Validate import target permissions#140
Conversation
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 9fe35b05c2
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
| const wsWasExplicit = wsRaw !== undefined && wsRaw.trim() !== ""; | ||
| // 工作区参数:personal/空 → null(写库时也是 NULL),否则保持字符串。 | ||
| // 显式 notebookId 会在解析后以笔记本所属 workspace 为准。 | ||
| let targetWs: string | null = normalizeImportWorkspaceId(wsRaw); |
There was a problem hiding this comment.
Defer personal-scope gate until after notebook resolution
When callers omit workspaceId and provide a workspace notebookId, this new inherited-workspace path is still classified as personal here, so denyIfPersonalFeatureDisabled can return 403 before lines 164-172 resolve the notebook and update targetWs to the notebook's workspace. This blocks users whose personal import is disabled from importing into a workspace notebook they can write to; parse the body/resolve the explicit notebook first, then apply the personal-only gate to the resolved target scope.
Useful? React with 👍 / 👎.
Summary
Root cause
Several import-style write paths accepted caller-provided
workspaceIdornotebookIdtargets without reusing the same write checks and workspace inheritance used by normal note creation.Why it matters
Bulk import and document import paths should preserve the same notebook/workspace boundaries as regular CRUD paths. This keeps imported notes attached only to targets the requester can write to, and keeps
notes.workspaceIdaligned with the target notebook.Validation
npx tsx --test tests/import-target-permissions.test.tspasses.git diff --checkpasses.Known existing blockers while running broader local checks:
npm run build:tscfails in unrelated files: missingsanitize-htmltype/module resolution,data-file.tsstring/path typing, andtask-calendar.tsexisting strictness errors.npm run buildalso fails before this patch's changed code due to unresolvedsanitize-htmlfromsrc/lib/sanitizeHtml.ts.