|
|
|
@ -17,32 +17,28 @@ import { NC_ATTACHMENT_FIELD_SIZE } from '../../constants';
|
|
|
|
|
|
|
|
|
|
const isUploadAllowed = async (req: Request, _res: Response, next: any) => { |
|
|
|
|
if (!req['user']?.id) { |
|
|
|
|
if ( |
|
|
|
|
req['user']?.isPublicBase && |
|
|
|
|
req['user'].roles?.includes(ProjectRoles.EDITOR) |
|
|
|
|
) |
|
|
|
|
return next() |
|
|
|
|
|
|
|
|
|
NcError.unauthorized('Unauthorized'); |
|
|
|
|
if (!req['user']?.isPublicBase) { |
|
|
|
|
NcError.unauthorized('Unauthorized'); |
|
|
|
|
} |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
try { |
|
|
|
|
// check user is super admin or creator
|
|
|
|
|
if ( |
|
|
|
|
req['user'].id && |
|
|
|
|
(req['user'].roles?.includes(OrgUserRoles.SUPER_ADMIN) || |
|
|
|
|
req['user'].roles?.includes(OrgUserRoles.CREATOR) || |
|
|
|
|
// if viewer then check at-least one project have editor or higher role
|
|
|
|
|
// todo: cache
|
|
|
|
|
!!(await Noco.ncMeta |
|
|
|
|
.knex(MetaTable.PROJECT_USERS) |
|
|
|
|
.where(function () { |
|
|
|
|
this.where('roles', ProjectRoles.OWNER); |
|
|
|
|
this.orWhere('roles', ProjectRoles.CREATOR); |
|
|
|
|
this.orWhere('roles', ProjectRoles.EDITOR); |
|
|
|
|
}) |
|
|
|
|
.andWhere('fk_user_id', req['user'].id) |
|
|
|
|
.first())) |
|
|
|
|
req['user'].roles?.includes(OrgUserRoles.SUPER_ADMIN) || |
|
|
|
|
req['user'].roles?.includes(OrgUserRoles.CREATOR) || |
|
|
|
|
req['user'].roles?.includes(ProjectRoles.EDITOR) || |
|
|
|
|
// if viewer then check at-least one project have editor or higher role
|
|
|
|
|
// todo: cache
|
|
|
|
|
!!(await Noco.ncMeta |
|
|
|
|
.knex(MetaTable.PROJECT_USERS) |
|
|
|
|
.where(function () { |
|
|
|
|
this.where('roles', ProjectRoles.OWNER); |
|
|
|
|
this.orWhere('roles', ProjectRoles.CREATOR); |
|
|
|
|
this.orWhere('roles', ProjectRoles.EDITOR); |
|
|
|
|
}) |
|
|
|
|
.andWhere('fk_user_id', req['user'].id) |
|
|
|
|
.first()) |
|
|
|
|
) |
|
|
|
|
return next(); |
|
|
|
|
} catch {} |
|
|
|
|