Merge pull request #3471 from nocodb/fix/gui-v2-permission-middleware

fix(gui-v2): show error message when accessing projects with insuffic…
2 years ago · a4700f6766
1 changed files with 11 additions and 0 deletions
--- a/packages/nc-gui-v2/middleware/auth.global.ts
+++ b/packages/nc-gui-v2/middleware/auth.global.ts
@ -36,6 +36,8 @@ import { useApi, useGlobal } from '#imports'
 export default defineNuxtRouteMiddleware(async (to, from) => {
  const state = useGlobal()

+  const { api } = useApi()
+
  /** if user isn't signed in and google auth is enabled, try to check if sign-in data is present */
  if (!state.signedIn && state.appInfo.value.googleAuthEnabled) await tryGoogleAuth()

@ -65,6 +67,15 @@ export default defineNuxtRouteMiddleware(async (to, from) => {
    } else {
      return navigateTo(from.path)
    }
+  } else {
+    /** if users are accessing the projects without having enough permissions, redirect to My Projects page */
+    if (to.params.projectId) {
+      const user = await api.auth.me({ project_id: to?.params?.projectId as string })
+      if (user?.roles?.user) {
+        message.error("You don't have enough permission to access the project.")
+        return navigateTo('/')
+      }
+    }
  }
 })