mirror of
https://github.com/fosrl/pangolin.git
synced 2026-07-08 07:05:08 +02:00
Email whitelist should respect policies
This commit is contained in:
@@ -109,13 +109,14 @@ export async function setResourceWhitelist(
|
||||
);
|
||||
}
|
||||
|
||||
const isInlinePolicy =
|
||||
resource.resourcePolicyId === null &&
|
||||
resource.defaultResourcePolicyId !== null;
|
||||
|
||||
if (isInlinePolicy) {
|
||||
const policyId = resource.defaultResourcePolicyId!;
|
||||
// A shared policy takes precedence over the resource's inline
|
||||
// (default) policy, which takes precedence over the resource's own
|
||||
// direct whitelist fields. This mirrors the precedence used at
|
||||
// request time in authWithWhitelist.ts / getResourceAuthInfo.ts.
|
||||
const policyId =
|
||||
resource.resourcePolicyId ?? resource.defaultResourcePolicyId;
|
||||
|
||||
if (policyId !== null) {
|
||||
const [policy] = await db
|
||||
.select()
|
||||
.from(resourcePolicies)
|
||||
|
||||
Reference in New Issue
Block a user