From 9c4d7f5cc3751f4c3cc5b3a16988a1e2bb72fb10 Mon Sep 17 00:00:00 2001 From: Christian Hofmaier Date: Wed, 29 Apr 2020 15:07:34 +0000 Subject: [permissionmanager] fix loops in parent checks --- server/lib/permissions/permissionhelper.js | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) (limited to 'server/lib') diff --git a/server/lib/permissions/permissionhelper.js b/server/lib/permissions/permissionhelper.js index 175f0a1..606820e 100644 --- a/server/lib/permissions/permissionhelper.js +++ b/server/lib/permissions/permissionhelper.js @@ -204,7 +204,7 @@ async function hasPermissionForClient (userid, permissionName, clientId) { // Check if parents of groupIds are in the whitelist / blacklist // Whitelist returns true, blacklist or no parent in either list returns false -async function checkParents (groupIds, whitelist, blacklist) { +async function checkParents (groupIds, whitelist, blacklist, knownGrps = []) { // No whitelist means the group can't be in one if (whitelist.length === 0) return false @@ -215,11 +215,15 @@ async function checkParents (groupIds, whitelist, blacklist) { for (let i = 0; i < groups.length; i++) { for (let j = 0; j < groups[i].parents.length; j++) { var id = groups[i].parents[j].id + + if (knownGrps.includes(id)) continue + // Parent is blacklisted if (blacklist.includes(id)) return false // Parent is whitelisted, continue loop to see if another parent on SAME LAYER is blacklisted, as blacklisted > whitelisted if (whitelist.includes(id)) result = true - if (!parentIds.includes(id)) parentIds.push(id) + parentIds.push(id) + knownGrps.push(id) } } @@ -230,6 +234,6 @@ async function checkParents (groupIds, whitelist, blacklist) { if (parentIds.length === 0) return false // Check next layer of parents - result = await checkParents(parentIds, whitelist, blacklist) + result = await checkParents(parentIds, whitelist, blacklist, knownGrps) return result } -- cgit v1.2.3-55-g7522