diff options
| author | Chocolate Pie <106949016+chocolate-pie@users.noreply.github.com> | 2023-12-27 15:08:59 +0900 |
|---|---|---|
| committer | Marie <marie@kaifa.ch> | 2023-12-28 09:45:54 +0100 |
| commit | 82822e29d9414556b6cc1ea0d8c8dbbdb7f4fd1d (patch) | |
| tree | 3c7793de433bd9106bf965747c4de082fb0b572e /packages/frontend/src/components/MkTokenGenerateWindow.vue | |
| parent | refactor: paginationの型を明示する (#12809) (diff) | |
| download | sharkey-82822e29d9414556b6cc1ea0d8c8dbbdb7f4fd1d.tar.gz sharkey-82822e29d9414556b6cc1ea0d8c8dbbdb7f4fd1d.tar.bz2 sharkey-82822e29d9414556b6cc1ea0d8c8dbbdb7f4fd1d.zip | |
Merge pull request from GHSA-7pxq-6xx9-xpgm
* fix: fix improper authorization when accessing with third-party application
* refactor: refactor type definitions
* fix: get rid of unnecessary access limitation
* enhance: サードパーティアプリケーションがWebsocket APIを使えるように
* fix: add missing parentheses
* Revert "fix(backend): add missing kind definition for admin endpoints to improve security"
This reverts commit 5150053275594278e9eb23e72d98b16593c4c230.
* frontend: 翻訳の抜けを訂正, read:adminとwrite:adminはアクセス発行トークンのデフォルトでは非表示にする
* enhance(test): misskey-ghsa-7pxq-6xx9-xpgmに関するテストを追加
* enhance(test): Websocket APIに対するテストも追加
* enhance(refactor): `@/misc/api-permissions.ts`を`misskey-js/permissions`に統合
* fix(frontend): アクセストークン発行UIで全ての権限を有効にした際、管理者用APIへのアクセスも許可してしまう問題を修正
* enhance(backend): Websocketの接続に最低限必要な権限を変更
* fix(backend): `/api/admin/meta`をサードパーティアプリケーションからはアクセスできないように
* fix(backend): エンドポイントにアクセスするために必要な権限を変更
* fix(frontend/locale): Add missing type declaration
* chore: update `misskey-js/src/autogen`
---------
Co-authored-by: tamaina <tamaina@hotmail.co.jp>
Diffstat (limited to 'packages/frontend/src/components/MkTokenGenerateWindow.vue')
| -rw-r--r-- | packages/frontend/src/components/MkTokenGenerateWindow.vue | 9 |
1 files changed, 5 insertions, 4 deletions
diff --git a/packages/frontend/src/components/MkTokenGenerateWindow.vue b/packages/frontend/src/components/MkTokenGenerateWindow.vue index f5fa86a908..8e8e26ed5f 100644 --- a/packages/frontend/src/components/MkTokenGenerateWindow.vue +++ b/packages/frontend/src/components/MkTokenGenerateWindow.vue @@ -33,7 +33,7 @@ SPDX-License-Identifier: AGPL-3.0-only <MkButton inline @click="enableAll">{{ i18n.ts.enableAll }}</MkButton> </div> <div class="_gaps_s"> - <MkSwitch v-for="kind in (initialPermissions || Misskey.permissions)" :key="kind" v-model="permissions[kind]">{{ i18n.t(`_permissions.${kind}`) }}</MkSwitch> + <MkSwitch v-for="kind in Object.keys(permissions)" :key="kind" v-model="permissions[kind]">{{ i18n.t(`_permissions.${kind}`) }}</MkSwitch> </div> </div> </MkSpacer> @@ -54,7 +54,7 @@ const props = withDefaults(defineProps<{ title?: string | null; information?: string | null; initialName?: string | null; - initialPermissions?: string[] | null; + initialPermissions?: (typeof Misskey.permissions)[number][] | null; }>(), { title: null, information: null, @@ -67,16 +67,17 @@ const emit = defineEmits<{ (ev: 'done', result: { name: string | null, permissions: string[] }): void; }>(); +const defaultPermissions = Misskey.permissions.filter(p => !p.startsWith('read:admin') && !p.startsWith('write:admin')); const dialog = shallowRef<InstanceType<typeof MkModalWindow>>(); const name = ref(props.initialName); -const permissions = ref({}); +const permissions = ref(<Record<(typeof Misskey.permissions)[number], boolean>>{}); if (props.initialPermissions) { for (const kind of props.initialPermissions) { permissions.value[kind] = true; } } else { - for (const kind of Misskey.permissions) { + for (const kind of defaultPermissions) { permissions.value[kind] = false; } } |