lee/puter
1
0
Fork 0
mirror of https://github.com/HeyPuter/puter.git synced 2026-05-04 08:30:39 +00:00
Code Issues Actions 8 Packages Projects Releases Wiki Activity

fix(backend): undo part of 35461a0
Docker Image CI / build-and-push-image (push) Has been cancelled
Details
Maintain Release Merge PR / update-release-pr (push) Has been cancelled
Details
release-please / release-please (push) Has been cancelled
Details
test / test-backend (24.x) (push) Has been cancelled
Details
test / API tests (node env, api-test) (24.x) (push) Has been cancelled
Details
test / puterjs (node env, vitest) (24.x) (push) Has been cancelled
Details

Browse Source 
It turns out this part of `35461a0` was not necessary to fix this issue,
and the code is still more correct if it falls true when the token's
authorizor has a permission granted.
This commit is contained in:
KernelDeimos
2026-02-03 15:19:00 -05:00
committed by Eric Dubé
parent 8cd0a7f76b
commit cbde123aa1
1 changed files with 2 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files
src/backend/src/services/auth/ACLService.js
+2 -1
View File
@@ -425,7 +425,8 @@ class ACLService extends BaseService {
// Access tokens only work if the authorizer has permission
if ( actor.type instanceof AccessTokenActorType ) {
const authorizer = actor.type.authorizer;
return await this._check_fsNode(authorizer, fsNode, mode);
const authorizer_perm = await this._check_fsNode(authorizer, fsNode, mode);
if ( ! authorizer_perm ) return false;
}
// Hard rule: if app-under-user is accessing appdata directory, allow