mirror of
https://github.com/umami-software/umami.git
synced 2026-02-04 04:37:11 +01:00
Block share token from all editing permissions.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
This commit is contained in:
Mike Cao
parent
e782c2e627
commit
fdafe13c35
6 changed files with 89 additions and 9 deletions
|
|
@ -5,7 +5,11 @@ import type { Auth } from '@/lib/types';
|
|||
import { getTeamUser } from '@/queries/prisma';
|
||||
|
||||
export async function canViewEntity({ user }: Auth, entityId: string) {
|
||||
if (user?.isAdmin) {
|
||||
if (!user) {
|
||||
return false;
|
||||
}
|
||||
|
||||
if (user.isAdmin) {
|
||||
return true;
|
||||
}
|
||||
|
||||
|
|
@ -25,6 +29,10 @@ export async function canViewEntity({ user }: Auth, entityId: string) {
|
|||
}
|
||||
|
||||
export async function canUpdateEntity({ user }: Auth, entityId: string) {
|
||||
if (!user) {
|
||||
return false;
|
||||
}
|
||||
|
||||
if (user.isAdmin) {
|
||||
return true;
|
||||
}
|
||||
|
|
@ -45,6 +53,10 @@ export async function canUpdateEntity({ user }: Auth, entityId: string) {
|
|||
}
|
||||
|
||||
export async function canDeleteEntity({ user }: Auth, entityId: string) {
|
||||
if (!user) {
|
||||
return false;
|
||||
}
|
||||
|
||||
if (user.isAdmin) {
|
||||
return true;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -4,7 +4,11 @@ import type { Auth } from '@/lib/types';
|
|||
import { getLink, getTeamUser } from '@/queries/prisma';
|
||||
|
||||
export async function canViewLink({ user }: Auth, linkId: string) {
|
||||
if (user?.isAdmin) {
|
||||
if (!user) {
|
||||
return false;
|
||||
}
|
||||
|
||||
if (user.isAdmin) {
|
||||
return true;
|
||||
}
|
||||
|
||||
|
|
@ -24,6 +28,10 @@ export async function canViewLink({ user }: Auth, linkId: string) {
|
|||
}
|
||||
|
||||
export async function canUpdateLink({ user }: Auth, linkId: string) {
|
||||
if (!user) {
|
||||
return false;
|
||||
}
|
||||
|
||||
if (user.isAdmin) {
|
||||
return true;
|
||||
}
|
||||
|
|
@ -44,6 +52,10 @@ export async function canUpdateLink({ user }: Auth, linkId: string) {
|
|||
}
|
||||
|
||||
export async function canDeleteLink({ user }: Auth, linkId: string) {
|
||||
if (!user) {
|
||||
return false;
|
||||
}
|
||||
|
||||
if (user.isAdmin) {
|
||||
return true;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -4,7 +4,11 @@ import type { Auth } from '@/lib/types';
|
|||
import { getPixel, getTeamUser } from '@/queries/prisma';
|
||||
|
||||
export async function canViewPixel({ user }: Auth, pixelId: string) {
|
||||
if (user?.isAdmin) {
|
||||
if (!user) {
|
||||
return false;
|
||||
}
|
||||
|
||||
if (user.isAdmin) {
|
||||
return true;
|
||||
}
|
||||
|
||||
|
|
@ -24,6 +28,10 @@ export async function canViewPixel({ user }: Auth, pixelId: string) {
|
|||
}
|
||||
|
||||
export async function canUpdatePixel({ user }: Auth, pixelId: string) {
|
||||
if (!user) {
|
||||
return false;
|
||||
}
|
||||
|
||||
if (user.isAdmin) {
|
||||
return true;
|
||||
}
|
||||
|
|
@ -44,6 +52,10 @@ export async function canUpdatePixel({ user }: Auth, pixelId: string) {
|
|||
}
|
||||
|
||||
export async function canDeletePixel({ user }: Auth, pixelId: string) {
|
||||
if (!user) {
|
||||
return false;
|
||||
}
|
||||
|
||||
if (user.isAdmin) {
|
||||
return true;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -4,6 +4,10 @@ import type { Auth } from '@/lib/types';
|
|||
import { getTeamUser } from '@/queries/prisma';
|
||||
|
||||
export async function canViewTeam({ user }: Auth, teamId: string) {
|
||||
if (!user) {
|
||||
return false;
|
||||
}
|
||||
|
||||
if (user.isAdmin) {
|
||||
return true;
|
||||
}
|
||||
|
|
@ -12,6 +16,10 @@ export async function canViewTeam({ user }: Auth, teamId: string) {
|
|||
}
|
||||
|
||||
export async function canCreateTeam({ user }: Auth) {
|
||||
if (!user) {
|
||||
return false;
|
||||
}
|
||||
|
||||
if (user.isAdmin) {
|
||||
return true;
|
||||
}
|
||||
|
|
@ -20,6 +28,10 @@ export async function canCreateTeam({ user }: Auth) {
|
|||
}
|
||||
|
||||
export async function canUpdateTeam({ user }: Auth, teamId: string) {
|
||||
if (!user) {
|
||||
return false;
|
||||
}
|
||||
|
||||
if (user.isAdmin) {
|
||||
return true;
|
||||
}
|
||||
|
|
@ -30,6 +42,10 @@ export async function canUpdateTeam({ user }: Auth, teamId: string) {
|
|||
}
|
||||
|
||||
export async function canDeleteTeam({ user }: Auth, teamId: string) {
|
||||
if (!user) {
|
||||
return false;
|
||||
}
|
||||
|
||||
if (user.isAdmin) {
|
||||
return true;
|
||||
}
|
||||
|
|
@ -40,6 +56,10 @@ export async function canDeleteTeam({ user }: Auth, teamId: string) {
|
|||
}
|
||||
|
||||
export async function canDeleteTeamUser({ user }: Auth, teamId: string, removeUserId: string) {
|
||||
if (!user) {
|
||||
return false;
|
||||
}
|
||||
|
||||
if (user.isAdmin) {
|
||||
return true;
|
||||
}
|
||||
|
|
@ -54,6 +74,10 @@ export async function canDeleteTeamUser({ user }: Auth, teamId: string, removeUs
|
|||
}
|
||||
|
||||
export async function canCreateTeamWebsite({ user }: Auth, teamId: string) {
|
||||
if (!user) {
|
||||
return false;
|
||||
}
|
||||
|
||||
if (user.isAdmin) {
|
||||
return true;
|
||||
}
|
||||
|
|
@ -64,5 +88,5 @@ export async function canCreateTeamWebsite({ user }: Auth, teamId: string) {
|
|||
}
|
||||
|
||||
export async function canViewAllTeams({ user }: Auth) {
|
||||
return user.isAdmin;
|
||||
return user?.isAdmin ?? false;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -1,10 +1,14 @@
|
|||
import type { Auth } from '@/lib/types';
|
||||
|
||||
export async function canCreateUser({ user }: Auth) {
|
||||
return user.isAdmin;
|
||||
return user?.isAdmin ?? false;
|
||||
}
|
||||
|
||||
export async function canViewUser({ user }: Auth, viewedUserId: string) {
|
||||
if (!user) {
|
||||
return false;
|
||||
}
|
||||
|
||||
if (user.isAdmin) {
|
||||
return true;
|
||||
}
|
||||
|
|
@ -13,10 +17,14 @@ export async function canViewUser({ user }: Auth, viewedUserId: string) {
|
|||
}
|
||||
|
||||
export async function canViewUsers({ user }: Auth) {
|
||||
return user.isAdmin;
|
||||
return user?.isAdmin ?? false;
|
||||
}
|
||||
|
||||
export async function canUpdateUser({ user }: Auth, viewedUserId: string) {
|
||||
if (!user) {
|
||||
return false;
|
||||
}
|
||||
|
||||
if (user.isAdmin) {
|
||||
return true;
|
||||
}
|
||||
|
|
@ -25,5 +33,5 @@ export async function canUpdateUser({ user }: Auth, viewedUserId: string) {
|
|||
}
|
||||
|
||||
export async function canDeleteUser({ user }: Auth) {
|
||||
return user.isAdmin;
|
||||
return user?.isAdmin ?? false;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -15,7 +15,7 @@ export async function canViewWebsite({ user, shareToken }: Auth, websiteId: stri
|
|||
|
||||
const entity = await getEntity(websiteId);
|
||||
|
||||
if (!entity) {
|
||||
if (!entity || !user) {
|
||||
return false;
|
||||
}
|
||||
|
||||
|
|
@ -33,10 +33,14 @@ export async function canViewWebsite({ user, shareToken }: Auth, websiteId: stri
|
|||
}
|
||||
|
||||
export async function canViewAllWebsites({ user }: Auth) {
|
||||
return user.isAdmin;
|
||||
return user?.isAdmin ?? false;
|
||||
}
|
||||
|
||||
export async function canCreateWebsite({ user }: Auth) {
|
||||
if (!user) {
|
||||
return false;
|
||||
}
|
||||
|
||||
if (user.isAdmin) {
|
||||
return true;
|
||||
}
|
||||
|
|
@ -101,6 +105,10 @@ export async function canDeleteWebsite({ user }: Auth, websiteId: string) {
|
|||
}
|
||||
|
||||
export async function canTransferWebsiteToUser({ user }: Auth, websiteId: string, userId: string) {
|
||||
if (!user) {
|
||||
return false;
|
||||
}
|
||||
|
||||
const website = await getWebsite(websiteId);
|
||||
|
||||
if (!website) {
|
||||
|
|
@ -117,6 +125,10 @@ export async function canTransferWebsiteToUser({ user }: Auth, websiteId: string
|
|||
}
|
||||
|
||||
export async function canTransferWebsiteToTeam({ user }: Auth, websiteId: string, teamId: string) {
|
||||
if (!user) {
|
||||
return false;
|
||||
}
|
||||
|
||||
const website = await getWebsite(websiteId);
|
||||
|
||||
if (!website) {
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue