From aca310e72124f55a2cf623215b2f861b1bff5022 Mon Sep 17 00:00:00 2001
From: Adria Navarro <adria@budibase.com>
Date: Tue, 3 Sep 2024 17:21:13 +0200
Subject: [PATCH] Tidy code

---
 .../middleware/triggerRowActionAuthorised.ts  | 20 +++++++++++++------
 1 file changed, 14 insertions(+), 6 deletions(-)

diff --git a/packages/server/src/middleware/triggerRowActionAuthorised.ts b/packages/server/src/middleware/triggerRowActionAuthorised.ts
index be5c6a97e1..6a3d1e3a5d 100644
--- a/packages/server/src/middleware/triggerRowActionAuthorised.ts
+++ b/packages/server/src/middleware/triggerRowActionAuthorised.ts
@@ -1,5 +1,5 @@
 import { Next } from "koa"
-import { Ctx } from "@budibase/types"
+import { UserCtx } from "@budibase/types"
 import { paramSubResource } from "./resourceId"
 import { docIds } from "@budibase/backend-core"
 import * as utils from "../db/utils"
@@ -9,9 +9,11 @@ export function triggerRowActionAuthorised(
   sourcePath: string,
   actionPath: string
 ) {
-  return async (ctx: Ctx, next: Next) => {
+  function extractResourceIds(ctx: UserCtx) {
+    ctx = { ...ctx }
     // Reusing the existing middleware to extract the value
     paramSubResource(sourcePath, actionPath)(ctx, () => {})
+
     const { resourceId: sourceId, subResourceId: rowActionId } = ctx
 
     const isTableId = docIds.isTableId(sourceId)
@@ -23,18 +25,24 @@ export function triggerRowActionAuthorised(
     const tableId = isTableId
       ? sourceId
       : utils.extractViewInfoFromID(sourceId).tableId
+    const viewId = isTableId ? undefined : sourceId
+    return { tableId, viewId, rowActionId }
+  }
+
+  return async (ctx: UserCtx, next: Next) => {
+    const { tableId, viewId, rowActionId } = extractResourceIds(ctx)
 
     const rowAction = await sdk.rowActions.get(tableId, rowActionId)
 
-    if (isTableId && !rowAction.permissions.table.runAllowed) {
+    if (!viewId && !rowAction.permissions.table.runAllowed) {
       ctx.throw(
         403,
-        `Row action '${rowActionId}' is not enabled for table '${sourceId}'`
+        `Row action '${rowActionId}' is not enabled for table '${tableId}'`
       )
-    } else if (isViewId && !rowAction.permissions.views[sourceId]?.runAllowed) {
+    } else if (viewId && !rowAction.permissions.views[viewId]?.runAllowed) {
       ctx.throw(
         403,
-        `Row action '${rowActionId}' is not enabled for view '${sourceId}'`
+        `Row action '${rowActionId}' is not enabled for view '${viewId}'`
       )
     }