Browse Source

fix: if unauthorized return with 401

pull/7444/head
Pranav C 12 months ago
parent
commit
d6645f58df
  1. 28
      packages/nc-gui/components/smartsheet/details/Fields.vue
  2. 2
      packages/nc-gui/composables/useApi/interceptors.ts
  3. 2
      packages/nocodb/src/helpers/PagedResponse.ts
  4. 8
      packages/nocodb/src/middlewares/extract-ids/extract-ids.middleware.ts

28
packages/nc-gui/components/smartsheet/details/Fields.vue

@ -819,8 +819,8 @@ watch(
<template v-else> <template v-else>
<div class="flex w-full justify-between py-2"> <div class="flex w-full justify-between py-2">
<a-input <a-input
data-testid="nc-field-search-input"
v-model:value="searchQuery" v-model:value="searchQuery"
data-testid="nc-field-search-input"
class="!h-8 !px-1 !rounded-lg !w-72" class="!h-8 !px-1 !rounded-lg !w-72"
:placeholder="$t('placeholder.searchFields')" :placeholder="$t('placeholder.searchFields')"
> >
@ -832,8 +832,8 @@ watch(
v-if="searchQuery.length > 0" v-if="searchQuery.length > 0"
icon="close" icon="close"
class="mx-1 h-3.5 w-3.5 text-gray-500 group-hover:text-black" class="mx-1 h-3.5 w-3.5 text-gray-500 group-hover:text-black"
@click="searchQuery = ''"
data-testid="nc-field-clear-search" data-testid="nc-field-clear-search"
@click="searchQuery = ''"
/> />
</template> </template>
</a-input> </a-input>
@ -888,16 +888,16 @@ watch(
:model-value="fields" :model-value="fields"
:disabled="isLocked" :disabled="isLocked"
item-key="id" item-key="id"
@change="onMove($event)"
data-testid="nc-field-list-wrapper" data-testid="nc-field-list-wrapper"
@change="onMove($event)"
> >
<template #item="{ element: field }"> <template #item="{ element: field }">
<div <div
v-if="field.title.toLowerCase().includes(searchQuery.toLowerCase()) && !field.pv" v-if="field.title.toLowerCase().includes(searchQuery.toLowerCase()) && !field.pv"
class="flex px-2 hover:bg-gray-100 first:rounded-t-lg border-b-1 last:rounded-b-none border-gray-200 pl-5 group" class="flex px-2 hover:bg-gray-100 first:rounded-t-lg border-b-1 last:rounded-b-none border-gray-200 pl-5 group"
:class="` ${compareCols(field, activeField) ? 'selected' : ''}`" :class="` ${compareCols(field, activeField) ? 'selected' : ''}`"
@click="changeField(field, $event)"
:data-testid="`nc-field-item-${fieldState(field)?.title || field.title}`" :data-testid="`nc-field-item-${fieldState(field)?.title || field.title}`"
@click="changeField(field, $event)"
> >
<div class="flex items-center flex-1 py-2.5 gap-1 w-2/6"> <div class="flex items-center flex-1 py-2.5 gap-1 w-2/6">
<component <component
@ -913,12 +913,12 @@ watch(
:checked=" :checked="
visibilityOps.find((op) => op.column.fk_column_id === field.id)?.visible ?? viewFieldsMap[field.id].show visibilityOps.find((op) => op.column.fk_column_id === field.id)?.visible ?? viewFieldsMap[field.id].show
" "
data-testid="nc-field-visibility-checkbox"
@change=" @change="
(event: any) => { (event: any) => {
toggleVisibility(event.target.checked, viewFieldsMap[field.id]) toggleVisibility(event.target.checked, viewFieldsMap[field.id])
} }
" "
data-testid="nc-field-visibility-checkbox"
/> />
<NcCheckbox v-else :disabled="true" class="opacity-0" :checked="true" /> <NcCheckbox v-else :disabled="true" class="opacity-0" :checked="true" />
<SmartsheetHeaderVirtualCellIcon <SmartsheetHeaderVirtualCellIcon
@ -994,8 +994,8 @@ watch(
size="small" size="small"
class="no-action mr-2" class="no-action mr-2"
:disabled="loading" :disabled="loading"
@click="recoverField(field)"
data-testid="nc-field-restore-changes" data-testid="nc-field-restore-changes"
@click="recoverField(field)"
> >
<div class="flex items-center text-xs gap-1"> <div class="flex items-center text-xs gap-1">
<GeneralIcon icon="reload" /> <GeneralIcon icon="reload" />
@ -1030,8 +1030,8 @@ watch(
<div <div
class="flex flex-row px-3 py-2 w-46 justify-between items-center group hover:bg-gray-100 cursor-pointer" class="flex flex-row px-3 py-2 w-46 justify-between items-center group hover:bg-gray-100 cursor-pointer"
@click="onClickCopyFieldUrl(field)"
data-testid="nc-field-item-action-copy-id" data-testid="nc-field-item-action-copy-id"
@click="onClickCopyFieldUrl(field)"
> >
<div class="flex flex-row items-baseline gap-x-1 font-bold text-xs"> <div class="flex flex-row items-baseline gap-x-1 font-bold text-xs">
<div class="text-gray-600">{{ $t('labels.idColon') }}</div> <div class="text-gray-600">{{ $t('labels.idColon') }}</div>
@ -1051,16 +1051,16 @@ watch(
<template v-if="!isLocked"> <template v-if="!isLocked">
<NcMenuItem <NcMenuItem
key="table-explorer-duplicate" key="table-explorer-duplicate"
@click="duplicateField(field)"
data-testid="nc-field-item-action-duplicate" data-testid="nc-field-item-action-duplicate"
@click="duplicateField(field)"
> >
<Icon class="iconify text-gray-800" icon="lucide:copy" /><span>{{ $t('general.duplicate') }}</span> <Icon class="iconify text-gray-800" icon="lucide:copy" /><span>{{ $t('general.duplicate') }}</span>
</NcMenuItem> </NcMenuItem>
<NcMenuItem <NcMenuItem
v-if="!field.pv" v-if="!field.pv"
key="table-explorer-insert-above" key="table-explorer-insert-above"
@click="addField(field, true)"
data-testid="nc-field-item-action-insert-above" data-testid="nc-field-item-action-insert-above"
@click="addField(field, true)"
> >
<Icon class="iconify text-gray-800" icon="lucide:arrow-up" /><span>{{ <Icon class="iconify text-gray-800" icon="lucide:arrow-up" /><span>{{
$t('general.insertAbove') $t('general.insertAbove')
@ -1068,8 +1068,8 @@ watch(
</NcMenuItem> </NcMenuItem>
<NcMenuItem <NcMenuItem
key="table-explorer-insert-below" key="table-explorer-insert-below"
@click="addField(field)"
data-testid="nc-field-item-action-insert-below" data-testid="nc-field-item-action-insert-below"
@click="addField(field)"
> >
<Icon class="iconify text-gray-800" icon="lucide:arrow-down" /><span>{{ <Icon class="iconify text-gray-800" icon="lucide:arrow-down" /><span>{{
$t('general.insertBelow') $t('general.insertBelow')
@ -1081,8 +1081,8 @@ watch(
<NcMenuItem <NcMenuItem
key="table-explorer-delete" key="table-explorer-delete"
class="!hover:bg-red-50" class="!hover:bg-red-50"
@click="onFieldDelete(field)"
data-testid="nc-field-item-action-delete" data-testid="nc-field-item-action-delete"
@click="onFieldDelete(field)"
> >
<div class="text-red-500"> <div class="text-red-500">
<GeneralIcon icon="delete" class="group-hover:text-accent -ml-0.25 -mt-0.75 mr-0.5" /> <GeneralIcon icon="delete" class="group-hover:text-accent -ml-0.25 -mt-0.75 mr-0.5" />
@ -1111,8 +1111,8 @@ watch(
<div <div
class="flex px-2 bg-white hover:bg-gray-100 border-b-1 border-gray-200 first:rounded-tl-lg last:border-b-1 pl-5 group" class="flex px-2 bg-white hover:bg-gray-100 border-b-1 border-gray-200 first:rounded-tl-lg last:border-b-1 pl-5 group"
:class="` ${compareCols(displayColumn, activeField) ? 'selected' : ''}`" :class="` ${compareCols(displayColumn, activeField) ? 'selected' : ''}`"
@click="changeField(displayColumn, $event)"
:data-testid="`nc-field-item-${fieldState(displayColumn)?.title || displayColumn.title}`" :data-testid="`nc-field-item-${fieldState(displayColumn)?.title || displayColumn.title}`"
@click="changeField(displayColumn, $event)"
> >
<div class="flex items-center flex-1 py-2.5 gap-1 w-2/6"> <div class="flex items-center flex-1 py-2.5 gap-1 w-2/6">
<component <component
@ -1171,8 +1171,8 @@ watch(
size="small" size="small"
class="no-action mr-2" class="no-action mr-2"
:disabled="loading" :disabled="loading"
@click="recoverField(displayColumn)"
data-testid="nc-field-restore-changes" data-testid="nc-field-restore-changes"
@click="recoverField(displayColumn)"
> >
<div class="flex items-center text-xs gap-1"> <div class="flex items-center text-xs gap-1">
<GeneralIcon icon="reload" /> <GeneralIcon icon="reload" />
@ -1212,8 +1212,8 @@ watch(
<div <div
class="flex flex-row px-3 py-2 w-46 justify-between items-center group hover:bg-gray-100 cursor-pointer" class="flex flex-row px-3 py-2 w-46 justify-between items-center group hover:bg-gray-100 cursor-pointer"
@click="onClickCopyFieldUrl(displayColumn)"
data-testid="nc-field-item-action-copy-id" data-testid="nc-field-item-action-copy-id"
@click="onClickCopyFieldUrl(displayColumn)"
> >
<div class="flex flex-row items-baseline gap-x-1 font-bold text-xs"> <div class="flex flex-row items-baseline gap-x-1 font-bold text-xs">
<div class="text-gray-600">{{ $t('labels.idColon') }}</div> <div class="text-gray-600">{{ $t('labels.idColon') }}</div>

2
packages/nc-gui/composables/useApi/interceptors.ts

@ -98,7 +98,7 @@ export function addAxiosInterceptors(api: Api<any>) {
// Try request again with new token // Try request again with new token
return api.instance return api.instance
.post('/auth/token/refresh', null, { .post('/auth/token/refresh', null, {
withCredentials: true withCredentials: true,
}) })
.then((token) => { .then((token) => {
// New request with new token // New request with new token

2
packages/nocodb/src/helpers/PagedResponse.ts

@ -1,6 +1,6 @@
import { extractLimitAndOffset } from '.'; import { extractLimitAndOffset } from '.';
import type { PaginatedType } from 'nocodb-sdk'; import type { PaginatedType } from 'nocodb-sdk';
import {NcError} from "~/helpers/catchError"; import { NcError } from '~/helpers/catchError';
export class PagedResponseImpl<T> { export class PagedResponseImpl<T> {
constructor( constructor(

8
packages/nocodb/src/middlewares/extract-ids/extract-ids.middleware.ts

@ -216,15 +216,17 @@ export class AclMiddleware implements NestInterceptor {
const req = context.switchToHttp().getRequest(); const req = context.switchToHttp().getRequest();
if (!req.user?.isAuthorized) {
NcError.unauthorized('Invalid token');
}
const userScopeRole = const userScopeRole =
req.user.roles?.[OrgUserRoles.SUPER_ADMIN] === true req.user.roles?.[OrgUserRoles.SUPER_ADMIN] === true
? OrgUserRoles.SUPER_ADMIN ? OrgUserRoles.SUPER_ADMIN
: getUserRoleForScope(req.user, scope); : getUserRoleForScope(req.user, scope);
if (!userScopeRole) if (!userScopeRole)
if (!req.user?.isAuthorized) {
NcError.unauthorized('Invalid token');
}
NcError.forbidden("You don't have permission to access this resource"); NcError.forbidden("You don't have permission to access this resource");
} }

Loading…
Cancel
Save