mirror of
https://github.com/umami-software/umami.git
synced 2026-02-13 17:15:37 +01:00
Fix share URL permissions. (#1745)
* Fix share URL permissions. * Add sql param logic. * Add permissions to edit website. * Update permissions. * Move parameters to param injection. * Sanitize eventdata. * Remove caret. * Fix avg.
This commit is contained in:
Brian Cao
GitHub
parent
558ce268a0
commit
922c3acab3
16 changed files with 139 additions and 79 deletions
|
|
@ -7,6 +7,7 @@ export default async (req, res) => {
|
|||
await useAuth(req, res);
|
||||
|
||||
const { user_id, include_all } = req.query;
|
||||
|
||||
const { userId: currentUserId, isAdmin } = req.auth;
|
||||
const accountUuid = user_id || req.auth.accountUuid;
|
||||
let account;
|
||||
|
|
@ -18,7 +19,7 @@ export default async (req, res) => {
|
|||
const userId = account ? account.id : user_id;
|
||||
|
||||
if (req.method === 'GET') {
|
||||
if (userId && userId !== currentUserId && !isAdmin) {
|
||||
if (!userId || (userId !== currentUserId && !isAdmin)) {
|
||||
return unauthorized(res);
|
||||
}
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue