where' in args) { // eslint-disable-next-line @typescript-eslint/no-explicit-any
args.where = { const argsWithWhere = args as any;
...args.where, argsWithWhere.where = {
OR: [ ...(argsWithWhere.where || {}),
// Only include repos that are permitted to the user OR: [
...(userId ? [ // Only include repos that are permitted to the user
{ ...(userId ? [
permittedUsers: {
some: {
userId,
}
}
},
] : []),
// or are public.
{ {
isPublic: true, permittedUsers: {
} some: {
] userId,
} }
}
},
] : []),
// or are public.
{
isPublic: true,
}
]
} }
return query(args); return query(args);