mirror of
https://github.com/openclaw/openclaw.git
synced 2026-06-06 09:22:54 +00:00
ce64d74e5a
Summary:
- Enforces /allowlist config and pairing-store writes against the real command origin plus the selected target.
- Adds regressions for disabled Telegram-origin commands targeting an enabled Discord allowlist.
Verification:
- node scripts/run-vitest.mjs src/auto-reply/reply/commands-allowlist.test.ts
- pnpm check:changed via Blacksmith Testbox tbx_01ksm06e82dnpxmnj00hrt6xzd
- autoreview --mode local clean, no accepted/actionable findings
- GitHub PR checks green on 42a38d2b00
Closes #72360.
Thanks @coygeek.
Co-authored-by: Coy Geek <65363919+coygeek@users.noreply.github.com>
Co-authored-by: opencode <opencode@users.noreply.github.com>
35 lines
1.1 KiB
TypeScript
35 lines
1.1 KiB
TypeScript
import {
|
|
authorizeConfigWrite,
|
|
canBypassConfigWritePolicy,
|
|
formatConfigWriteDeniedMessage,
|
|
} from "../../channels/plugins/config-writes.js";
|
|
import type { ChannelId } from "../../channels/plugins/types.public.js";
|
|
import type { OpenClawConfig } from "../../config/types.openclaw.js";
|
|
|
|
export function resolveConfigWriteDeniedText(params: {
|
|
cfg: OpenClawConfig;
|
|
channel?: string | null;
|
|
originChannelId: ChannelId | null;
|
|
originAccountId?: string;
|
|
gatewayClientScopes?: string[];
|
|
target: Parameters<typeof authorizeConfigWrite>[0]["target"];
|
|
fallbackChannelId?: ChannelId | null;
|
|
}): string | null {
|
|
const writeAuth = authorizeConfigWrite({
|
|
cfg: params.cfg,
|
|
origin: { channelId: params.originChannelId, accountId: params.originAccountId },
|
|
target: params.target,
|
|
allowBypass: canBypassConfigWritePolicy({
|
|
channel: params.channel ?? "",
|
|
gatewayClientScopes: params.gatewayClientScopes,
|
|
}),
|
|
});
|
|
if (writeAuth.allowed) {
|
|
return null;
|
|
}
|
|
return formatConfigWriteDeniedMessage({
|
|
result: writeAuth,
|
|
fallbackChannelId: params.fallbackChannelId ?? params.originChannelId,
|
|
});
|
|
}
|