NEXT-30849 - Fix permission errors

shopware · Oct 5, 2023 · ce8692b · ce8692b
1 parent 27370e3
commit ce8692b
Show file tree

Hide file tree

Showing 6 changed files with 33 additions and 148 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -2,6 +2,12 @@
 
 All notable changes to this project will be documented in this file.
 
+## [3.0.15] - 05.10.2023
+
+## Removed
+
+- Removed client side permission validation based on Entities and EntityCollections
+
 ## [3.0.13] - 21.07.2023
 
 ## Fixed

diff --git a/devenv.lock b/devenv.lock
@@ -34,12 +34,15 @@
       }
     },
     "flake-utils": {
+      "inputs": {
+        "systems": "systems"
+      },
       "locked": {
-        "lastModified": 1667395993,
-        "narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=",
+        "lastModified": 1685518550,
+        "narHash": "sha256-o2d0KcvaXzTrPRIo0kOLV0/QXHhDQ5DTi+OxcjO8xqY=",
         "owner": "numtide",
         "repo": "flake-utils",
-        "rev": "5aed5285a952e0b949eb3ba02c12fa4fcfef535f",
+        "rev": "a1720a10a6cfe8234c0e93907ffe81be440f4cef",
         "type": "github"
       },
       "original": {
@@ -96,7 +99,7 @@
       },
       "original": {
         "owner": "NixOS",
-        "ref": "nixos-22.11",
+        "ref": "nixos-23.05",
         "repo": "nixpkgs",
         "type": "github"
       }
@@ -131,6 +134,21 @@
         "nixpkgs": "nixpkgs",
         "pre-commit-hooks": "pre-commit-hooks"
       }
+    },
+    "systems": {
+      "locked": {
+        "lastModified": 1681028828,
+        "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
+        "owner": "nix-systems",
+        "repo": "default",
+        "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-systems",
+        "repo": "default",
+        "type": "github"
+      }
     }
   },
   "root": "root",

diff --git a/package-lock.json b/package-lock.json
diff --git a/package.json b/package.json
@@ -1,7 +1,7 @@
 {
   "name": "@shopware-ag/admin-extension-sdk",
   "license": "MIT",
-  "version": "3.0.14",
+  "version": "3.0.15",
   "repository": "git://github.com/shopware/admin-extension-sdk.git",
   "description": "The SDK for App iframes to communicate with the Shopware Administration",
   "keywords": [

diff --git a/src/_internals/validator/index.ts b/src/_internals/validator/index.ts
diff --git a/src/channel.ts b/src/channel.ts
@@ -7,7 +7,6 @@ import { ShopwareMessageTypePrivileges } from './privileges';
 import MissingPrivilegesError from './privileges/missing-privileges-error';
 import SerializerFactory from './_internals/serializer';
 import createError from './_internals/error-handling/error-factory';
-import validate from './_internals/validator/index';
 import type { datasetRegistration } from './data';
 import { selectData } from './data/_internals/selectData';
 import sdkVersion from './_internals/sdkVersion';
@@ -126,47 +125,7 @@ export function send<MESSAGE_TYPE extends keyof ShopwareMessageTypes>(
     _callbackId: callbackId,
   };
 
-  let serializedData = serialize(messageData) as ShopwareMessageSendData<MESSAGE_TYPE>;
-
-  // Validate if send value contains entity data where the app has no privileges for
-  if (_origin) {
-    const validationErrors = validate({
-      serializedData: serializedData,
-      origin: _origin,
-      privilegesToCheck: ['read'],
-      type: type,
-    });
-
-    if (validationErrors) {
-      // Datasets need the id for matching the response
-      if ([
-        'datasetSubscribe',
-        'datasetUpdate',
-        'datasetRegistration',
-        'datasetGet',
-      ].includes(serializedData._type)) {
-        serializedData = serialize({
-          _type: serializedData._type,
-          _callbackId: serializedData._callbackId,
-          _data: {
-            // @ts-expect-error - We know with the includes that it has an ID
-            // eslint-disable-next-line @typescript-eslint/no-unsafe-assignment
-            id: serializedData._data.id,
-            data: validationErrors,
-          },
-        }) as ShopwareMessageSendData<MESSAGE_TYPE>;
-      }
-      // Everything else can overwrite the response
-      else {
-        serializedData = serialize({
-          _type: serializedData._type,
-          _callbackId: serializedData._callbackId,
-          _data: validationErrors,
-        }) as ShopwareMessageSendData<MESSAGE_TYPE>;
-      }
-
-    }
-  }
+  const serializedData = serialize(messageData) as ShopwareMessageSendData<MESSAGE_TYPE>;
 
   // Convert message data to string for message sending
   const message = JSON.stringify(serializedData);
@@ -315,21 +274,6 @@ export function handle<MESSAGE_TYPE extends keyof ShopwareMessageTypes>
 
     // eslint-disable-next-line @typescript-eslint/explicit-function-return-type
     const responseValue = await Promise.resolve((() => {
-      /*
-       * Validate incoming handle messages for privileges
-       * in Entity and Entity Collection
-       */
-      const validationErrors = validate({
-        serializedData: shopwareMessageData,
-        origin: event.origin,
-        type: type,
-        privilegesToCheck: ['create', 'delete', 'update', 'read'],
-      });
-
-      if (validationErrors) {
-        return validationErrors;
-      }
-
       // eslint-disable-next-line @typescript-eslint/no-unsafe-return
       return method(
         deserializedMessageData._data,
@@ -345,23 +289,7 @@ export function handle<MESSAGE_TYPE extends keyof ShopwareMessageTypes>
 
     // Replace methods etc. so that they are working in JSON format
     const serializedResponseMessage = ((): ShopwareMessageResponseData<MESSAGE_TYPE> => {
-      let serializedMessage = serialize(responseMessage) as ShopwareMessageResponseData<MESSAGE_TYPE>;
-
-      // Validate if response value contains entity data where the app has no privileges for
-      const validationErrors = validate({
-        serializedData: serializedMessage,
-        origin: event.origin,
-        privilegesToCheck: ['read'],
-        type: type,
-      });
-
-      if (validationErrors) {
-        // eslint-disable-next-line @typescript-eslint/no-unsafe-assignment
-        serializedMessage._response = validationErrors;
-        serializedMessage = serialize(serializedMessage) as ShopwareMessageResponseData<MESSAGE_TYPE>;
-      }
-
-      return serializedMessage;
+      return serialize(responseMessage) as ShopwareMessageResponseData<MESSAGE_TYPE>;
     })();
 
     const stringifiedResponseMessage = JSON.stringify(serializedResponseMessage);