watson/umami
1
0
Fork 0
mirror of https://github.com/umami-software/umami.git synced 2026-02-08 22:57:12 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

Add admin check. (#1716)

Browse source 
* Add admin check.

* Fix teamId check.
This commit is contained in:
Brian Cao 2022-12-27 15:18:58 -08:00 committed by GitHub
parent c90bd941b5
commit 561cde6e7e
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
20 changed files with 133 additions and 98 deletions
Download patch file Download diff file Expand all files Collapse all files

9
pages/api/teams/[id]/index.ts
View file

@ -20,13 +20,10 @@ export default async (
) => {
await useAuth(req, res);
const {
user: { id: userId },
} = req.auth;
const { id: teamId } = req.query;
if (req.method === 'GET') {
if (!(await canViewTeam(userId, teamId))) {
if (!(await canViewTeam(req.auth, teamId))) {
return unauthorized(res);
}
@ -38,7 +35,7 @@ export default async (
if (req.method === 'POST') {
const { name } = req.body;
if (!(await canUpdateTeam(userId, teamId))) {
if (!(await canUpdateTeam(req.auth, teamId))) {
return unauthorized(res, 'You must be the owner of this team.');
}
@ -48,7 +45,7 @@ export default async (
}
if (req.method === 'DELETE') {
if (!(await canDeleteTeam(userId, teamId))) {
if (!(await canDeleteTeam(req.auth, teamId))) {
return unauthorized(res, 'You must be the owner of this team.');
}

9
pages/api/teams/[id]/users.ts
View file

@ -21,13 +21,10 @@ export default async (
) => {
await useAuth(req, res);
const {
user: { id: userId },
} = req.auth;
const { id: teamId } = req.query;
if (req.method === 'GET') {
if (!(await canViewTeam(userId, teamId))) {
if (!(await canViewTeam(req.auth, teamId))) {
return unauthorized(res);
}
@ -37,7 +34,7 @@ export default async (
}
if (req.method === 'POST') {
if (!(await canUpdateTeam(userId, teamId))) {
if (!(await canUpdateTeam(req.auth, teamId))) {
return unauthorized(res, 'You must be the owner of this team.');
}
@ -56,7 +53,7 @@ export default async (
}
if (req.method === 'DELETE') {
if (await canUpdateTeam(userId, teamId)) {
if (await canUpdateTeam(req.auth, teamId)) {
return unauthorized(res, 'You must be the owner of this team.');
}
const { teamUserId } = req.body;

5
pages/api/teams/[id]/websites.ts
View file

@ -20,13 +20,10 @@ export default async (
) => {
await useAuth(req, res);
const {
user: { id: userId },
} = req.auth;
const { id: teamId } = req.query;
if (req.method === 'GET') {
if (await canViewTeam(userId, teamId)) {
if (await canViewTeam(req.auth, teamId)) {
return unauthorized(res);
}

2
pages/api/teams/index.ts
View file

@ -28,7 +28,7 @@ export default async (
}
if (req.method === 'POST') {
if (!(await canCreateTeam(userId))) {
if (!(await canCreateTeam(req.auth))) {
return unauthorized(res);
}