Validating entities and permissions

[pofider]

Validating entities should skip permissions evaluation and should work across all entities.

For example, when validating entity name duplicity, we want to fail also when the current user doesn't have read permissions for another entity with the same name.

We could use req.context.skipAuthorizationForQuery for now and later find a more elegant way.

const q = {
      [humanReadableKey]: humanReadableValue
}
req.context.skipAuthorizationForQuery  = q
const existingEntity = await reporter.documentStore.collection(c).findOne(q, req)

However, we would need to handle also places outside authorization. In the version control, scheduling that blocks find for the none admin user. It needs to be discussed.

const col = reporter.documentStore.collection('versions')

col.beforeFindListeners.add('version-control', (q, p, req) => {
      if (req && req.context && req.context.user && !req.context.user.isAdmin && req.context.skipAuthorizationForQuery !== q) {
          throw reporter.authorization.createAuthorizationError(col.name)
        }
})

The original problem was reported here in the forum.

[pofider]

This work for some time...