watson/umami
1
0
Fork 0
mirror of https://github.com/umami-software/umami.git synced 2026-02-08 22:57:12 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

Fix share URL permissions. (#1745)

Browse source 
* Fix share URL permissions.

* Add sql param logic.

* Add permissions to edit website.

* Update permissions.

* Move parameters to param injection.

* Sanitize eventdata.

* Remove caret.

* Fix avg.
This commit is contained in:
Brian Cao 2023-01-18 15:09:49 -08:00 committed by GitHub
parent 558ce268a0
commit 922c3acab3
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
16 changed files with 139 additions and 79 deletions
Download patch file Download diff file Expand all files Collapse all files

4
lib/auth.js
View file

@ -35,7 +35,7 @@ export function isValidToken(token, validation) {
return false;
}
export async function allowQuery(req, type) {
export async function allowQuery(req, type, allowShareToken = true) {
const { id } = req.query;
const { userId, isAdmin, shareToken } = req.auth ?? {};
@ -44,7 +44,7 @@ export async function allowQuery(req, type) {
return true;
}
if (shareToken) {
if (allowShareToken && shareToken) {
return isValidToken(shareToken, { id });
}