From d0cd330a61ca274b21561446ed496e8b4c625f91 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Gerg=C5=91=20Jedlicska?= <57442769+gjedlicska@users.noreply.github.com> Date: Thu, 24 Jul 2025 11:04:53 +0200 Subject: [PATCH] feat(authPolicies): add demo project as a publicly loadable override (#5137) --- .../src/authz/policies/project/canLoad.spec.ts | 15 +++++++++++++++ .../shared/src/authz/policies/project/canLoad.ts | 7 +++++++ 2 files changed, 22 insertions(+) diff --git a/packages/shared/src/authz/policies/project/canLoad.spec.ts b/packages/shared/src/authz/policies/project/canLoad.spec.ts index c5b016d51..da70c9715 100644 --- a/packages/shared/src/authz/policies/project/canLoad.spec.ts +++ b/packages/shared/src/authz/policies/project/canLoad.spec.ts @@ -38,6 +38,21 @@ const buildCanLoadPolicy = (overrides?: Partial }) describe('canLoad', () => { + it('returns ok if anyone is trying to load a publicly loadable project', async () => { + const canLoad = buildCanLoadPolicy() + + // this is a deliberate copy pasta, if anyone removes from the baked in list, + // the test should fail + const publiclyLoadableProjects = ['8be1007be1'] + + for (const projectId of publiclyLoadableProjects) { + const result = await canLoad({ + userId: undefined, + projectId + }) + expect(result).toBeAuthOKResult() + } + }) it('returns error if user is not logged in', async () => { const canLoad = buildCanLoadPolicy() diff --git a/packages/shared/src/authz/policies/project/canLoad.ts b/packages/shared/src/authz/policies/project/canLoad.ts index 103fd7616..1d87484ab 100644 --- a/packages/shared/src/authz/policies/project/canLoad.ts +++ b/packages/shared/src/authz/policies/project/canLoad.ts @@ -45,6 +45,9 @@ type PolicyErrors = InstanceType< export const canLoadPolicy: AuthPolicy = (loaders) => async ({ userId, projectId }) => { + if (publiclyLoadableProjects.includes(projectId)) { + return ok() + } const hasAdminAccess = await checkIfAdminOverrideEnabledFragment(loaders)({ userId }) @@ -70,3 +73,7 @@ export const canLoadPolicy: AuthPolicy