From 6aa0db09eadb3c2a95ae9cde84c70f8cbf3f6b58 Mon Sep 17 00:00:00 2001 From: Alexander Onnikov Date: Tue, 2 Dec 2025 11:08:31 +0700 Subject: [PATCH 1/2] fix collaborator security query Signed-off-by: Alexander Onnikov --- packages/postgres/CHANGELOG.json | 12 ++++++++++++ packages/postgres/CHANGELOG.md | 9 ++++++++- packages/postgres/package.json | 2 +- packages/postgres/src/storage.ts | 2 +- 4 files changed, 22 insertions(+), 3 deletions(-) diff --git a/packages/postgres/CHANGELOG.json b/packages/postgres/CHANGELOG.json index ee1916040d3..981eb9ccee2 100644 --- a/packages/postgres/CHANGELOG.json +++ b/packages/postgres/CHANGELOG.json @@ -1,6 +1,18 @@ { "name": "@hcengineering/postgres", "entries": [ + { + "version": "0.7.21", + "tag": "@hcengineering/postgres_v0.7.21", + "date": "Tue, 02 Dec 2025 04:08:02 GMT", + "comments": { + "patch": [ + { + "comment": "fix collaborator security query" + } + ] + } + }, { "version": "0.7.20", "tag": "@hcengineering/postgres_v0.7.20", diff --git a/packages/postgres/CHANGELOG.md b/packages/postgres/CHANGELOG.md index 7eea2f664c1..2a069950b85 100644 --- a/packages/postgres/CHANGELOG.md +++ b/packages/postgres/CHANGELOG.md @@ -1,6 +1,13 @@ # Change Log - @hcengineering/postgres -This log was last generated on Wed, 26 Nov 2025 16:04:43 GMT and should not be manually modified. +This log was last generated on Tue, 02 Dec 2025 04:08:02 GMT and should not be manually modified. + +## 0.7.21 +Tue, 02 Dec 2025 04:08:02 GMT + +### Patches + +- fix collaborator security query ## 0.7.20 Wed, 26 Nov 2025 16:04:43 GMT diff --git a/packages/postgres/package.json b/packages/postgres/package.json index e5146fb88e2..827eae5c912 100644 --- a/packages/postgres/package.json +++ b/packages/postgres/package.json @@ -1,6 +1,6 @@ { "name": "@hcengineering/postgres", - "version": "0.7.20", + "version": "0.7.21", "main": "lib/index.js", "svelte": "src/index.ts", "types": "types/index.d.ts", diff --git a/packages/postgres/src/storage.ts b/packages/postgres/src/storage.ts index 9af207c96e9..a6afd5d8a19 100644 --- a/packages/postgres/src/storage.ts +++ b/packages/postgres/src/storage.ts @@ -640,7 +640,7 @@ abstract class PostgresAdapterBase implements DbAdapter { const collabSec = getClassCollaborators(this.modelDb, this.hierarchy, _class) if (collabSec?.provideSecurity === true && [AccountRole.Guest, AccountRole.ReadOnlyGuest].includes(acc.role)) { const collab = `OR EXISTS (SELECT 1 FROM ${translateDomain(DOMAIN_COLLABORATOR)} collab_sec WHERE collab_sec."workspaceId" = ${vars.add(this.workspaceId, '::uuid')} AND collab_sec."attachedTo" = ${domain}._id AND collab_sec.collaborator = '${acc.uuid}')` - return `AND (${res} + ${collab})` + return `AND (${res} ${collab})` } return `AND (${res})` } From 86e572e5e4401988bfe91fb87762d79a4e8b6213 Mon Sep 17 00:00:00 2001 From: Alexander Onnikov Date: Tue, 2 Dec 2025 11:27:02 +0700 Subject: [PATCH 2/2] update server/postgres version Signed-off-by: Alexander Onnikov --- common/config/rush/pnpm-lock.yaml | 57 ++++----------------------- dev/tool/package.json | 2 +- pods/backup/package.json | 2 +- pods/fulltext/package.json | 2 +- pods/server/package.json | 2 +- server/account/package.json | 2 +- server/workspace-service/package.json | 2 +- services/rating/package.json | 2 +- 8 files changed, 15 insertions(+), 56 deletions(-) diff --git a/common/config/rush/pnpm-lock.yaml b/common/config/rush/pnpm-lock.yaml index 463eb705388..37f92119fd5 100644 --- a/common/config/rush/pnpm-lock.yaml +++ b/common/config/rush/pnpm-lock.yaml @@ -2010,7 +2010,7 @@ importers: specifier: workspace:^0.7.0 version: link:../../services/rating '@hcengineering/postgres': - specifier: workspace:^0.7.19 + specifier: workspace:^0.7.21 version: link:../../foundations/server/packages/postgres '@hcengineering/rank': specifier: workspace:^0.7.17 @@ -29987,7 +29987,7 @@ importers: specifier: workspace:^0.7.19 version: link:../../foundations/core/packages/platform '@hcengineering/postgres': - specifier: workspace:^0.7.19 + specifier: workspace:^0.7.21 version: link:../../foundations/server/packages/postgres '@hcengineering/server-core': specifier: workspace:^0.7.18 @@ -30314,7 +30314,7 @@ importers: specifier: workspace:^0.7.19 version: link:../../foundations/core/packages/platform '@hcengineering/postgres': - specifier: workspace:^0.7.19 + specifier: workspace:^0.7.21 version: link:../../foundations/server/packages/postgres '@hcengineering/server-client': specifier: workspace:^0.7.16 @@ -30701,7 +30701,7 @@ importers: specifier: workspace:^0.7.0 version: link:../../services/translate '@hcengineering/postgres': - specifier: workspace:^0.7.19 + specifier: workspace:^0.7.21 version: link:../../foundations/server/packages/postgres '@hcengineering/rpc': specifier: workspace:^0.7.17 @@ -35284,7 +35284,7 @@ importers: specifier: workspace:^0.7.19 version: link:../../foundations/core/packages/platform '@hcengineering/postgres': - specifier: workspace:^0.7.19 + specifier: workspace:^0.7.21 version: link:../../foundations/server/packages/postgres '@hcengineering/server-core': specifier: workspace:^0.7.18 @@ -36691,7 +36691,7 @@ importers: specifier: workspace:^0.7.19 version: link:../../foundations/core/packages/platform '@hcengineering/postgres': - specifier: workspace:^0.7.19 + specifier: workspace:^0.7.21 version: link:../../foundations/server/packages/postgres '@hcengineering/server-backup': specifier: workspace:^0.7.0 @@ -40149,7 +40149,7 @@ importers: specifier: workspace:^0.7.19 version: link:../../foundations/core/packages/platform '@hcengineering/postgres': - specifier: workspace:^0.7.19 + specifier: workspace:^0.7.21 version: link:../../foundations/server/packages/postgres '@hcengineering/rating': specifier: workspace:^0.7.0 @@ -61252,7 +61252,7 @@ snapshots: node-loader@2.0.0(webpack@5.103.0): dependencies: loader-utils: 2.0.4 - webpack: 5.103.0 + webpack: 5.103.0(@swc/core@1.15.3)(esbuild@0.25.12)(webpack-cli@5.1.4) node-localstorage@2.2.1: dependencies: @@ -63292,15 +63292,6 @@ snapshots: optionalDependencies: '@swc/core': 1.15.3 - terser-webpack-plugin@5.3.14(webpack@5.103.0): - dependencies: - '@jridgewell/trace-mapping': 0.3.31 - jest-worker: 27.5.1 - schema-utils: 4.3.3 - serialize-javascript: 6.0.2 - terser: 5.44.1 - webpack: 5.103.0 - terser@5.44.1: dependencies: '@jridgewell/source-map': 0.3.11 @@ -63966,38 +63957,6 @@ snapshots: webpack-sources@3.3.3: {} - webpack@5.103.0: - dependencies: - '@types/eslint-scope': 3.7.7 - '@types/estree': 1.0.8 - '@types/json-schema': 7.0.15 - '@webassemblyjs/ast': 1.14.1 - '@webassemblyjs/wasm-edit': 1.14.1 - '@webassemblyjs/wasm-parser': 1.14.1 - acorn: 8.15.0 - acorn-import-phases: 1.0.4(acorn@8.15.0) - browserslist: 4.28.0 - chrome-trace-event: 1.0.4 - enhanced-resolve: 5.18.3 - es-module-lexer: 1.7.0 - eslint-scope: 5.1.1 - events: 3.3.0 - glob-to-regexp: 0.4.1 - graceful-fs: 4.2.11 - json-parse-even-better-errors: 2.3.1 - loader-runner: 4.3.1 - mime-types: 2.1.35 - neo-async: 2.6.2 - schema-utils: 4.3.3 - tapable: 2.3.0 - terser-webpack-plugin: 5.3.14(webpack@5.103.0) - watchpack: 2.4.4 - webpack-sources: 3.3.3 - transitivePeerDependencies: - - '@swc/core' - - esbuild - - uglify-js - webpack@5.103.0(@swc/core@1.15.3): dependencies: '@types/eslint-scope': 3.7.7 diff --git a/dev/tool/package.json b/dev/tool/package.json index f23c5585338..cc94a80a96f 100644 --- a/dev/tool/package.json +++ b/dev/tool/package.json @@ -94,7 +94,7 @@ "@hcengineering/model-task": "workspace:^0.7.0", "@hcengineering/model-activity": "workspace:^0.7.0", "@hcengineering/model-lead": "workspace:^0.7.0", - "@hcengineering/postgres": "workspace:^0.7.19", + "@hcengineering/postgres": "workspace:^0.7.21", "@hcengineering/account-client": "workspace:^0.7.20", "@hcengineering/mongo": "workspace:^0.7.16", "@hcengineering/platform": "workspace:^0.7.19", diff --git a/pods/backup/package.json b/pods/backup/package.json index 60bec29229a..8754772ce4e 100644 --- a/pods/backup/package.json +++ b/pods/backup/package.json @@ -62,6 +62,6 @@ "@hcengineering/analytics": "workspace:^0.7.17", "@hcengineering/analytics-service": "workspace:^0.7.17", "@hcengineering/mongo": "workspace:^0.7.16", - "@hcengineering/postgres": "workspace:^0.7.19" + "@hcengineering/postgres": "workspace:^0.7.21" } } diff --git a/pods/fulltext/package.json b/pods/fulltext/package.json index 6b4b8d3d085..de3193885d3 100644 --- a/pods/fulltext/package.json +++ b/pods/fulltext/package.json @@ -73,7 +73,7 @@ "@hcengineering/middleware": "workspace:^0.7.21", "@hcengineering/server-client": "workspace:^0.7.16", "@hcengineering/server-storage": "workspace:^0.7.16", - "@hcengineering/postgres": "workspace:^0.7.19", + "@hcengineering/postgres": "workspace:^0.7.21", "@hcengineering/mongo": "workspace:^0.7.16", "@hcengineering/kafka": "workspace:^0.7.18", "@hcengineering/communication-server": "workspace:^0.7.12", diff --git a/pods/server/package.json b/pods/server/package.json index a8e10448916..3cc7d4ee86a 100644 --- a/pods/server/package.json +++ b/pods/server/package.json @@ -73,7 +73,7 @@ "@hcengineering/platform": "workspace:^0.7.19", "@hcengineering/pod-telegram-bot": "workspace:^0.7.0", "@hcengineering/pod-translate": "workspace:^0.7.0", - "@hcengineering/postgres": "workspace:^0.7.19", + "@hcengineering/postgres": "workspace:^0.7.21", "@hcengineering/rpc": "workspace:^0.7.17", "@hcengineering/server": "workspace:^0.7.17", "@hcengineering/server-ai-bot": "workspace:^0.7.0", diff --git a/server/account/package.json b/server/account/package.json index 1162ce0d31c..a55ef61350e 100644 --- a/server/account/package.json +++ b/server/account/package.json @@ -37,7 +37,7 @@ }, "dependencies": { "@hcengineering/mongo": "workspace:^0.7.16", - "@hcengineering/postgres": "workspace:^0.7.19", + "@hcengineering/postgres": "workspace:^0.7.21", "mongodb": "^6.16.0", "postgres": "^3.4.7", "@hcengineering/platform": "workspace:^0.7.19", diff --git a/server/workspace-service/package.json b/server/workspace-service/package.json index e7d0833ad54..7ba04b473cb 100644 --- a/server/workspace-service/package.json +++ b/server/workspace-service/package.json @@ -58,7 +58,7 @@ "@hcengineering/analytics": "workspace:^0.7.17", "@hcengineering/account-client": "workspace:^0.7.20", "@hcengineering/server-backup": "workspace:^0.7.0", - "@hcengineering/postgres": "workspace:^0.7.19", + "@hcengineering/postgres": "workspace:^0.7.21", "@hcengineering/mongo": "workspace:^0.7.16" } } diff --git a/services/rating/package.json b/services/rating/package.json index 0d6eb8df129..7bbe136af3c 100644 --- a/services/rating/package.json +++ b/services/rating/package.json @@ -69,7 +69,7 @@ "@hcengineering/server-client": "workspace:^0.7.16", "@hcengineering/account-client": "workspace:^0.7.20", "@hcengineering/server-storage": "workspace:^0.7.16", - "@hcengineering/postgres": "workspace:^0.7.19", + "@hcengineering/postgres": "workspace:^0.7.21", "@hcengineering/mongo": "workspace:^0.7.16", "@hcengineering/kafka": "workspace:^0.7.18", "@hcengineering/communication-server": "workspace:^0.7.12",