github
/
nocodb
mirror of https://github.com/nocodb/nocodb
1
0
Fork 0
Code Issues Releases Wiki Activity
Browse Source

fix: check roles against roles object 

Signed-off-by: Pranav C <pranavxc@gmail.com>
pull/5444/head
Pranav C 2 years ago
parent
e6abb3890d
commit
70844cefc7
4 changed files with 10 additions and 6 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 3
      packages/nocodb-nest/src/modules/api-tokens/api-tokens.service.ts
  2. 3
      packages/nocodb-nest/src/modules/org-tokens/ee/org-tokens/org-tokens-ee.service.ts
  3. 5
      packages/nocodb-nest/src/modules/org-tokens/org-tokens.service.ts
  4. 5
      packages/nocodb-nest/src/modules/org-users/org-users.service.ts

3
packages/nocodb-nest/src/modules/api-tokens/api-tokens.service.ts
Unescape View File

@ -6,6 +6,7 @@ import { NcError } from '../../helpers/catchError';
import { ApiToken } from '../../models'; import { ApiToken } from '../../models';
import type { User } from '../../models'; import type { User } from '../../models';
import type { ApiTokenReqType } from 'nocodb-sdk'; import type { ApiTokenReqType } from 'nocodb-sdk';
import extractRolesObj from '../../utils/extractRolesObj'
@Injectable() @Injectable()
export class ApiTokensService { export class ApiTokensService {
@ -28,7 +29,7 @@ export class ApiTokensService {
async apiTokenDelete(param: { token; user: User }) { async apiTokenDelete(param: { token; user: User }) {
const apiToken = await ApiToken.getByToken(param.token); const apiToken = await ApiToken.getByToken(param.token);
if ( if (
!param.user.roles.includes(OrgUserRoles.SUPER_ADMIN) && !extractRolesObj(param.user.roles)[OrgUserRoles.SUPER_ADMIN] &&
apiToken.fk_user_id !== param.user.id apiToken.fk_user_id !== param.user.id
) { ) {
NcError.notFound('Token not found'); NcError.notFound('Token not found');

3
packages/nocodb-nest/src/modules/org-tokens/ee/org-tokens/org-tokens-ee.service.ts
Unescape View File

@ -3,6 +3,7 @@ import { OrgUserRoles } from 'nocodb-sdk';
import { PagedResponseImpl } from '../../../../helpers/PagedResponse'; import { PagedResponseImpl } from '../../../../helpers/PagedResponse';
import { ApiToken } from '../../../../models'; import { ApiToken } from '../../../../models';
import type { UserType } from 'nocodb-sdk'; import type { UserType } from 'nocodb-sdk';
import extractRolesObj from '../../../../utils/extractRolesObj'
@Injectable() @Injectable()
export class OrgTokensEeService { export class OrgTokensEeService {
@ -10,7 +11,7 @@ export class OrgTokensEeService {
let fk_user_id = param.user.id; let fk_user_id = param.user.id;
// if super admin get all tokens // if super admin get all tokens
if (param.user.roles.includes(OrgUserRoles.SUPER_ADMIN)) { if (extractRolesObj(param.user.roles)[OrgUserRoles.SUPER_ADMIN]) {
fk_user_id = undefined; fk_user_id = undefined;
} }

5
packages/nocodb-nest/src/modules/org-tokens/org-tokens.service.ts
Unescape View File

@ -7,13 +7,14 @@ import { PagedResponseImpl } from '../../helpers/PagedResponse';
import { ApiToken } from '../../models'; import { ApiToken } from '../../models';
import type { User } from '../../models'; import type { User } from '../../models';
import type { ApiTokenReqType } from 'nocodb-sdk'; import type { ApiTokenReqType } from 'nocodb-sdk';
import extractRolesObj from '../../utils/extractRolesObj'
@Injectable() @Injectable()
export class OrgTokensService { export class OrgTokensService {
async apiTokenList(param: { user: User; query: any }) { async apiTokenList(param: { user: User; query: any }) {
const fk_user_id = param.user.id; const fk_user_id = param.user.id;
let includeUnmappedToken = false; let includeUnmappedToken = false;
if (param.user.roles.includes(OrgUserRoles.SUPER_ADMIN)) { if (extractRolesObj(param.user.roles)[OrgUserRoles.SUPER_ADMIN]) {
includeUnmappedToken = true; includeUnmappedToken = true;
} }
@ -50,7 +51,7 @@ export class OrgTokensService {
const fk_user_id = param.user.id; const fk_user_id = param.user.id;
const apiToken = await ApiToken.getByToken(param.token); const apiToken = await ApiToken.getByToken(param.token);
if ( if (
!param.user.roles.includes(OrgUserRoles.SUPER_ADMIN) && !extractRolesObj(param.user.roles)[OrgUserRoles.SUPER_ADMIN] &&
apiToken.fk_user_id !== fk_user_id apiToken.fk_user_id !== fk_user_id
) { ) {
NcError.notFound('Token not found'); NcError.notFound('Token not found');

5
packages/nocodb-nest/src/modules/org-users/org-users.service.ts
Unescape View File

@ -16,6 +16,7 @@ import { randomTokenString } from '../../helpers/stringHelpers';
import { Audit, ProjectUser, Store, SyncSource, User } from '../../models'; import { Audit, ProjectUser, Store, SyncSource, User } from '../../models';
import Noco from '../../Noco'; import Noco from '../../Noco';
import extractRolesObj from '../../utils/extractRolesObj'
import { MetaTable } from '../../utils/globals'; import { MetaTable } from '../../utils/globals';
import { ProjectUsersService } from '../project-users/project-users.service'; import { ProjectUsersService } from '../project-users/project-users.service';
import type { UserType } from 'nocodb-sdk'; import type { UserType } from 'nocodb-sdk';
@ -42,7 +43,7 @@ export class OrgUsersService {
const user = await User.get(param.userId); const user = await User.get(param.userId);
if (user.roles.includes(OrgUserRoles.SUPER_ADMIN)) { if (extractRolesObj(user.roles)[OrgUserRoles.SUPER_ADMIN]) {
NcError.badRequest('Cannot update super admin roles'); NcError.badRequest('Cannot update super admin roles');
} }
@ -57,7 +58,7 @@ export class OrgUsersService {
try { try {
const user = await User.get(param.userId, ncMeta); const user = await User.get(param.userId, ncMeta);
if (user.roles.includes(OrgUserRoles.SUPER_ADMIN)) { if (extractRolesObj(user.roles)[OrgUserRoles.SUPER_ADMIN]) {
NcError.badRequest('Cannot delete super admin'); NcError.badRequest('Cannot delete super admin');
} }

Write Preview
Loading…
Cancel
Save