Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

User following #319

Merged
merged 26 commits into from
Dec 21, 2024
Merged

User following #319

Show file tree
Hide file tree
Changes from 11 commits
Commits
Show all changes
26 commits
Select commit Hold shift + click to select a range
afc9910
update
sheriffjimoh Nov 25, 2024
a216e5d
Merge branch 'develop' of https://github.com/bitcashorg/masterbots in…
sheriffjimoh Nov 25, 2024
ae07458
Merge branch 'develop' of https://github.com/bitcashorg/masterbots in…
sheriffjimoh Nov 29, 2024
a633c9b
Merge branch 'develop' of https://github.com/bitcashorg/masterbots in…
sheriffjimoh Dec 3, 2024
4223fb6
added follow user
sheriffjimoh Dec 3, 2024
e340424
update
sheriffjimoh Dec 3, 2024
0d32d2e
fix: upt hasura metadata databases, public_social_following.yaml
AndlerRL Dec 10, 2024
b664851
fix: upt masterbots.ai lib, utils.ts
AndlerRL Dec 10, 2024
140dd75
Merge branch 'develop' of https://github.com/bitcashorg/masterbots in…
sheriffjimoh Dec 11, 2024
a39ae9f
fix: user card
sheriffjimoh Dec 11, 2024
ede14ae
update
sheriffjimoh Dec 11, 2024
4f7b43f
fix: permission
sheriffjimoh Dec 11, 2024
4d2f9f9
update
sheriffjimoh Dec 15, 2024
84e46c9
fix: added more column for chatbot followee
sheriffjimoh Dec 15, 2024
b5e88c1
fix:foloow chatbot implementation
sheriffjimoh Dec 16, 2024
f3e94b8
update
sheriffjimoh Dec 16, 2024
71b98b3
Merge branch 'develop' of https://github.com/bitcashorg/masterbots in…
sheriffjimoh Dec 17, 2024
f584fcf
threads by following user/bots
sheriffjimoh Dec 17, 2024
29f4f7e
update
sheriffjimoh Dec 17, 2024
917aad8
update
sheriffjimoh Dec 17, 2024
e641ed2
update
sheriffjimoh Dec 17, 2024
8c009c5
update
sheriffjimoh Dec 17, 2024
4cee09c
update
sheriffjimoh Dec 17, 2024
b87b0c2
update
sheriffjimoh Dec 18, 2024
17b2740
update
sheriffjimoh Dec 18, 2024
3fc55dd
update
sheriffjimoh Dec 21, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
54 changes: 52 additions & 2 deletions apps/hasura/metadata/databases/masterbots/tables/public_social_following.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,15 @@ object_relationships:
using:
foreign_key_constraint_on: follower_id
insert_permissions:
- role: moderator
permission:
check:
follower_id:
_eq: X-Hasura-User-Id
columns:
- followee_id
- follower_id
comment: ""
- role: user
permission:
check:
Expand All @@ -22,19 +31,60 @@ insert_permissions:
- follower_id
comment: ""
select_permissions:
- role: anonymous
permission:
columns:
- created_at
- followee_id
- follower_id
filter: {}
comment: ""
- role: moderator
permission:
columns:
- created_at
- followee_id
- follower_id
filter: {}
comment: ""
- role: user
permission:
columns:
- followee_id
- follower_id
filter: {}
comment: ""
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue

Security concern: Unrestricted access to follow relationships

The current select permissions allow unrestricted access (filter: {}) for all roles, including anonymous users. This could lead to:

  • Privacy issues as anyone can view all follow relationships
  • Potential for scraping user relationship data
  • Excessive data exposure to unauthenticated users

Consider adding appropriate filters:

  - role: anonymous
    permission:
      columns:
        - created_at
        - followee_id
        - follower_id
-     filter: {}
+     filter:
+       _or:
+         - followee_id:
+             _is_public: true
+         - follower_id:
+             _is_public: true

  - role: user
    permission:
      columns:
        - followee_id
        - follower_id
-     filter: {}
+     filter:
+       _or:
+         - follower_id:
+             _eq: X-Hasura-User-Id
+         - followee_id:
+             _eq: X-Hasura-User-Id

Committable suggestion skipped: line range outside the PR's diff.

update_permissions:
- role: moderator
permission:
columns:
- followee_id
- follower_id
filter:
follower_id:
_eq: X-Hasura-User-Id
check: null
comment: ""
- role: user
permission:
columns:
- followee_id
- follower_id
filter:
_or:
_and:
- follower_id:
_eq: X-Hasura-User-Id
- followee_id:
_eq: X-Hasura-User-Id
_neq: X-Hasura-User-Id
check: null
comment: ""
delete_permissions:
- role: moderator
permission:
filter:
follower_id:
_eq: X-Hasura-User-Id
comment: ""
- role: user
permission:
filter:
Expand Down
Loading