diff --git a/packages/nocodb-nest/src/middlewares/extract-project-id/extract-project-id.middleware.ts b/packages/nocodb-nest/src/middlewares/extract-project-id/extract-project-id.middleware.ts index e6da15ac3d..2ff4a32de6 100644 --- a/packages/nocodb-nest/src/middlewares/extract-project-id/extract-project-id.middleware.ts +++ b/packages/nocodb-nest/src/middlewares/extract-project-id/extract-project-id.middleware.ts @@ -221,7 +221,7 @@ export class AclMiddleware implements NestInterceptor { const res = context.switchToHttp().getResponse(); req.customProperty = 'This is a custom property'; - const roles: Record = extractRolesObj(req.user.roles); + const roles: Record = extractRolesObj(req.user?.roles); if (req?.user?.is_api_token && blockApiTokenAccess) { NcError.forbidden('Not allowed with API token'); diff --git a/packages/nocodb-nest/src/modules/audits/audits.controller.ts b/packages/nocodb-nest/src/modules/audits/audits.controller.ts index 6252c5fe41..e6deb38aaa 100644 --- a/packages/nocodb-nest/src/modules/audits/audits.controller.ts +++ b/packages/nocodb-nest/src/modules/audits/audits.controller.ts @@ -7,13 +7,19 @@ import { Post, Query, Request, + UseGuards, } from '@nestjs/common'; import { PagedResponseImpl } from '../../helpers/PagedResponse'; -import { Acl } from '../../middlewares/extract-project-id/extract-project-id.middleware'; +import { + Acl, + ExtractProjectIdMiddleware, +} from '../../middlewares/extract-project-id/extract-project-id.middleware'; import { Audit } from '../../models'; import { AuditsService } from './audits.service'; +import { AuthGuard } from '@nestjs/passport'; @Controller() +@UseGuards(ExtractProjectIdMiddleware, AuthGuard('jwt')) export class AuditsController { constructor(private readonly auditsService: AuditsService) {}