From 213b2f073425459ccacdf0c8bf487759fd564d6e Mon Sep 17 00:00:00 2001 From: Otavio Jacobi Date: Thu, 21 Nov 2024 09:53:39 -0300 Subject: [PATCH] Ensure device_service_environment_variable get/set/delete only operate on releases that belong to the device's app Change-type: patch --- src/models/device.ts | 63 +++++++++++++++++++++++++++++--------------- 1 file changed, 42 insertions(+), 21 deletions(-) diff --git a/src/models/device.ts b/src/models/device.ts index 2da50a1cd..78a2443a2 100644 --- a/src/models/device.ts +++ b/src/models/device.ts @@ -2911,7 +2911,19 @@ const getDeviceModel = function ( serviceNameOrId: string | number, key: string, ): Promise { - const { id: deviceId } = await exports.get(uuidOrId, { $select: 'id' }); + const deviceOptions = { + $select: 'id', + $expand: { belongs_to__application: { $select: 'id' } }, + } as const; + + const { + id: deviceId, + belongs_to__application: [{ id: appId }], + } = (await sdkInstance.models.device.get( + uuidOrId, + deviceOptions, + )) as PineTypedResult; + const [variable] = await pine.get({ resource: 'device_service_environment_variable', options: { @@ -2932,6 +2944,7 @@ const getDeviceModel = function ( $expr: { is: { service_name: serviceNameOrId, + application: appId, }, }, }, @@ -2984,31 +2997,25 @@ const getDeviceModel = function ( ): Promise { value = String(value); - let deviceFilter; - if (isId(uuidOrId)) { - deviceFilter = uuidOrId; - } else if (isFullUuid(uuidOrId)) { - deviceFilter = { - $any: { - $alias: 'd', - $expr: { - d: { - uuid: uuidOrId, - }, - }, - }, - }; - } else { - const device = await exports.get(uuidOrId, { $select: 'id' }); - deviceFilter = device.id; - } + const deviceOptions = { + $select: 'id', + $expand: { belongs_to__application: { $select: 'id' } }, + } as const; + + const { + id: deviceId, + belongs_to__application: [{ id: appId }], + } = (await sdkInstance.models.device.get( + uuidOrId, + deviceOptions, + )) as PineTypedResult; const serviceInstalls = await pine.get({ resource: 'service_install', options: { $select: 'id', $filter: { - device: deviceFilter, + device: deviceId, installs__service: typeof serviceNameOrId === 'number' ? serviceNameOrId @@ -3018,6 +3025,7 @@ const getDeviceModel = function ( $expr: { s: { service_name: serviceNameOrId, + application: appId, }, }, }, @@ -3079,7 +3087,19 @@ const getDeviceModel = function ( serviceNameOrId: string | number, key: string, ): Promise { - const { id: deviceId } = await exports.get(uuidOrId, { $select: 'id' }); + const deviceOptions = { + $select: 'id', + $expand: { belongs_to__application: { $select: 'id' } }, + } as const; + + const { + id: deviceId, + belongs_to__application: [{ id: appId }], + } = (await sdkInstance.models.device.get( + uuidOrId, + deviceOptions, + )) as PineTypedResult; + await pine.delete({ resource: 'device_service_environment_variable', options: { @@ -3099,6 +3119,7 @@ const getDeviceModel = function ( $expr: { is: { service_name: serviceNameOrId, + application: appId, }, }, },