Skip to content

Commit 77f97d0

Browse files
fix(ZWEI-3796): pass includesDeletedRows for RESTORE permission check (#481)
getEntityToMutate must allow permission paths to match already-deleted rows when restoring, same as list queries with deleted: true. Co-authored-by: Cursor <cursoragent@cursor.com>
1 parent 07138d7 commit 77f97d0

1 file changed

Lines changed: 1 addition & 1 deletion

File tree

src/permissions/check.ts

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -108,7 +108,7 @@ export const getEntityToMutate = async (
108108
throw new NotFoundError(`${model.name} to ${action.toLowerCase()} not found`);
109109
}
110110

111-
applyPermissions(ctx, model.name, model.name, query, action);
111+
applyPermissions(ctx, model.name, model.name, query, action, undefined, action === 'RESTORE');
112112
entity = await query;
113113
if (!entity) {
114114
throw new PermissionError(getRole(ctx), action, `this ${model.name}`, 'no available permissions applied');

0 commit comments

Comments
 (0)