watson/umami
1
0
Fork 0
mirror of https://github.com/umami-software/umami.git synced 2026-02-21 04:55:36 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

implemented the user view type and website sharing

Browse source
This commit is contained in:
hsensh 2023-03-28 10:49:20 +03:00
parent 7a3443cd06
commit 66e67c7a3b
19 changed files with 260 additions and 68 deletions
Download patch file Download diff file Expand all files Collapse all files

6
pages/api/websites/[id]/index.js
View file

@ -9,6 +9,7 @@ export default async (req, res) => {
await useAuth(req, res);
const { id: websiteUuid } = req.query;
const { accountUuid, isViewer } = req.auth;
if (req.method === 'GET') {
if (!(await allowQuery(req, TYPE_WEBSITE))) {
@ -21,12 +22,11 @@ export default async (req, res) => {
}
if (req.method === 'POST') {
if (!(await allowQuery(req, TYPE_WEBSITE, false))) {
if (!(await allowQuery(req, TYPE_WEBSITE, false)) || isViewer) {
return unauthorized(res);
}
const { name, domain, owner, enableShareUrl, shareId } = req.body;
const { accountUuid } = req.auth;
let account;
@ -62,7 +62,7 @@ export default async (req, res) => {
}
if (req.method === 'DELETE') {
if (!(await allowQuery(req, TYPE_WEBSITE, false))) {
if (!(await allowQuery(req, TYPE_WEBSITE, false)) || isViewer) {
return unauthorized(res);
}

3
pages/api/websites/[id]/reset.js
View file

@ -9,9 +9,10 @@ export default async (req, res) => {
await useAuth(req, res);
const { id: websiteId } = req.query;
const { isViewer } = req.auth;
if (req.method === 'POST') {
if (!(await allowQuery(req, TYPE_WEBSITE, false))) {
if (!(await allowQuery(req, TYPE_WEBSITE, false)) || isViewer) {
return unauthorized(res);
}

9
pages/api/websites/index.js
View file

@ -8,7 +8,8 @@ export default async (req, res) => {
const { user_id, include_all } = req.query;
const { userId: currentUserId, isAdmin } = req.auth;
const { userId: currentUserId, isAdmin, isViewer } = req.auth;
const accountUuid = user_id || req.auth.accountUuid;
let account;
@ -26,7 +27,9 @@ export default async (req, res) => {
const websites =
isAdmin && include_all
? await getAllWebsites()
: await getUserWebsites({ userId: account?.id });
: await getUserWebsites({
OR: [{ userId: account?.id }, { viewers: { some: { userId: account?.id } } }],
});
return ok(res, websites);
}
@ -36,7 +39,7 @@ export default async (req, res) => {
const website_owner = account ? account.id : +owner;
if (website_owner !== currentUserId && !isAdmin) {
if ((website_owner !== currentUserId && !isAdmin) || isViewer) {
return unauthorized(res);
}