github
/
nocodb
mirror of https://github.com/nocodb/nocodb
1
0
Fork 0
Code Issues Releases Wiki Activity
Browse Source

feat(api): show tokens only belongs to the user for non-super admin user 

Signed-off-by: Pranav C <pranavxc@gmail.com>
pull/4134/head
Pranav C 2 years ago
parent
33efebf146
commit
77230b96c2
2 changed files with 27 additions and 4 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 20
      packages/nocodb/src/lib/meta/api/orgTokenApis.ts
  2. 11
      packages/nocodb/src/lib/models/ApiToken.ts

20
packages/nocodb/src/lib/meta/api/orgTokenApis.ts
Unescape View File

@ -3,14 +3,20 @@ import { OrgUserRoles } from '../../../enums/OrgUserRoles';
import ApiToken from '../../models/ApiToken'; import ApiToken from '../../models/ApiToken';
import { Tele } from '../../utils/Tele'; import { Tele } from '../../utils/Tele';
import { metaApiMetrics } from '../helpers/apiMetrics'; import { metaApiMetrics } from '../helpers/apiMetrics';
import { NcError } from '../helpers/catchError';
import ncMetaAclMw from '../helpers/ncMetaAclMw'; import ncMetaAclMw from '../helpers/ncMetaAclMw';
import { PagedResponseImpl } from '../helpers/PagedResponse'; import { PagedResponseImpl } from '../helpers/PagedResponse';
async function apiTokenList(req, res) { async function apiTokenList(req, res) {
let fk_user_id = req.user.id;
if (req.user.roles.includes(OrgUserRoles.SUPER)) {
fk_user_id = undefined;
}
res.json( res.json(
new PagedResponseImpl(await ApiToken.listWithCreatedBy(req.query), { new PagedResponseImpl(await ApiToken.listWithCreatedBy(req.query), {
...req.query, ...req.query,
count: await ApiToken.count(), count: await ApiToken.count(),
fk_user_id,
}) })
); );
} }
@ -21,6 +27,14 @@ export async function apiTokenCreate(req: Request, res: Response) {
} }
export async function apiTokenDelete(req: Request, res: Response) { export async function apiTokenDelete(req: Request, res: Response) {
const fk_user_id = req['user'].id;
const apiToken = await ApiToken.getByToken(req.params.apiTokenId);
if (
!req['user'].roles.includes(OrgUserRoles.SUPER) &&
apiToken.fk_user_id !== fk_user_id
) {
NcError.notFound('Token not found');
}
Tele.emit('evt', { evt_type: 'org:apiToken:deleted' }); Tele.emit('evt', { evt_type: 'org:apiToken:deleted' });
res.json(await ApiToken.delete(req.params.token)); res.json(await ApiToken.delete(req.params.token));
} }
@ -31,7 +45,7 @@ router.get(
'/api/v1/tokens', '/api/v1/tokens',
metaApiMetrics, metaApiMetrics,
ncMetaAclMw(apiTokenList, 'apiTokenList', { ncMetaAclMw(apiTokenList, 'apiTokenList', {
allowedRoles: [OrgUserRoles.SUPER], // allowedRoles: [OrgUserRoles.SUPER],
blockApiTokenAccess: true, blockApiTokenAccess: true,
}) })
); );
@ -39,7 +53,7 @@ router.post(
'/api/v1/tokens', '/api/v1/tokens',
metaApiMetrics, metaApiMetrics,
ncMetaAclMw(apiTokenCreate, 'apiTokenCreate', { ncMetaAclMw(apiTokenCreate, 'apiTokenCreate', {
allowedRoles: [OrgUserRoles.SUPER], // allowedRoles: [OrgUserRoles.SUPER],
blockApiTokenAccess: true, blockApiTokenAccess: true,
}) })
); );
@ -47,7 +61,7 @@ router.delete(
'/api/v1/tokens/:token', '/api/v1/tokens/:token',
metaApiMetrics, metaApiMetrics,
ncMetaAclMw(apiTokenDelete, 'apiTokenDelete', { ncMetaAclMw(apiTokenDelete, 'apiTokenDelete', {
allowedRoles: [OrgUserRoles.SUPER], // allowedRoles: [OrgUserRoles.SUPER],
blockApiTokenAccess: true, blockApiTokenAccess: true,
}) })
); );

11
packages/nocodb/src/lib/models/ApiToken.ts
Unescape View File

@ -78,7 +78,11 @@ export default class ApiToken {
} }
public static async listWithCreatedBy( public static async listWithCreatedBy(
{ limit = 10, offset = 0 }: { limit: number; offset: number }, {
limit = 10,
offset = 0,
fk_user_id,
}: { limit: number; offset: number; fk_user_id?: string },
ncMeta = Noco.ncMeta ncMeta = Noco.ncMeta
) { ) {
const queryBuilder = ncMeta const queryBuilder = ncMeta
@ -103,6 +107,11 @@ export default class ApiToken {
) )
.as('created_by') .as('created_by')
); );
if (fk_user_id) {
queryBuilder.where('fk_user_id', fk_user_id);
}
return queryBuilder; return queryBuilder;
} }
} }

Write Preview
Loading…
Cancel
Save