feat: sanitise access endpoint (#7335)

Protects the `/api/access` endpoint behind authentication and sanitizes the result, making it more secure and significantly smaller. To do this: 1. The `permission` keyword is completely omitted from the result 2. Only _truthy_ access results are returned 3. All nested permissions are consolidated when possible --------- Co-authored-by: Dan Ribbens <dan.ribbens@gmail.com> Co-authored-by: Jacob Fletcher <jacobsfletch@gmail.com> Co-authored-by: James <james@trbl.design>
2024-11-15 14:08:06 -06:00
parent 0b9d5a5ae4
commit 26ffbca914
72 changed files with 998 additions and 228 deletions
--- a/packages/richtext-slate/src/field/elements/upload/Element/UploadDrawer/index.tsx
+++ b/packages/richtext-slate/src/field/elements/upload/Element/UploadDrawer/index.tsx
@@ -150,7 +150,7 @@ export const UploadDrawer: React.FC<{
            parentIndexPath=""
            parentPath=""
            parentSchemaPath=""
-            permissions={{}}
+            permissions={docPermissions.fields}
            readOnly={false}
          />
          <FormSubmit>{t('fields:saveChanges')}</FormSubmit>