MirrorSave
/
budibase
mirror of https://github.com/Budibase/budibase.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Use middleware for checks

This commit is contained in:
Adria Navarro 2023-07-31 10:38:31 +02:00
parent 5cfddabac7
commit 7a9a997d73
3 changed files with 22 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
packages/server/src/api/controllers/row/index.ts
View File

@ -35,10 +35,6 @@ export async function patch(
const tableId = utils.getTableId(ctx) const tableId = utils.getTableId(ctx)
const body = ctx.request.body const body = ctx.request.body
if (body._viewId) {
ctx.throw(400, "Table row endpoints cannot contain view info")
}
// if it doesn't have an _id then its save // if it doesn't have an _id then its save
if (body && !body._id) { if (body && !body._id) {
return save(ctx) return save(ctx)
@ -69,10 +65,6 @@ export const save = async (ctx: UserCtx<Row, Row>) => {
const tableId = utils.getTableId(ctx) const tableId = utils.getTableId(ctx)
const body = ctx.request.body const body = ctx.request.body
if (body._viewId) {
ctx.throw(400, "Table row endpoints cannot contain view info")
}
// if it has an ID already then its a patch // if it has an ID already then its a patch
if (body && body._id) { if (body && body._id) {
return patch(ctx as UserCtx<PatchRowRequest, PatchRowResponse>) return patch(ctx as UserCtx<PatchRowRequest, PatchRowResponse>)

10
packages/server/src/api/routes/row.ts
View File

@ -4,6 +4,7 @@ import authorized from "../../middleware/authorized"
import { paramResource, paramSubResource } from "../../middleware/resourceId" import { paramResource, paramSubResource } from "../../middleware/resourceId"
import { permissions } from "@budibase/backend-core" import { permissions } from "@budibase/backend-core"
import { internalSearchValidator } from "./utils/validators" import { internalSearchValidator } from "./utils/validators"
import guardViewRowInfo from "../../middleware/guardViewRowInfo"
const { PermissionType, PermissionLevel } = permissions const { PermissionType, PermissionLevel } = permissions
const router: Router = new Router() const router: Router = new Router()
@ -174,6 +175,7 @@ router
"/api/:tableId/rows", "/api/:tableId/rows",
paramResource("tableId"), paramResource("tableId"),
authorized(PermissionType.TABLE, PermissionLevel.WRITE), authorized(PermissionType.TABLE, PermissionLevel.WRITE),
guardViewRowInfo(),
rowController.save rowController.save
) )
/** /**
@ -188,6 +190,7 @@ router
"/api/:tableId/rows", "/api/:tableId/rows",
paramResource("tableId"), paramResource("tableId"),
authorized(PermissionType.TABLE, PermissionLevel.WRITE), authorized(PermissionType.TABLE, PermissionLevel.WRITE),
guardViewRowInfo(),
rowController.patch rowController.patch
) )
/** /**
@ -294,4 +297,11 @@ router
* @apiSuccess {string} [_rev] If saving to an internal table a revision will also be returned. * @apiSuccess {string} [_rev] If saving to an internal table a revision will also be returned.
* @apiSuccess {object} body The contents of the row that was saved will be returned as well. * @apiSuccess {object} body The contents of the row that was saved will be returned as well.
*/ */
.post(
"/api/v2/views/:viewId/rows",
paramResource("viewId"),
authorized(PermissionType.VIEW, PermissionLevel.WRITE),
rowController.views.save
)
export default router export default router

12
packages/server/src/middleware/guardViewRowInfo.ts Normal file
View File

@ -0,0 +1,12 @@
import { Ctx, Row } from "@budibase/types"
const checkNoViewData = async (ctx: Ctx<Row>) => {
if (ctx.request.body._viewId) {
ctx.throw(400, "Table row endpoints cannot contain view info")
}
}
export default () => async (ctx: any, next: any) => {
await checkNoViewData(ctx)
return next()
}