diff --git a/packages/nocodb/src/middlewares/extract-ids/extract-ids.middleware.ts b/packages/nocodb/src/middlewares/extract-ids/extract-ids.middleware.ts index 34ac965b02..10928bf23e 100644 --- a/packages/nocodb/src/middlewares/extract-ids/extract-ids.middleware.ts +++ b/packages/nocodb/src/middlewares/extract-ids/extract-ids.middleware.ts @@ -216,16 +216,15 @@ export class AclMiddleware implements NestInterceptor { const req = context.switchToHttp().getRequest(); - if (!req.user?.isAuthorized) { - NcError.unauthorized('Invalid token'); - } - const userScopeRole = req.user.roles?.[OrgUserRoles.SUPER_ADMIN] === true ? OrgUserRoles.SUPER_ADMIN : getUserRoleForScope(req.user, scope); - if (!userScopeRole) { + if (!userScopeRole) + if (!req.user?.isAuthorized) { + NcError.unauthorized('Invalid token'); + } NcError.forbidden("You don't have permission to access this resource"); } diff --git a/packages/nocodb/src/strategies/jwt.strategy.ts b/packages/nocodb/src/strategies/jwt.strategy.ts index 74db4e8588..ac91e672e0 100644 --- a/packages/nocodb/src/strategies/jwt.strategy.ts +++ b/packages/nocodb/src/strategies/jwt.strategy.ts @@ -25,10 +25,11 @@ export class JwtStrategy extends PassportStrategy(Strategy) { ) { throw new Error('Token Expired. Please login again.'); } - - return User.getWithRoles(user.id, { + const userWithRoles = await User.getWithRoles(user.id, { user, baseId: req.ncBaseId, }); + + return userWithRoles && { ...userWithRoles, isAuthorized: true }; } }