[sync] fix: allow editor and viewer roles to use sql query when permission m…#3473
[sync] fix: allow editor and viewer roles to use sql query when permission m…#3473tea-artist wants to merge 1 commit into
Conversation
…ssion m… Synced from teableio/teable-ee@3011d80 Co-authored-by: Aries X <caoxing9@gmail.com> Co-authored-by: Bieber <artist@teable.io> Co-authored-by: Boris <boris2code@outlook.com> Co-authored-by: Jocky Zhou <jocky@teable.ai> Co-authored-by: Jun Lu <hammond@teable.io> Co-authored-by: Pengap <penganpingprivte@gmail.com> Co-authored-by: SkyHuang <sky.huang.fe@gmail.com> Co-authored-by: Uno <uno@teable.ai> Co-authored-by: nichenqin <nichenqin@hotmail.com>
|
|
1 similar comment
|
|
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 5a300c21d8
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
| if (this.cls.get('useV2')) { | ||
| return this.pasteByIdWithV2(tableId, pasteRo); | ||
| } | ||
|
|
||
| return this.selectionService.pasteById(tableId, pasteRo, { windowId }); |
There was a problem hiding this comment.
Enforce share-view scope on id-based selection writes
When a request includes X-Tea-Share-View, the permission guard allows common /api/table/:tableId/selection... write endpoints, but this new id-based paste path never calls shareViewScopeService.assertPaste/assertSelectionMutation like the range-based endpoints do. In that share-view context, a caller can submit explicit recordIds/fieldIds and update rows or hidden fields outside the shared view instead of being constrained to the view filter and visible fields; the same gap exists in the new id-based clear/delete stream variants.
Useful? React with 👍 / 👎.
| @@ -0,0 +1 @@ | |||
| ALTER TYPE "SpaceDataDbMigrationJobState" ADD VALUE IF NOT EXISTS 'waiting_worker' AFTER 'pending'; | |||
There was a problem hiding this comment.
Include waiting_worker in the active-job unique index
This migration adds waiting_worker as an active migration state, and startMigrationForSpace creates new jobs in that state, but the partial unique index created in 20260523000000_add_space_data_db_migration_job still only covers pending, preflight, freezing_writes, copying, validating, and switching. If two start requests race, the database no longer enforces one active job per space while both inserts are in waiting_worker, so duplicate migrations for the same space can be created.
Useful? React with 👍 / 👎.
🧹 Preview Environment Cleanup
|
🔄 Automated sync from EE repository.
236 commit(s) synced since last sync.
Authors
Included commits
ai-agent-engineT5222 T3933 (Pengap)Latest source commit: teableio/teable-ee@3011d80
This PR was automatically created by the sync workflow.