Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Writer permission is incorrectly validated during the merge #424

Open
magnified103 opened this issue Feb 4, 2025 · 0 comments · May be fixed by #439
Open

Writer permission is incorrectly validated during the merge #424

magnified103 opened this issue Feb 4, 2025 · 0 comments · May be fixed by #439
Assignees
@winprn

Comments

@magnified103
Copy link
Contributor

The permission check should validate against the ACL state for the corresponding vertex hash

ts-drp/packages/object/src/index.ts

Lines 235 to 245 in 9b42353

for (const vertex of vertices) {
// Check to avoid manually crafted `undefined` operations
if (!vertex.operation || this.hashGraph.vertices.has(vertex.hash)) {
continue;
}
try {
if (!this._checkWriterPermission(vertex.peerId)) {
throw new Error(`${vertex.peerId} does not have write permission.`);
}
const preComputeLca = this.computeLCA(vertex.dependencies);

ts-drp/packages/object/src/index.ts

Lines 318 to 323 in 9b42353

private _checkWriterPermission(peerId: string): boolean {
return this.acl
? (this.acl as ACL).permissionless || (this.acl as ACL).query_isWriter(peerId)
: true;
}

Previously this was done correctly, however due to several code rebases it became incorrect.

ts-drp/packages/object/src/index.ts

Lines 185 to 195 in cc45067

// Check to avoid manually crafted `undefined` operations
if (!vertex.operation || this.hashGraph.vertices.has(vertex.hash)) {
continue;
}
try {
const drp = this._computeDRP(vertex.dependencies);
if (!this._checkWriterPermission(drp, vertex.peerId)) {
throw new Error(`${vertex.peerId} does not have write permission.`);
}

@github-project-automation github-project-automation bot moved this to 🔮 Backlog in Project Management Feb 4, 2025
@magnified103 magnified103 changed the title Writer permission is incorrectly validated during the merge. Writer permission is incorrectly validated during the merge Feb 5, 2025
@winprn winprn self-assigned this Feb 5, 2025
@winprn winprn moved this from 🔮 Backlog to ⚙️ In Progress in Project Management Feb 5, 2025
@winprn winprn linked a pull request Feb 5, 2025 that will close this issue
Open
@winprn winprn moved this from ⚙️ In Progress to 👀 Review in Project Management Feb 5, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@winprn winprn

Labels
None yet
Projects
Project Management
Status: 👀 Review
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

fix: writer permission check topology-foundation/ts-drp
2 participants
@magnified103 @winprn