CodeSource
/
Readur
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fix(server): resolve lack of user isolation

This commit is contained in:
perf3ct 2025-06-24 17:28:28 +00:00
parent a0e75d4619
commit 3f3654c3cb
3 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

BIN
.github/workflows/.test-integration.yml.swp vendored
View File

Binary file not shown.

2
.github/workflows/test-integration.yml vendored
View File

@ -135,7 +135,7 @@ jobs:
echo "Running tests with DATABASE_URL: $DATABASE_URL" echo "Running tests with DATABASE_URL: $DATABASE_URL"
echo "Environment check:" echo "Environment check:"
env | grep -E "(DATABASE_URL|JWT_SECRET|API_URL)" | sort env | grep -E "(DATABASE_URL|JWT_SECRET|API_URL)" | sort
cargo test --test '*' -- --test-threads=1 cargo test --test '*' --features test-utils -- --test-threads=1
env: env:
DATABASE_URL: ${{ env.DATABASE_URL }} DATABASE_URL: ${{ env.DATABASE_URL }}
TEST_DATABASE_URL: ${{ env.DATABASE_URL }} TEST_DATABASE_URL: ${{ env.DATABASE_URL }}

2
src/routes/documents.rs
View File

@ -669,7 +669,7 @@ async fn get_failed_ocr_documents(
GROUP BY document_id GROUP BY document_id
) q ON d.id = q.document_id ) q ON d.id = q.document_id
WHERE d.ocr_status = 'failed' WHERE d.ocr_status = 'failed'
AND ($1 = $1 OR d.user_id = $1) -- Admin can see all, users see only their own AND ($1::uuid IS NULL OR d.user_id = $1) -- Admin can see all, users see only their own
ORDER BY d.updated_at DESC ORDER BY d.updated_at DESC
LIMIT $2 OFFSET $3 LIMIT $2 OFFSET $3
"# "#