watson/umami
1
0
Fork 0
mirror of https://github.com/umami-software/umami.git synced 2026-02-20 04:25:39 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Auth checkpoint.

Browse source
This commit is contained in:
Brian Cao 2022-11-30 18:40:44 -08:00
parent 0bcfc6654d
commit 3085bdd713
6 changed files with 51 additions and 91 deletions
Download patch file Download diff file Expand all files Collapse all files

14
pages/api/teams/[id]/index.ts
View file

@ -21,12 +21,16 @@ export default async (
) => {
await useAuth(req, res);
const {
user: { id: userId },
} = req.auth;
const { id: teamId } = req.query;
if (req.method === 'GET') {
if (!(await allowQuery(req, UmamiApi.AuthType.Team))) {
if (!(await allowQuery(userId, UmamiApi.AuthType.Team, teamId))) {
return unauthorized(res);
}
const user = await getTeam({ id: teamId });
return ok(res, user);
@ -35,7 +39,9 @@ export default async (
if (req.method === 'POST') {
const { name } = req.body;
if (!(await allowQuery(req, UmamiApi.AuthType.TeamOwner))) {
if (
!(await allowQuery(userId, UmamiApi.AuthType.Team, teamId, UmamiApi.Permission.TeamUpdate))
) {
return unauthorized(res, 'You must be the owner of this team.');
}
@ -45,7 +51,9 @@ export default async (
}
if (req.method === 'DELETE') {
if (!(await allowQuery(req, UmamiApi.AuthType.TeamOwner))) {
if (
!(await allowQuery(userId, UmamiApi.AuthType.Team, teamId, UmamiApi.Permission.TeamDelete))
) {
return unauthorized(res, 'You must be the owner of this team.');
}