Skip to content

Commit

Permalink
WIP
Browse files Browse the repository at this point in the history
  • Loading branch information
@yhabteab
yhabteab committed Jul 25, 2022
1 parent 9aee879 commit cefeb5a
Showing 1 changed file with 19 additions and 8 deletions.
27 changes: 19 additions & 8 deletions lib/remote/objectqueryhandler.cpp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -190,7 +190,7 @@ bool ObjectQueryHandler::HandleRequest(
joinAttrs.insert(field.Name);
}

std::unordered_map<Type*, bool> evaluatedTypes;
std::unordered_map<Type*, std::pair<Expression::Ptr, bool>> evaluatedTypes;
std::unordered_map<Object*, bool> joinedRelations;

for (const ConfigObject::Ptr& obj : objs) {
Expand Down Expand Up @@ -262,7 +262,8 @@ bool ObjectQueryHandler::HandleRequest(
continue;

Type::Ptr reflectionType = joinedObj->GetReflectionType();
Expression *permissionFilter;
Expression *permissionFilter = nullptr;
Expression::Ptr evaluatedFilter;

auto it = evaluatedTypes.find(reflectionType.get());

Expand All @@ -273,23 +274,33 @@ bool ObjectQueryHandler::HandleRequest(
// The API user isn't authorized to access this relation, so just ignore it because there
// is no reason to raise an exception here since the actual object requested by the client
// has been found!!
evaluatedTypes.insert({reflectionType.get(), false});
evaluatedFilter = permissionFilter;

evaluatedTypes.insert({reflectionType.get(), std::make_pair(evaluatedFilter, false)});

continue;
}

evaluatedTypes.insert({reflectionType.get(), true});
} else if (!it->second) {
// Not authorized
continue;
evaluatedFilter = permissionFilter;
evaluatedTypes.insert({reflectionType.get(), std::make_pair(evaluatedFilter, true)});
} else {
bool granted;

std::tie(evaluatedFilter, granted) = it->second;

if (! granted) {
// Not authorized
continue;
}
}

auto relation = joinedRelations.find(joinedObj.get());

if (relation == joinedRelations.end()) {
ScriptFrame permissionFrame(false, new Namespace());

try {
if (!FilterUtility::EvaluateFilter(permissionFrame, permissionFilter, joinedObj)) {
if (!FilterUtility::EvaluateFilter(permissionFrame, evaluatedFilter.get(), joinedObj)) {
joinedRelations.insert({joinedObj.get(), false});

continue;
Expand Down

0 comments on commit cefeb5a

Please sign in to comment.