diff --git a/packages/server/src/api/routes/rowAction.ts b/packages/server/src/api/routes/rowAction.ts index 709a1c7c1c..3fa7709e96 100644 --- a/packages/server/src/api/routes/rowAction.ts +++ b/packages/server/src/api/routes/rowAction.ts @@ -11,7 +11,7 @@ import { const { PermissionLevel, PermissionType } = permissions -export function rowActionValidator() { +function rowActionValidator() { return middleware.joiValidator.body( Joi.object({ name: Joi.string().required(), @@ -20,6 +20,15 @@ export function rowActionValidator() { ) } +function rowTriggerValidator() { + return middleware.joiValidator.body( + Joi.object({ + rowId: Joi.string().required(), + }), + { allowUnknown: false } + ) +} + const router: Router = new Router() // CRUD endpoints @@ -51,6 +60,7 @@ router .post( "/api/tables/:tableId/actions/:actionId/trigger", appInfoMiddleware({ appType: AppType.PROD }), + rowTriggerValidator(), authorizedResource(PermissionType.TABLE, PermissionLevel.READ, "tableId"), rowActionController.run )