Browse Source

fix: use getWithRoles for auth token strategy

pull/7083/head
mertmit 1 year ago
parent
commit
41d6ebdc6b
  1. 26
      packages/nocodb/src/strategies/authtoken.strategy/authtoken.strategy.ts

26
packages/nocodb/src/strategies/authtoken.strategy/authtoken.strategy.ts

@ -3,7 +3,7 @@ import { PassportStrategy } from '@nestjs/passport';
import { extractRolesObj, ProjectRoles } from 'nocodb-sdk'; import { extractRolesObj, ProjectRoles } from 'nocodb-sdk';
import { Strategy } from 'passport-custom'; import { Strategy } from 'passport-custom';
import type { Request } from 'express'; import type { Request } from 'express';
import { ApiToken, BaseUser, User } from '~/models'; import { ApiToken, User } from '~/models';
import { sanitiseUserObj } from '~/utils'; import { sanitiseUserObj } from '~/utils';
@Injectable() @Injectable()
@ -22,12 +22,21 @@ export class AuthTokenStrategy extends PassportStrategy(Strategy, 'authtoken') {
is_api_token: true, is_api_token: true,
}; };
// old auth tokens will not have fk_user_id, so we return editor role
if (!apiToken.fk_user_id) { if (!apiToken.fk_user_id) {
user.base_roles = extractRolesObj(ProjectRoles.EDITOR); user.base_roles = extractRolesObj(ProjectRoles.EDITOR);
return callback(null, user); return callback(null, user);
} }
const dbUser: Record<string, any> = await User.get(apiToken.fk_user_id); const dbUser: Record<string, any> = await User.getWithRoles(
apiToken.fk_user_id,
{
baseId: req['ncBaseId'],
...(req['ncWorkspaceId']
? { workspaceId: req['ncWorkspaceId'] }
: {}),
},
);
if (!dbUser) { if (!dbUser) {
return callback({ msg: 'User not found' }); return callback({ msg: 'User not found' });
} }
@ -35,16 +44,11 @@ export class AuthTokenStrategy extends PassportStrategy(Strategy, 'authtoken') {
Object.assign(user, { Object.assign(user, {
id: dbUser.id, id: dbUser.id,
roles: extractRolesObj(dbUser.roles), roles: extractRolesObj(dbUser.roles),
base_roles: extractRolesObj(dbUser.base_roles),
...(dbUser.workspace_roles
? { workspace_roles: extractRolesObj(dbUser.workspace_roles) }
: {}),
}); });
if (req['ncProjectId']) {
const baseUser = await BaseUser.get(req['ncProjectId'], dbUser.id);
user.base_roles = extractRolesObj(baseUser?.roles);
if (user.base_roles.owner) {
user.base_roles.creator = true;
}
return callback(null, sanitiseUserObj(user));
}
} }
return callback(null, sanitiseUserObj(user)); return callback(null, sanitiseUserObj(user));
} catch (error) { } catch (error) {

Loading…
Cancel
Save