Browse Source

fix(nocodb): add missing acl middleware

pull/5770/head
Wing-Kam Wong 1 year ago
parent
commit
51855e8893
  1. 14
      packages/nocodb/src/controllers/projects.controller.ts

14
packages/nocodb/src/controllers/projects.controller.ts

@ -11,15 +11,13 @@ import {
Request, Request,
UseGuards, UseGuards,
} from '@nestjs/common'; } from '@nestjs/common';
import { AuthGuard } from '@nestjs/passport';
import isDocker from 'is-docker'; import isDocker from 'is-docker';
import { ProjectReqType } from 'nocodb-sdk'; import { ProjectReqType } from 'nocodb-sdk';
import { GlobalGuard } from '../guards/global/global.guard'; import { GlobalGuard } from '../guards/global/global.guard';
import { PagedResponseImpl } from '../helpers/PagedResponse'; import { PagedResponseImpl } from '../helpers/PagedResponse';
import { import {
ExtractProjectIdMiddleware, ExtractProjectIdMiddleware,
UseAclMiddleware, Acl,
UseProjectIdMiddleware,
} from '../middlewares/extract-project-id/extract-project-id.middleware'; } from '../middlewares/extract-project-id/extract-project-id.middleware';
import Noco from '../Noco'; import Noco from '../Noco';
import { packageVersion } from '../utils/packageVersion'; import { packageVersion } from '../utils/packageVersion';
@ -31,9 +29,7 @@ import type { ProjectType } from 'nocodb-sdk';
export class ProjectsController { export class ProjectsController {
constructor(private readonly projectsService: ProjectsService) {} constructor(private readonly projectsService: ProjectsService) {}
@UseAclMiddleware({ @Acl('projectList')
permissionName: 'projectList',
})
@Get('/api/v1/db/meta/projects/') @Get('/api/v1/db/meta/projects/')
async list(@Query() queryParams: Record<string, any>, @Request() req) { async list(@Query() queryParams: Record<string, any>, @Request() req) {
const projects = await this.projectsService.projectList({ const projects = await this.projectsService.projectList({
@ -57,7 +53,7 @@ export class ProjectsController {
PackageVersion: packageVersion, PackageVersion: packageVersion,
}; };
} }
@Acl('projectGet')
@Get('/api/v1/db/meta/projects/:projectId') @Get('/api/v1/db/meta/projects/:projectId')
async projectGet(@Param('projectId') projectId: string) { async projectGet(@Param('projectId') projectId: string) {
const project = await this.projectsService.getProjectWithInfo({ const project = await this.projectsService.getProjectWithInfo({
@ -68,7 +64,7 @@ export class ProjectsController {
return project; return project;
} }
@Acl('projectUpdate')
@Patch('/api/v1/db/meta/projects/:projectId') @Patch('/api/v1/db/meta/projects/:projectId')
async projectUpdate( async projectUpdate(
@Param('projectId') projectId: string, @Param('projectId') projectId: string,
@ -82,6 +78,7 @@ export class ProjectsController {
return project; return project;
} }
@Acl('projectDelete')
@Delete('/api/v1/db/meta/projects/:projectId') @Delete('/api/v1/db/meta/projects/:projectId')
async projectDelete(@Param('projectId') projectId: string) { async projectDelete(@Param('projectId') projectId: string) {
const deleted = await this.projectsService.projectSoftDelete({ const deleted = await this.projectsService.projectSoftDelete({
@ -91,6 +88,7 @@ export class ProjectsController {
return deleted; return deleted;
} }
@Acl('projectCreate')
@Post('/api/v1/db/meta/projects') @Post('/api/v1/db/meta/projects')
@HttpCode(200) @HttpCode(200)
async projectCreate(@Body() projectBody: ProjectReqType, @Request() req) { async projectCreate(@Body() projectBody: ProjectReqType, @Request() req) {

Loading…
Cancel
Save