[sync] fix: T5607 report v2 rollout invalid fieldid blockers#3488
[sync] fix: T5607 report v2 rollout invalid fieldid blockers#3488tea-artist wants to merge 1 commit into
Conversation
Synced from teableio/teable-ee@585ca73 Co-authored-by: Aries X <caoxing9@gmail.com> Co-authored-by: Bieber <artist@teable.io> Co-authored-by: Boris <boris2code@outlook.com> Co-authored-by: Jocky Zhou <jocky@teable.ai> Co-authored-by: Jun Lu <hammond@teable.io> Co-authored-by: Pengap <penganpingprivte@gmail.com> Co-authored-by: SkyHuang <sky.huang.fe@gmail.com> Co-authored-by: Uno <uno@teable.ai> Co-authored-by: nichenqin <nichenqin@hotmail.com>
|
|
1 similar comment
|
|
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: b51e2248d8
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
| const recordIds = await this.recordOpenApiV2Service.resolveRecordIdsBySelection( | ||
| tableId, | ||
| deleteRo | ||
| ); | ||
| await this.recordOpenApiV2Service.deleteRecordsByIds(tableId, recordIds, windowId); |
There was a problem hiding this comment.
Add share-view scope checks to by-id mutations
When this endpoint is called with X-Tea-Share-View, PermissionGuard allows /api/table/:tableId/selection POST/PATCH/DELETE routes for record mutations and relies on each handler to apply ShareViewScopeService row/field checks. This new by-id path resolves explicit record IDs and deletes them without assertDeleteRecords/assertSelectionMutation, so an editable share-view user who knows a hidden or filtered record id can delete it; the new clear/paste by-id variants need the same scope check.
Useful? React with 👍 / 👎.
| } | ||
| } | ||
|
|
||
| @Post('import-airtable/stream') |
There was a problem hiding this comment.
Add token access to the Airtable import route
For requests authenticated with a Teable access token, the global PermissionGuard rejects handlers that have no @Permissions metadata unless they are marked with @TokenAccess, so token-authenticated callers never reach the manual validPermissions(..., this.cls.get('accessTokenId')) check below. This makes OpenAPI/API-token Airtable imports fail even when the token has base|table_import or base|create scope; analogous import routes that authorize manually are decorated with @TokenAccess.
Useful? React with 👍 / 👎.
🧹 Preview Environment Cleanup
|
🔄 Automated sync from EE repository.
251 commit(s) synced since last sync.
Authors
Included commits
ai-agent-engineT5222 T3933 (Pengap)Latest source commit: teableio/teable-ee@585ca73
This PR was automatically created by the sync workflow.