Merge pull request #178 from d-sonuga/fix/graphql-authorization

fix(plugin): auth-core now allows authorized users to perform actions…
amplication · Oct 5, 2023 · 22084db · 22084db
2 parents 9ca68b8 + e44535f
commit 22084db
Showing 1 changed file with 6 additions and 1 deletion.
diff --git a/plugins/auth-core/src/static/auth/abac.util.ts b/plugins/auth-core/src/static/auth/abac.util.ts
@@ -9,6 +9,11 @@ export function getInvalidAttributes(
   // eslint-disable-next-line @typescript-eslint/ban-types
   data: Object
 ): string[] {
-  const filteredData = permission.filter(data);
+  // The structuredClone call is necessary because the
+  // `Permission.filter` function doesn't consider objects
+  // with null prototypes. And in graphql requests, the
+  // object passed here by the request interceptor is an object
+  // with a null prototype.
+  const filteredData = permission.filter(structuredClone(data));
   return Object.keys(data).filter((key) => !(key in filteredData));
 }