This commit is contained in:
Adria Navarro 2023-07-31 10:50:33 +02:00
parent 4c11a6593c
commit 97f7629345
2 changed files with 4 additions and 7 deletions

View File

@ -4,7 +4,7 @@ import authorized from "../../middleware/authorized"
import { paramResource, paramSubResource } from "../../middleware/resourceId"
import { permissions } from "@budibase/backend-core"
import { internalSearchValidator } from "./utils/validators"
import guardViewRowInfo from "../../middleware/guardViewRowInfo"
import noViewData from "../../middleware/noViewData"
const { PermissionType, PermissionLevel } = permissions
const router: Router = new Router()
@ -175,7 +175,7 @@ router
"/api/:tableId/rows",
paramResource("tableId"),
authorized(PermissionType.TABLE, PermissionLevel.WRITE),
guardViewRowInfo(),
noViewData(),
rowController.save
)
/**
@ -190,7 +190,7 @@ router
"/api/:tableId/rows",
paramResource("tableId"),
authorized(PermissionType.TABLE, PermissionLevel.WRITE),
guardViewRowInfo(),
noViewData(),
rowController.patch
)
/**

View File

@ -1,12 +1,9 @@
import { Ctx, Row } from "@budibase/types"
const checkNoViewData = async (ctx: Ctx<Row>) => {
export default () => async (ctx: Ctx<Row>, next: any) => {
if (ctx.request.body._viewId) {
ctx.throw(400, "Table row endpoints cannot contain view info")
}
}
export default () => async (ctx: any, next: any) => {
await checkNoViewData(ctx)
return next()
}