MirrorSave
/
budibase
mirror of https://github.com/Budibase/budibase.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

fix users list on app overview

This commit is contained in:
Martin McKeaveney 2022-06-01 15:20:56 +01:00
parent 273f15421d
commit 35b007d13c
2 changed files with 12 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
packages/worker/src/api/routes/global/users.js
View File

@ -6,6 +6,7 @@ const Joi = require("joi")
const cloudRestricted = require("../../../middleware/cloudRestricted") const cloudRestricted = require("../../../middleware/cloudRestricted")
const { buildUserSaveValidation } = require("../../utilities/validation") const { buildUserSaveValidation } = require("../../utilities/validation")
const selfController = require("../../controllers/global/self") const selfController = require("../../controllers/global/self")
const builderOrAdmin = require("../../../middleware/builderOrAdmin")
const router = Router() const router = Router()
@ -44,7 +45,7 @@ router
buildUserSaveValidation(), buildUserSaveValidation(),
controller.save controller.save
) )
.get("/api/global/users", adminOnly, controller.fetch) .get("/api/global/users", builderOrAdmin, controller.fetch)
.delete("/api/global/users/:id", adminOnly, controller.destroy) .delete("/api/global/users/:id", adminOnly, controller.destroy)
.get("/api/global/roles/:appId") .get("/api/global/roles/:appId")
.post( .post(

10
packages/worker/src/middleware/builderOrAdmin.js Normal file
View File

@ -0,0 +1,10 @@
module.exports = async (ctx, next) => {
if (
!ctx.internal &&
(!ctx.user || !ctx.user.builder || !ctx.user.builder.global) &&
(!ctx.user || !ctx.user.admin || !ctx.user.admin.global)
) {
ctx.throw(403, "Builder user only endpoint.")
}
return next()
}