vanja/feishin
1
0
Fork 0
mirror of https://github.com/jeffvli/feishin.git synced 2026-05-08 21:10:12 +02:00
Code Issues Packages Projects Releases Wiki Activity

Fix album permissions by role

Browse Source
This commit is contained in:
jeffvli
2022-11-13 04:56:36 -08:00
parent 4e2325f05d
commit 1a6c4af5df
4 changed files with 28 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files
server/controllers/albums.controller.ts
+5 -2
View File
@@ -8,9 +8,12 @@ const getDetail = async (
req: TypedRequest<typeof validation.albums.detail>,
res: Response
) => {
const { albumId } = req.params;
const { albumId, serverId } = req.params;
const album = await service.albums.findById(req.authUser, { id: albumId });
const album = await service.albums.findById(req.authUser, {
id: albumId,
serverId,
});
const success = ApiSuccess.ok({
data: toApiModel.albums({ items: [album], user: req.authUser })[0],
server/helpers/shared.helpers.ts
+10 -2
View File
@@ -20,14 +20,22 @@ const checkServerPermissions = (
const checkServerFolderPermissions = (
user: AuthUser,
options: { serverFolderId?: string[] | string }
options: { serverFolderId?: string[] | string; serverId: string }
) => {
const { serverFolderId } = options;
const { serverFolderId, serverId } = options;
if (user.isAdmin || !serverFolderId) {
return;
}
const isServerAdmin =
user.serverPermissions.find((s) => s.serverId === serverId)?.type ===
ServerPermissionType.ADMIN;
if (isServerAdmin) {
return;
}
let ids: string[] = [];
if (typeof serverFolderId === 'string') {
ids = [serverFolderId];
server/routes/index.ts
+4 -10
View File
@@ -1,4 +1,3 @@
import { ServerPermissionType } from '@prisma/client';
import { Router } from 'express';
import { helpers } from '../helpers';
import { authenticate } from '../middleware';
@@ -33,15 +32,10 @@ routes.param('serverId', (req, _res, next, serverId) => {
helpers.shared.checkServerPermissions(req.authUser, { serverId });
const isNotServerAdmin =
req.authUser.serverPermissions.find((s) => s.serverId === serverId)
?.type !== ServerPermissionType.ADMIN;
if (isNotServerAdmin) {
helpers.shared.checkServerFolderPermissions(req.authUser, {
serverFolderId,
});
}
helpers.shared.checkServerFolderPermissions(req.authUser, {
serverFolderId,
serverId,
});
if (typeof req.query.serverFolderId === 'string') {
req.query.serverFolderId = [req.query.serverFolderId];
server/services/albums.service.ts
+9 -3
View File
@@ -6,8 +6,11 @@ import { AdvancedFilterGroup, AlbumSort } from '@helpers/albums.helpers';
import { helpers } from '@helpers/index';
import { prisma } from '@lib/prisma';
const findById = async (user: AuthUser, options: { id: string }) => {
const { id } = options;
const findById = async (
user: AuthUser,
options: { id: string; serverId: string }
) => {
const { id, serverId } = options;
const album = await prisma.album.findUnique({
include: helpers.albums.include(user, { songs: true }),
@@ -19,7 +22,10 @@ const findById = async (user: AuthUser, options: { id: string }) => {
}
const serverFolderId = album.serverFolders.map((s) => s.id);
helpers.shared.checkServerFolderPermissions(user, { serverFolderId });
helpers.shared.checkServerFolderPermissions(user, {
serverFolderId,
serverId,
});
return album;
};