Browse Source

fix: req user references

Signed-off-by: mertmit <mertmit99@gmail.com>
pull/6307/head
mertmit 1 year ago
parent
commit
c8aa357ed8
  1. 2
      packages/nc-gui/components/project/AccessSettings.vue
  2. 8
      packages/nocodb-sdk/src/lib/enums.ts
  3. 48
      packages/nocodb/src/services/project-users/project-users.service.ts
  4. 5
      packages/nocodb/src/utils/roleHelper.ts

2
packages/nc-gui/components/project/AccessSettings.vue

@ -187,7 +187,7 @@ const accessibleRoles = computed<(typeof ProjectRoles)[keyof typeof ProjectRoles
class="w-35 !rounded px-1"
:virtual="true"
:placeholder="$t('labels.noAccess')"
:disabled="collab.id === user?.id"
:disabled="collab.id === user?.id || (collab.roles && !accessibleRoles.includes(collab.roles))"
:allow-clear="!isEeUI"
@change="(value) => updateCollaborator(collab, value)"
>

8
packages/nocodb-sdk/src/lib/enums.ts

@ -175,7 +175,7 @@ export const RoleLabels = {
[OrgUserRoles.SUPER_ADMIN]: 'Super',
[OrgUserRoles.CREATOR]: 'Creator',
[OrgUserRoles.VIEWER]: 'Viewer',
}
};
export const RoleColors = {
[WorkspaceUserRoles.OWNER]: 'purple',
@ -192,7 +192,7 @@ export const RoleColors = {
[ProjectRoles.NO_ACCESS]: 'red',
[OrgUserRoles.CREATOR]: 'blue',
[OrgUserRoles.VIEWER]: 'yellow',
}
};
export const OrderedWorkspaceRoles = [
WorkspaceUserRoles.OWNER,
@ -202,7 +202,7 @@ export const OrderedWorkspaceRoles = [
WorkspaceUserRoles.VIEWER,
// placeholder for no access
null,
]
];
export const OrderedProjectRoles = [
ProjectRoles.OWNER,
@ -211,4 +211,4 @@ export const OrderedProjectRoles = [
ProjectRoles.COMMENTER,
ProjectRoles.VIEWER,
ProjectRoles.NO_ACCESS,
]
];

48
packages/nocodb/src/services/project-users/project-users.service.ts

@ -1,5 +1,10 @@
import { Injectable } from '@nestjs/common';
import { AppEvents, OrgUserRoles, PluginCategory } from 'nocodb-sdk';
import {
AppEvents,
OrgUserRoles,
PluginCategory,
ProjectRoles,
} from 'nocodb-sdk';
import { v4 as uuidv4 } from 'uuid';
import * as ejs from 'ejs';
import validator from 'validator';
@ -16,6 +21,7 @@ import { Project, ProjectUser, User } from '~/models';
import { CacheGetType, CacheScope, MetaTable } from '~/utils/globals';
import { extractProps } from '~/helpers/extractProps';
import { getProjectRolePower } from '~/utils/roleHelper';
@Injectable()
export class ProjectUsersService {
@ -193,25 +199,43 @@ export class ProjectUsersService {
return NcError.badRequest('Invalid project id');
}
if (param.projectUser.roles.includes(ProjectRoles.OWNER)) {
NcError.badRequest('Owner cannot be updated');
}
if (
param.req.session?.passport?.user?.roles?.owner &&
param.req.session?.passport?.user?.id === param.userId &&
param.projectUser.roles.indexOf('owner') === -1
![
ProjectRoles.CREATOR,
ProjectRoles.EDITOR,
ProjectRoles.COMMENTER,
ProjectRoles.VIEWER,
ProjectRoles.NO_ACCESS,
].includes(param.projectUser.roles as ProjectRoles)
) {
NcError.badRequest("Super admin can't remove Super role themselves");
NcError.badRequest('Invalid role');
}
const user = await User.get(param.userId);
if (!user) {
NcError.badRequest(`User with id '${param.userId}' doesn't exist`);
}
// todo: handle roles which contains super
const targetUser = await User.getWithRoles(param.userId, {
user,
projectId: param.projectId,
});
if (!targetUser) {
NcError.badRequest(
`User with id '${param.userId}' doesn't exist in this project`,
);
}
if (
!param.req.session?.passport?.user?.roles?.owner &&
param.projectUser.roles.indexOf('owner') > -1
getProjectRolePower(targetUser) >= getProjectRolePower(param.req.user)
) {
NcError.forbidden('Insufficient privilege to add super admin role.');
NcError.badRequest(`Insufficient privilege to update user`);
}
await ProjectUser.updateRoles(
@ -241,11 +265,11 @@ export class ProjectUsersService {
}): Promise<any> {
const project_id = param.projectId;
if (param.req.session?.passport?.user?.id === param.userId) {
if (param.req.user?.id === param.userId) {
NcError.badRequest("Admin can't delete themselves!");
}
if (!param.req.session?.passport?.user?.roles?.owner) {
if (!param.req.user?.roles?.owner) {
const user = await User.get(param.userId);
if (user.roles?.split(',').includes('super'))
NcError.forbidden(
@ -336,7 +360,7 @@ export class ProjectUsersService {
.split(',')
.map((r) => r.replace(/^./, (m) => m.toUpperCase()))
.join(', '),
adminEmail: req.session?.passport?.user?.email,
adminEmail: req.user?.email,
}),
});
return true;

5
packages/nocodb/src/utils/roleHelper.ts

@ -1,5 +1,6 @@
import { OrderedProjectRoles } from 'nocodb-sdk';
import { NcError } from 'src/helpers/catchError';
import type { ProjectRoles } from 'nocodb-sdk';
export function getProjectRolePower(user: any) {
const reverseOrderedProjectRoles = [...OrderedProjectRoles].reverse();
@ -7,8 +8,8 @@ export function getProjectRolePower(user: any) {
// get most powerful role of user (TODO moving forward we will confirm that user has only one role)
let role = null;
let power = -1;
for (const r of user.project_roles) {
const ind = reverseOrderedProjectRoles.indexOf(r);
for (const r of Object.keys(user.project_roles)) {
const ind = reverseOrderedProjectRoles.indexOf(r as ProjectRoles);
if (ind > power) {
role = r;
power = ind;

Loading…
Cancel
Save