From 791f45a7d675fa13eb67d2f6479f4f843fe8fb46 Mon Sep 17 00:00:00 2001
From: djmaze <7229+djmaze@users.noreply.github.com>
Date: Sat, 4 Feb 2023 17:30:47 +0100
Subject: [PATCH] Allow uploads for public base url users with editor role

---
 packages/nocodb/src/lib/meta/api/attachmentApis.ts | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/packages/nocodb/src/lib/meta/api/attachmentApis.ts b/packages/nocodb/src/lib/meta/api/attachmentApis.ts
index 9d619ae592..12860d5324 100644
--- a/packages/nocodb/src/lib/meta/api/attachmentApis.ts
+++ b/packages/nocodb/src/lib/meta/api/attachmentApis.ts
@@ -16,7 +16,7 @@ import Local from '../../v1-legacy/plugins/adapters/storage/Local';
 import { NC_ATTACHMENT_FIELD_SIZE } from '../../constants';
 
 const isUploadAllowed = async (req: Request, _res: Response, next: any) => {
-  if (!req['user']?.id) {
+  if (!req['user']) {
     NcError.unauthorized('Unauthorized');
   }
 
@@ -25,6 +25,7 @@ const isUploadAllowed = async (req: Request, _res: Response, next: any) => {
     if (
       req['user'].roles?.includes(OrgUserRoles.SUPER_ADMIN) ||
       req['user'].roles?.includes(OrgUserRoles.CREATOR) ||
+      (req['user'].isPublicBase && req['user'].roles?.includes(ProjectRoles.EDITOR)) ||
       // if viewer then check at-least one project have editor or higher role
       // todo: cache
       !!(await Noco.ncMeta