watson/umami
1
0
Fork 0
mirror of https://github.com/umami-software/umami.git synced 2026-02-10 15:47:13 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions 4

fix reports permissions, long team overflow, language settings

Browse source
This commit is contained in:
Francis Cao 2025-10-22 16:09:31 -07:00
parent f5bf148b2b
commit d87ae84a29
4 changed files with 20 additions and 13 deletions
Download patch file Download diff file Expand all files Collapse all files

10
src/app/api/reports/[reportId]/route.ts
View file

@ -1,8 +1,8 @@
import { parseRequest } from '@/lib/request';
import { deleteReport, getReport, updateReport } from '@/queries/prisma';
import { canDeleteReport, canUpdateReport, canViewReport } from '@/permissions';
import { unauthorized, json, notFound, ok } from '@/lib/response';
import { json, notFound, ok, unauthorized } from '@/lib/response';
import { reportSchema } from '@/lib/schema';
import { canDeleteWebsite, canUpdateWebsite, canViewReport } from '@/permissions';
import { deleteReport, getReport, updateReport } from '@/queries/prisma';
export async function GET(request: Request, { params }: { params: Promise<{ reportId: string }> }) {
const { auth, error } = await parseRequest(request);
@ -41,7 +41,7 @@ export async function POST(
return notFound();
}
if (!(await canUpdateReport(auth, report))) {
if (!(await canUpdateWebsite(auth, websiteId))) {
return unauthorized();
}
@ -70,7 +70,7 @@ export async function DELETE(
const { reportId } = await params;
const report = await getReport(reportId);
if (!(await canDeleteReport(auth, report))) {
if (!(await canDeleteWebsite(auth, report.websiteId))) {
return unauthorized();
}