Merge pull request #1217 from Budibase/bug/webhook-perm-fix

Webhook permissions fix
This commit is contained in:
Michael Drury 2021-02-27 12:59:43 +00:00 committed by GitHub
commit 34b35aaa3a
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 3 additions and 10 deletions

View File

@ -2,11 +2,7 @@ const Router = require("@koa/router")
const controller = require("../controllers/webhook") const controller = require("../controllers/webhook")
const authorized = require("../../middleware/authorized") const authorized = require("../../middleware/authorized")
const joiValidator = require("../../middleware/joi-validator") const joiValidator = require("../../middleware/joi-validator")
const { const { BUILDER } = require("../../utilities/security/permissions")
BUILDER,
PermissionTypes,
PermissionLevels,
} = require("../../utilities/security/permissions")
const Joi = require("joi") const Joi = require("joi")
const router = Router() const router = Router()
@ -40,10 +36,7 @@ router
authorized(BUILDER), authorized(BUILDER),
controller.buildSchema controller.buildSchema
) )
.post( // this shouldn't have authorisation, right now its always public
"/api/webhooks/trigger/:instance/:id", .post("/api/webhooks/trigger/:instance/:id", controller.trigger)
authorized(PermissionTypes.WEBHOOK, PermissionLevels.EXECUTE),
controller.trigger
)
module.exports = router module.exports = router