Fix access control on view searching and handle errors when fetching view definitions

2023-08-16 11:00:14 +01:00 · 2023-08-16 11:00:14 +01:00 · abc072cbbe
parent c115a87cd6
commit abc072cbbe
2 changed files with 5 additions and 0 deletions
--- a/packages/frontend-core/src/fetch/ViewV2Fetch.js
+++ b/packages/frontend-core/src/fetch/ViewV2Fetch.js
@ -25,6 +25,10 @@ export default class ViewV2Fetch extends DataFetch {
      const res = await this.API.viewV2.fetchDefinition(datasource.id)
      return res?.data
    } catch (error) {
+      this.store.update(state => ({
+        ...state,
+        error,
+      }))
      return null
    }
  }
--- a/packages/server/src/api/routes/row.ts
+++ b/packages/server/src/api/routes/row.ts
@ -269,6 +269,7 @@ router

 router.post(
  "/api/v2/views/:viewId/search",
+  paramResource("viewId"),
  authorized(PermissionType.TABLE, PermissionLevel.READ),
  rowController.views.searchView
 )