From bd273037a8584fcd483929dd0da1e8a8a000e128 Mon Sep 17 00:00:00 2001 From: mertmit Date: Thu, 7 Sep 2023 12:02:32 +0300 Subject: [PATCH] fix: acl for cache apis Signed-off-by: mertmit --- .../nocodb/src/controllers/caches.controller.ts | 13 +++++++++++-- packages/nocodb/src/utils/acl.ts | 4 ++++ 2 files changed, 15 insertions(+), 2 deletions(-) diff --git a/packages/nocodb/src/controllers/caches.controller.ts b/packages/nocodb/src/controllers/caches.controller.ts index cc0eeda981..11ecf6b75c 100644 --- a/packages/nocodb/src/controllers/caches.controller.ts +++ b/packages/nocodb/src/controllers/caches.controller.ts @@ -1,4 +1,5 @@ import { Controller, Delete, Get, UseGuards } from '@nestjs/common'; +import { OrgUserRoles } from 'nocodb-sdk'; import { CachesService } from '~/services/caches.service'; import { GlobalGuard } from '~/guards/global/global.guard'; import { Acl } from '~/middlewares/extract-ids/extract-ids.middleware'; @@ -9,7 +10,11 @@ export class CachesController { constructor(private readonly cachesService: CachesService) {} @Get('/api/v1/db/meta/cache') - @Acl('cacheGet') + @Acl('cacheGet', { + scope: 'org', + allowedRoles: [OrgUserRoles.SUPER_ADMIN], + blockApiTokenAccess: true, + }) async cacheGet(_, res) { const data = await this.cachesService.cacheGet(); res.set({ @@ -20,7 +25,11 @@ export class CachesController { } @Delete('/api/v1/db/meta/cache') - @Acl('cacheDelete') + @Acl('cacheDelete', { + scope: 'org', + allowedRoles: [OrgUserRoles.SUPER_ADMIN], + blockApiTokenAccess: true, + }) async cacheDelete() { return await this.cachesService.cacheDelete(); } diff --git a/packages/nocodb/src/utils/acl.ts b/packages/nocodb/src/utils/acl.ts index a6737efee8..3bce1cdbef 100644 --- a/packages/nocodb/src/utils/acl.ts +++ b/packages/nocodb/src/utils/acl.ts @@ -37,6 +37,10 @@ const permissionScopes = { 'testConnection', 'genericGPT', + // Cache + 'cacheGet', + 'cacheDelete', + // TODO: add ACL with project scope 'upload', 'uploadViaURL',