mirror of https://github.com/nocodb/nocodb
Pranav C
2 years ago
3 changed files with 63 additions and 5 deletions
@ -0,0 +1,7 @@
|
||||
import { IsUploadAllowedInterceptor } from './is-upload-allowed.interceptor'; |
||||
|
||||
describe('IsUploadAllowedInterceptor', () => { |
||||
it('should be defined', () => { |
||||
expect(new IsUploadAllowedInterceptor()).toBeDefined(); |
||||
}); |
||||
}); |
@ -0,0 +1,49 @@
|
||||
import { |
||||
Injectable, |
||||
NestInterceptor, |
||||
ExecutionContext, |
||||
CallHandler, |
||||
} from '@nestjs/common'; |
||||
import { OrgUserRoles, ProjectRoles } from 'nocodb-sdk'; |
||||
import { Observable, throwError } from 'rxjs'; |
||||
import { NcError } from '../../helpers/catchError'; |
||||
import Noco from '../../Noco'; |
||||
import extractRolesObj from '../../utils/extractRolesObj'; |
||||
import { MetaTable } from '../../utils/globals'; |
||||
|
||||
@Injectable() |
||||
export class UploadAllowedInterceptor implements NestInterceptor { |
||||
async intercept( |
||||
context: ExecutionContext, |
||||
next: CallHandler, |
||||
): Promise<Observable<any>> { |
||||
const request = context.switchToHttp().getRequest(); |
||||
|
||||
if (!request['user']?.id) { |
||||
if (!request['user']?.isPublicBase) { |
||||
NcError.unauthorized('Unauthorized'); |
||||
} |
||||
} |
||||
|
||||
try { |
||||
if ( |
||||
extractRolesObj(request['user'].roles)[OrgUserRoles.SUPER_ADMIN] || |
||||
extractRolesObj(request['user'].roles)[OrgUserRoles.CREATOR] || |
||||
extractRolesObj(request['user'].roles)[ProjectRoles.EDITOR] || |
||||
!!(await Noco.ncMeta |
||||
.knex(MetaTable.PROJECT_USERS) |
||||
.where(function () { |
||||
this.where('roles', ProjectRoles.OWNER); |
||||
this.orWhere('roles', ProjectRoles.CREATOR); |
||||
this.orWhere('roles', ProjectRoles.EDITOR); |
||||
}) |
||||
.andWhere('fk_user_id', request['user'].id) |
||||
.first()) |
||||
) { |
||||
return next.handle(); |
||||
} |
||||
} catch {} |
||||
|
||||
NcError.badRequest('Upload not allowed'); |
||||
} |
||||
} |
Loading…
Reference in new issue