Compare commits

...

3 Commits

Author SHA1 Message Date
2d1e117b66 Merge pull request 'protect shared items collection' (#6) from dev into main
All checks were successful
continuous-integration/drone/push Build is passing
Reviewed-on: #6
2023-02-17 22:23:16 +01:00
Artem Anufrij
27bd25b357 exclude pr from docker build
All checks were successful
continuous-integration/drone/push Build is passing
continuous-integration/drone/pr Build is passing
2023-02-17 22:21:45 +01:00
Artem Anufrij
6c43cf5f62 protect shared items collection fix #4
All checks were successful
continuous-integration/drone/push Build is passing
2023-02-17 22:20:09 +01:00
3 changed files with 14 additions and 7 deletions

View File

@ -20,4 +20,7 @@ steps:
from_secret: password from_secret: password
when: when:
branch: branch:
- main - main
event:
exclude:
- pull_request

View File

@ -8,9 +8,13 @@ var passport = server.passport;
router.route("/") router.route("/")
.get(passport.authenticate("jwt", { session: false }), (req, res) => { .get(passport.authenticate("jwt", { session: false }), (req, res) => {
database.share.collection(result => { if (req.user.roles.includes("admin")) {
res.json(result).status(200).end(); database.share.collection(result => {
}) res.json(result).status(200).end();
})
} else {
res.status(403).end();
}
}); });
router.route("/:id") router.route("/:id")
.get((req, res) => { .get((req, res) => {

View File

@ -19,7 +19,7 @@ router
}) })
}) })
.post(passport.authenticate("jwt", { session: false }), (req, res) => { .post(passport.authenticate("jwt", { session: false }), (req, res) => {
if (req.user.roles.indexOf("admin") > -1) { if (req.user.roles.includes("admin")) {
database.system.setAllows(req.body, () => { database.system.setAllows(req.body, () => {
res.status(200).end(); res.status(200).end();
}) })
@ -31,7 +31,7 @@ router
router router
.route("/domains") .route("/domains")
.get(passport.authenticate("jwt", { session: false }), (req, res) => { .get(passport.authenticate("jwt", { session: false }), (req, res) => {
if (req.user.roles.indexOf("admin") > -1) { if (req.user.roles.includes("admin")) {
let domains = { let domains = {
const: config.allowed_domains, const: config.allowed_domains,
dynamic: [] dynamic: []
@ -47,7 +47,7 @@ router
} }
}) })
.post(passport.authenticate("jwt", { session: false }), (req, res) => { .post(passport.authenticate("jwt", { session: false }), (req, res) => {
if (req.user.roles.indexOf("admin") > -1) { if (req.user.roles.includes("admin")) {
database.system.setDomains(req.body, () => { database.system.setDomains(req.body, () => {
res.status(200).end(); res.status(200).end();
}); });