add frontend grant check when closed permission mode frontend (#539)

2024-11-07 08:44:14 +01:00 · 2024-06-18 13:54:04 -04:00 · 2024-06-18 13:54:04 -04:00 · 9bbe4532a0
commit 9bbe4532a0
parent 49368dc542
2 changed files with 29 additions and 0 deletions
--- a/controller/share.go
+++ b/controller/share.go
@ -116,6 +116,17 @@ func (h *shareHandler) Handle(params share.ShareParams, principal *rest_model_zr
 				logrus.Error(err)
 				return share.NewShareNotFound()
 			}
+			if sfe.PermissionMode == store.ClosedPermissionMode {
+				granted, err := str.IsFrontendGrantedToAccount(int(principal.ID), sfe.Id, trx)
+				if err != nil {
+					logrus.Error(err)
+					return share.NewShareInternalServerError()
+				}
+				if !granted {
+					logrus.Errorf("'%v' is not granted access to frontend '%v'", principal.Email, frontendSelection)
+					return share.NewShareNotFound()
+				}
+			}
 			if sfe != nil && sfe.UrlTemplate != nil {
 				frontendZIds = append(frontendZIds, sfe.ZId)
 				frontendTemplates = append(frontendTemplates, *sfe.UrlTemplate)
--- a/controller/store/frontendGrant.go
+++ b/controller/store/frontendGrant.go
@ -0,0 +1,18 @@
+package store
+
+import (
+	"github.com/jmoiron/sqlx"
+	"github.com/pkg/errors"
+)
+
+func (str *Store) IsFrontendGrantedToAccount(acctId, frontendId int, trx *sqlx.Tx) (bool, error) {
+	stmt, err := trx.Prepare("select count(0) from frontend_grants where account_id = $1 AND frontend_id = $2")
+	if err != nil {
+		return false, errors.Wrap(err, "error preparing frontend_grants select statement")
+	}
+	var count int
+	if err := stmt.QueryRow(acctId, frontendId).Scan(&count); err != nil {
+		return false, errors.Wrap(err, "error querying frontend_grants count")
+	}
+	return count > 0, nil
+}