fix(nocodb): attachment isUploadAllowed logic

packages/nocodb/src/lib/meta/api/attachmentApis.ts

@@ -17,32 +17,28 @@ import { NC_ATTACHMENT_FIELD_SIZE } from '../../constants';
 
 const isUploadAllowed = async (req: Request, _res: Response, next: any) => {
   if (!req['user']?.id) {
-    if (
-      req['user']?.isPublicBase &&
-      req['user'].roles?.includes(ProjectRoles.EDITOR)
-    )
-      return next()
-
-    NcError.unauthorized('Unauthorized');
+    if (!req['user']?.isPublicBase) {
+      NcError.unauthorized('Unauthorized');
+    }
   }
 
   try {
     // check user is super admin or creator
     if (
-      req['user'].id &&
-      (req['user'].roles?.includes(OrgUserRoles.SUPER_ADMIN) ||
-        req['user'].roles?.includes(OrgUserRoles.CREATOR) ||
-        // if viewer then check at-least one project have editor or higher role
-        // todo: cache
-        !!(await Noco.ncMeta
-          .knex(MetaTable.PROJECT_USERS)
-          .where(function () {
-            this.where('roles', ProjectRoles.OWNER);
-            this.orWhere('roles', ProjectRoles.CREATOR);
-            this.orWhere('roles', ProjectRoles.EDITOR);
-          })
-          .andWhere('fk_user_id', req['user'].id)
-          .first()))
+      req['user'].roles?.includes(OrgUserRoles.SUPER_ADMIN) ||
+      req['user'].roles?.includes(OrgUserRoles.CREATOR) ||
+      req['user'].roles?.includes(ProjectRoles.EDITOR) ||
+      // if viewer then check at-least one project have editor or higher role
+      // todo: cache
+      !!(await Noco.ncMeta
+        .knex(MetaTable.PROJECT_USERS)
+        .where(function () {
+          this.where('roles', ProjectRoles.OWNER);
+          this.orWhere('roles', ProjectRoles.CREATOR);
+          this.orWhere('roles', ProjectRoles.EDITOR);
+        })
+        .andWhere('fk_user_id', req['user'].id)
+        .first())
     )
       return next();
   } catch {}