Skip to content

Commit

Permalink
do not pass private activity params to pub-defined rules
Browse files Browse the repository at this point in the history
  • Loading branch information
@dgirardi
dgirardi committed Apr 13, 2023
1 parent b78cf75 commit 64e0d4f
Show file tree
Hide file tree
Showing 2 changed files with 17 additions and 1 deletion.
7 changes: 6 additions & 1 deletion src/activities/cfg.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,11 @@ export function updateRulesFromConfig(registerRule) {
defaultRuleHandles.clear();
}

function cleanParams(params) {
// remove private parameters for publisher condition checks
return Object.fromEntries(Object.entries(params).filter(([k]) => !k.startsWith('_')))
}

function setupRule(activity, priority) {
if (!activeRuleHandles.has(activity)) {
activeRuleHandles.set(activity, new Map())
Expand All @@ -27,7 +32,7 @@ export function updateRulesFromConfig(registerRule) {
if (!handles.has(priority)) {
handles.set(priority, registerRule(activity, RULE_NAME, function (params) {
for (const rule of rulesByActivity.get(activity).get(priority)) {
if (!rule.condition || rule.condition(params)) {
if (!rule.condition || rule.condition(cleanParams(params))) {
return {allow: rule.allow, reason: rule}
}
}
Expand Down
11 changes: 11 additions & 0 deletions test/spec/activities/cfg_spec.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -91,6 +91,17 @@ describe('allowActivities config', () => {
expect(isAllowed(ACTIVITY, params)).to.be.false;
});

it('does not pass private (underscored) parameters to condition', () => {
setupActivityConfig({
rules: [{
condition({_priv}) { return _priv },
allow: false
}]
});
params._priv = true;
expect(isAllowed(ACTIVITY, params)).to.be.true;
})

it('are evaluated in order of priority', () => {
setupActivityConfig({
rules: [{
Expand Down

0 comments on commit 64e0d4f

Please sign in to comment.