(core) Allow the support user to access everyone's billing pages

Summary: Give specialPermit to the support user for page loads and API requests needed to serve billing pages. Test Plan: Added new test cases Reviewers: paulfitz Reviewed By: paulfitz Differential Revision: https://phab.getgrist.com/D2554
2026-03-02 04:09:24 +00:00 · 2020-07-22 15:45:39 -04:00
parent 4452a816ff
commit 671dc24214
4 changed files with 46 additions and 18 deletions
--- a/app/server/lib/requestUtils.ts
+++ b/app/server/lib/requestUtils.ts
@@ -4,6 +4,7 @@ import {DocScope, QueryResult, Scope} from 'app/gen-server/lib/HomeDBManager';
 import {getUserId, RequestWithLogin} from 'app/server/lib/Authorizer';
 import {RequestWithOrg} from 'app/server/lib/extractOrg';
 import * as log from 'app/server/lib/log';
+import {Permit} from 'app/server/lib/Permit';
 import {Request, Response} from 'express';
 import {URL} from 'url';

@@ -132,6 +133,13 @@ export function getScope(req: Request): Scope {
  return {urlId, userId, org, includeSupport, showRemoved, specialPermit};
 }

+/**
+ * If scope is for the given userId, return a new Scope with the special permit added.
+ */
+export function addPermit(scope: Scope, userId: number, specialPermit: Permit): Scope {
+  return {...scope, ...(scope.userId === userId ? {specialPermit} : {})};
+}
+
 // Return a JSON response reflecting the output of a query.
 // Filter out keys we don't want crossing the api.
 // Set req to null to not log any information about request.