summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorChristian Hofmaier2020-04-29 17:07:34 +0200
committerChristian Hofmaier2020-04-29 17:07:34 +0200
commit9c4d7f5cc3751f4c3cc5b3a16988a1e2bb72fb10 (patch)
treea6e257210990f16638b47f55ac7f2735dc398f63
parent[server/external-backend/idoit] Catch better error messages (diff)
downloadbas-9c4d7f5cc3751f4c3cc5b3a16988a1e2bb72fb10.tar.gz
bas-9c4d7f5cc3751f4c3cc5b3a16988a1e2bb72fb10.tar.xz
bas-9c4d7f5cc3751f4c3cc5b3a16988a1e2bb72fb10.zip
[permissionmanager] fix loops in parent checks
-rw-r--r--server/lib/permissions/permissionhelper.js10
1 files changed, 7 insertions, 3 deletions
diff --git a/server/lib/permissions/permissionhelper.js b/server/lib/permissions/permissionhelper.js
index 175f0a1..606820e 100644
--- a/server/lib/permissions/permissionhelper.js
+++ b/server/lib/permissions/permissionhelper.js
@@ -204,7 +204,7 @@ async function hasPermissionForClient (userid, permissionName, clientId) {
// Check if parents of groupIds are in the whitelist / blacklist
// Whitelist returns true, blacklist or no parent in either list returns false
-async function checkParents (groupIds, whitelist, blacklist) {
+async function checkParents (groupIds, whitelist, blacklist, knownGrps = []) {
// No whitelist means the group can't be in one
if (whitelist.length === 0) return false
@@ -215,11 +215,15 @@ async function checkParents (groupIds, whitelist, blacklist) {
for (let i = 0; i < groups.length; i++) {
for (let j = 0; j < groups[i].parents.length; j++) {
var id = groups[i].parents[j].id
+
+ if (knownGrps.includes(id)) continue
+
// Parent is blacklisted
if (blacklist.includes(id)) return false
// Parent is whitelisted, continue loop to see if another parent on SAME LAYER is blacklisted, as blacklisted > whitelisted
if (whitelist.includes(id)) result = true
- if (!parentIds.includes(id)) parentIds.push(id)
+ parentIds.push(id)
+ knownGrps.push(id)
}
}
@@ -230,6 +234,6 @@ async function checkParents (groupIds, whitelist, blacklist) {
if (parentIds.length === 0) return false
// Check next layer of parents
- result = await checkParents(parentIds, whitelist, blacklist)
+ result = await checkParents(parentIds, whitelist, blacklist, knownGrps)
return result
}