Update permissions.

2026-02-20 04:25:39 +01:00 · 2023-01-16 13:47:19 -08:00 · 2023-01-16 13:47:19 -08:00 · dd2d9dc3f5
commit dd2d9dc3f5
parent f1db3d0451
4 changed files with 5 additions and 6 deletions
--- a/lib/auth.js
+++ b/lib/auth.js
@ -35,7 +35,7 @@ export function isValidToken(token, validation) {
  return false;
 }

-export async function allowQuery(req, type) {
+export async function allowQuery(req, type, allowShareToken = true) {
  const { id } = req.query;

  const { userId, isAdmin, shareToken } = req.auth ?? {};
@ -44,7 +44,7 @@ export async function allowQuery(req, type) {
    return true;
  }

-  if (shareToken) {
+  if (allowShareToken && shareToken) {
    return isValidToken(shareToken, { id });
  }