mirror of
https://github.com/openclaw/openclaw.git
synced 2026-07-01 01:23:33 +00:00
fix: require owner for trajectory export (#97840)
This commit is contained in:
committed by
GitHub
parent
738b2be4b4
commit
6cb82eaab8
@@ -133,7 +133,7 @@ describe("info command handlers", () => {
|
||||
});
|
||||
});
|
||||
|
||||
it("only lets owners export trajectory bundles", async () => {
|
||||
it("ignores trajectory export requests from unauthorized senders", async () => {
|
||||
const params = buildInfoParams("/export-trajectory", {
|
||||
commands: { text: true },
|
||||
} as OpenClawConfig);
|
||||
@@ -145,6 +145,18 @@ describe("info command handlers", () => {
|
||||
expect(buildExportTrajectoryCommandReplyMock).not.toHaveBeenCalled();
|
||||
});
|
||||
|
||||
it("blocks authorized non-owners from exporting trajectory bundles", async () => {
|
||||
const params = buildInfoParams("/export-trajectory", {
|
||||
commands: { text: true },
|
||||
} as OpenClawConfig);
|
||||
params.command.senderIsOwner = false;
|
||||
|
||||
const result = await handleExportTrajectoryCommand(params, true);
|
||||
|
||||
expect(result).toEqual({ shouldContinue: false });
|
||||
expect(buildExportTrajectoryCommandReplyMock).not.toHaveBeenCalled();
|
||||
});
|
||||
|
||||
it("returns sender details for /whoami", async () => {
|
||||
const result = await handleWhoamiCommand(
|
||||
buildInfoParams(
|
||||
|
||||
@@ -15,7 +15,7 @@ import {
|
||||
} from "../status.js";
|
||||
import { buildThreadingToolContext } from "./agent-runner-utils.js";
|
||||
import { resolveChannelAccountId } from "./channel-context.js";
|
||||
import { rejectUnauthorizedCommand } from "./command-gates.js";
|
||||
import { rejectNonOwnerCommand, rejectUnauthorizedCommand } from "./command-gates.js";
|
||||
import { buildExportSessionReply } from "./commands-export-session.js";
|
||||
import { buildExportTrajectoryCommandReply } from "./commands-export-trajectory.js";
|
||||
import { buildStatusPluginsReply, buildStatusReply } from "./commands-status.js";
|
||||
@@ -348,5 +348,9 @@ export const handleExportTrajectoryCommand: CommandHandler = async (params, allo
|
||||
if (unauthorized) {
|
||||
return unauthorized;
|
||||
}
|
||||
const nonOwner = rejectNonOwnerCommand(params, "/export-trajectory");
|
||||
if (nonOwner) {
|
||||
return nonOwner;
|
||||
}
|
||||
return { shouldContinue: false, reply: await buildExportTrajectoryCommandReply(params) };
|
||||
};
|
||||
|
||||
Reference in New Issue
Block a user