neogenia/neo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

WIP - better handling of viewAll modifyAll

Browse Source
This commit is contained in:
Francisco Gaona
2025-12-30 04:43:51 +01:00
parent d37183ba45
commit 9ac69e30d0
3 changed files with 104 additions and 211 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
backend/src/rbac/authorization.service.ts
View File

@@ -120,7 +120,13 @@ export class AuthorizationService {
const hasViewAll = ability.can('view_all', objectDef.id);
const hasModifyAll = ability.can('modify_all', objectDef.id);
if (hasViewAll || hasModifyAll) {
// canViewAll only grants read access to all records
if (action === 'read' && hasViewAll) {
return true;
}
// canModifyAll grants edit/delete access to all records
if ((action === 'update' || action === 'delete') && hasModifyAll) {
return true;
}