Merge pull request #1217 from Budibase/bug/webhook-perm-fix
Webhook permissions fix
This commit is contained in:
commit
34b35aaa3a
|
@ -2,11 +2,7 @@ const Router = require("@koa/router")
|
||||||
const controller = require("../controllers/webhook")
|
const controller = require("../controllers/webhook")
|
||||||
const authorized = require("../../middleware/authorized")
|
const authorized = require("../../middleware/authorized")
|
||||||
const joiValidator = require("../../middleware/joi-validator")
|
const joiValidator = require("../../middleware/joi-validator")
|
||||||
const {
|
const { BUILDER } = require("../../utilities/security/permissions")
|
||||||
BUILDER,
|
|
||||||
PermissionTypes,
|
|
||||||
PermissionLevels,
|
|
||||||
} = require("../../utilities/security/permissions")
|
|
||||||
const Joi = require("joi")
|
const Joi = require("joi")
|
||||||
|
|
||||||
const router = Router()
|
const router = Router()
|
||||||
|
@ -40,10 +36,7 @@ router
|
||||||
authorized(BUILDER),
|
authorized(BUILDER),
|
||||||
controller.buildSchema
|
controller.buildSchema
|
||||||
)
|
)
|
||||||
.post(
|
// this shouldn't have authorisation, right now its always public
|
||||||
"/api/webhooks/trigger/:instance/:id",
|
.post("/api/webhooks/trigger/:instance/:id", controller.trigger)
|
||||||
authorized(PermissionTypes.WEBHOOK, PermissionLevels.EXECUTE),
|
|
||||||
controller.trigger
|
|
||||||
)
|
|
||||||
|
|
||||||
module.exports = router
|
module.exports = router
|
||||||
|
|
Loading…
Reference in New Issue