Skip to content

[permissions V2] Fix - filter objects to search #12803

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 3 commits into from
Jun 23, 2025
Merged

[permissions V2] Fix - filter objects to search #12803

merged 3 commits into from
Jun 23, 2025

Conversation

ijreilly
Copy link
Collaborator

@ijreilly ijreilly commented Jun 23, 2025
edited
Loading

In morph relation pickers, we were not taking into account permissions when computing the list of objects to search for, while we should not search for objects we don't have read permissions on (permission denied error)

greptile-apps[bot]
greptile-apps bot reviewed Jun 23, 2025
View reviewed changes
Copy link
Contributor

@greptile-apps greptile-apps bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

PR Summary

Added permission checks to the multiple record picker search to ensure users can only search for records they have read access to.

  • Modified useMultipleRecordPickerPerformSearch hook to filter searchable objects using useObjectPermissions hook before search execution
  • Change aligns with existing permission system by preventing unauthorized access to object records in search results
  • Implements proper permission boundary at the UI level rather than relying solely on backend checks

1 file reviewed, no comments
Edit PR Review Bot Settings | Greptile

Weiko
Weiko approved these changes Jun 23, 2025
View reviewed changes
Copy link
Member

@Weiko Weiko left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, thanks!

Weiko
Weiko reviewed Jun 23, 2025
View reviewed changes
Copy link
Member

@Weiko Weiko left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can you fix the global search as well? @ijreilly Thank you!

@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented Jun 23, 2025
edited
Loading

🚀 Preview Environment Ready!

Your preview environment is available at: http://bore.pub:46960

This environment will automatically shut down when the PR is closed or after 5 hours.

Weiko
Weiko approved these changes Jun 23, 2025
View reviewed changes
Copy link
Member

@Weiko Weiko left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM thanks!

@Weiko Weiko merged commit 00eb934 into main Jun 23, 2025
54 checks passed
@Weiko Weiko deleted the permissions--fix-relation-picker branch June 23, 2025 17:35
@sentry-io Sentry.io
Copy link

sentry-io bot commented Jun 24, 2025
edited
Loading

Suspect Issues

This pull request was deployed and Sentry observed the following issues:

Did you find this useful? React with a 👍 or 👎

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@greptile-apps greptile-apps[bot] greptile-apps[bot] left review comments

@Weiko Weiko Weiko approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@ijreilly @Weiko