add frontend grant check when closed permission mode frontend (#539)

2025-01-03 12:39:07 +01:00 · 2024-06-18 13:54:04 -04:00 · 2024-06-18 13:54:04 -04:00 · 9bbe4532a0
commit 9bbe4532a0
parent 49368dc542
2 changed files with 29 additions and 0 deletions
--- a/controller/share.go
+++ b/controller/share.go
@ -116,6 +116,17 @@ func (h *shareHandler) Handle(params share.ShareParams, principal *rest_model_zr
 				logrus.Error(err)
 				return share.NewShareNotFound()
 			}
 			if sfe.PermissionMode == store.ClosedPermissionMode {
 				granted, err := str.IsFrontendGrantedToAccount(int(principal.ID), sfe.Id, trx)
 				if err != nil {
 					logrus.Error(err)
 					return share.NewShareInternalServerError()
 				}
 				if !granted {
 					logrus.Errorf("'%v' is not granted access to frontend '%v'", principal.Email, frontendSelection)
 					return share.NewShareNotFound()
 				}
 			}
 			if sfe != nil && sfe.UrlTemplate != nil {
 				frontendZIds = append(frontendZIds, sfe.ZId)
 				frontendTemplates = append(frontendTemplates, *sfe.UrlTemplate)
--- a/controller/store/frontendGrant.go
+++ b/controller/store/frontendGrant.go
@ -0,0 +1,18 @@
 package store
 import (
 	"github.com/jmoiron/sqlx"
 	"github.com/pkg/errors"
 )
 func (str *Store) IsFrontendGrantedToAccount(acctId, frontendId int, trx *sqlx.Tx) (bool, error) {
 	stmt, err := trx.Prepare("select count(0) from frontend_grants where account_id = $1 AND frontend_id = $2")
 	if err != nil {
 		return false, errors.Wrap(err, "error preparing frontend_grants select statement")
 	}
 	var count int
 	if err := stmt.QueryRow(acctId, frontendId).Scan(&count); err != nil {
 		return false, errors.Wrap(err, "error querying frontend_grants count")
 	}
 	return count > 0, nil
 }