Browse Source

fix: include isAuthorized prop

pull/7444/head
Pranav C 10 months ago
parent
commit
9f34b6d602
  1. 9
      packages/nocodb/src/middlewares/extract-ids/extract-ids.middleware.ts
  2. 5
      packages/nocodb/src/strategies/jwt.strategy.ts

9
packages/nocodb/src/middlewares/extract-ids/extract-ids.middleware.ts

@ -216,16 +216,15 @@ export class AclMiddleware implements NestInterceptor {
const req = context.switchToHttp().getRequest();
if (!req.user?.isAuthorized) {
NcError.unauthorized('Invalid token');
}
const userScopeRole =
req.user.roles?.[OrgUserRoles.SUPER_ADMIN] === true
? OrgUserRoles.SUPER_ADMIN
: getUserRoleForScope(req.user, scope);
if (!userScopeRole) {
if (!userScopeRole)
if (!req.user?.isAuthorized) {
NcError.unauthorized('Invalid token');
}
NcError.forbidden("You don't have permission to access this resource");
}

5
packages/nocodb/src/strategies/jwt.strategy.ts

@ -25,10 +25,11 @@ export class JwtStrategy extends PassportStrategy(Strategy) {
) {
throw new Error('Token Expired. Please login again.');
}
return User.getWithRoles(user.id, {
const userWithRoles = await User.getWithRoles(user.id, {
user,
baseId: req.ncBaseId,
});
return userWithRoles && { ...userWithRoles, isAuthorized: true };
}
}

Loading…
Cancel
Save