Merge pull request #6319 from nocodb/fix/acl-cache

fix: acl for cache apis
1 year ago · 868446a99d
2 changed files with 15 additions and 2 deletions
--- a/packages/nocodb/src/controllers/caches.controller.ts
+++ b/packages/nocodb/src/controllers/caches.controller.ts
@ -1,4 +1,5 @@
 import { Controller, Delete, Get, UseGuards } from '@nestjs/common';
+import { OrgUserRoles } from 'nocodb-sdk';
 import { CachesService } from '~/services/caches.service';
 import { GlobalGuard } from '~/guards/global/global.guard';
 import { Acl } from '~/middlewares/extract-ids/extract-ids.middleware';
@ -9,7 +10,11 @@ export class CachesController {
  constructor(private readonly cachesService: CachesService) {}

  @Get('/api/v1/db/meta/cache')
-  @Acl('cacheGet')
+  @Acl('cacheGet', {
+    scope: 'org',
+    allowedRoles: [OrgUserRoles.SUPER_ADMIN],
+    blockApiTokenAccess: true,
+  })
  async cacheGet(_, res) {
    const data = await this.cachesService.cacheGet();
    res.set({
@ -20,7 +25,11 @@ export class CachesController {
  }

  @Delete('/api/v1/db/meta/cache')
-  @Acl('cacheDelete')
+  @Acl('cacheDelete', {
+    scope: 'org',
+    allowedRoles: [OrgUserRoles.SUPER_ADMIN],
+    blockApiTokenAccess: true,
+  })
  async cacheDelete() {
    return await this.cachesService.cacheDelete();
  }
--- a/packages/nocodb/src/utils/acl.ts
+++ b/packages/nocodb/src/utils/acl.ts
@ -37,6 +37,10 @@ const permissionScopes = {
    'testConnection',
    'genericGPT',

+    // Cache
+    'cacheGet',
+    'cacheDelete',
+
    // TODO: add ACL with project scope
    'upload',
    'uploadViaURL',