synced/infisical
1
0
Fork 0
mirror of https://github.com/Infisical/infisical.git synced 2025-04-02 14:38:48 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix: allow Viewer role to read value

Browse Source
This commit is contained in:
Daniel Hougaard
2025-02-20 05:17:59 +04:00
parent b00413817d
commit 9cb1a31287
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
backend/src/ee/services/permission/project-permission.ts
View File

@ -808,8 +808,8 @@ export const projectMemberPermissions = buildMemberPermissionRules();
const buildViewerPermissionRules = () => {
const { can, rules } = new AbilityBuilder<MongoAbility<ProjectPermissionSet>>(createMongoAbility);
// ? Q(Daniel): Should the viewer role be allowed to read values? Currently not allowed in permission below.
can(ProjectPermissionSecretActions.DescribeSecret, ProjectPermissionSub.Secrets);
can(ProjectPermissionSecretActions.ReadValue, ProjectPermissionSub.Secrets);
can(ProjectPermissionActions.Read, ProjectPermissionSub.SecretFolders);
can(ProjectPermissionDynamicSecretActions.ReadRootCredential, ProjectPermissionSub.DynamicSecrets);
can(ProjectPermissionActions.Read, ProjectPermissionSub.SecretImports);