Merge pull request #9908 from Budibase/fix/invite-codes-leak
fix tenant filtering issue
This commit is contained in:
commit
6abf6838a5
|
@ -194,8 +194,7 @@ export const buildUserEndpoints = API => ({
|
|||
},
|
||||
|
||||
/**
|
||||
* Retrieves the invitation associated with a provided code.
|
||||
* @param code The unique code for the target invite
|
||||
* Retrieves all user invitations for the current tenant.
|
||||
*/
|
||||
getUserInvites: async () => {
|
||||
return await API.get({
|
||||
|
|
|
@ -341,7 +341,7 @@ export const getUserInvites = async (ctx: any) => {
|
|||
let invites
|
||||
try {
|
||||
// Restricted to the currently authenticated tenant
|
||||
invites = await getInviteCodes([ctx.user.tenantId])
|
||||
invites = await getInviteCodes()
|
||||
} catch (e) {
|
||||
ctx.throw(400, "There was a problem fetching invites")
|
||||
}
|
||||
|
|
|
@ -1,4 +1,5 @@
|
|||
import { redis, utils } from "@budibase/backend-core"
|
||||
import { redis, utils, tenancy } from "@budibase/backend-core"
|
||||
import env from "../environment"
|
||||
|
||||
function getExpirySecondsForDB(db: string) {
|
||||
switch (db) {
|
||||
|
@ -129,10 +130,9 @@ export async function checkInviteCode(
|
|||
}
|
||||
|
||||
/**
|
||||
Get all currently available user invitations.
|
||||
@return {Object[]} A list of all objects containing invite metadata
|
||||
Get all currently available user invitations for the current tenant.
|
||||
**/
|
||||
export async function getInviteCodes(tenantIds?: string[]) {
|
||||
export async function getInviteCodes() {
|
||||
const client = await getClient(redis.utils.Databases.INVITATIONS)
|
||||
const invites: any[] = await client.scan()
|
||||
|
||||
|
@ -142,12 +142,9 @@ export async function getInviteCodes(tenantIds?: string[]) {
|
|||
code: invite.key,
|
||||
}
|
||||
})
|
||||
return results.reduce((acc, invite) => {
|
||||
if (tenantIds?.length && tenantIds.includes(invite.info.tenantId)) {
|
||||
acc.push(invite)
|
||||
} else {
|
||||
acc.push(invite)
|
||||
}
|
||||
return acc
|
||||
}, [])
|
||||
if (!env.MULTI_TENANCY) {
|
||||
return results
|
||||
}
|
||||
const tenantId = tenancy.getTenantId()
|
||||
return results.filter(invite => tenantId === invite.info.tenantId)
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue