Browse Source

Allow uploads for public base url users with editor role

pull/5033/head
djmaze 2 years ago committed by Martin Honermeyer
parent
commit
791f45a7d6
  1. 3
      packages/nocodb/src/lib/meta/api/attachmentApis.ts

3
packages/nocodb/src/lib/meta/api/attachmentApis.ts

@ -16,7 +16,7 @@ import Local from '../../v1-legacy/plugins/adapters/storage/Local';
import { NC_ATTACHMENT_FIELD_SIZE } from '../../constants';
const isUploadAllowed = async (req: Request, _res: Response, next: any) => {
if (!req['user']?.id) {
if (!req['user']) {
NcError.unauthorized('Unauthorized');
}
@ -25,6 +25,7 @@ const isUploadAllowed = async (req: Request, _res: Response, next: any) => {
if (
req['user'].roles?.includes(OrgUserRoles.SUPER_ADMIN) ||
req['user'].roles?.includes(OrgUserRoles.CREATOR) ||
(req['user'].isPublicBase && req['user'].roles?.includes(ProjectRoles.EDITOR)) ||
// if viewer then check at-least one project have editor or higher role
// todo: cache
!!(await Noco.ncMeta

Loading…
Cancel
Save