topaLE
/
ghostfolio
mirror of https://github.com/ghostfolio/ghostfolio
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

Check for user in request because of public page

pull/2065/head
Thomas 2 years ago
parent
2d009aacc4
commit
d0dcadd4b3
1 changed files with 28 additions and 14 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 16
      apps/api/src/services/impersonation/impersonation.service.ts

16
apps/api/src/services/impersonation/impersonation.service.ts
View File

@ -12,6 +12,7 @@ export class ImpersonationService {
) {} ) {}
public async validateImpersonationId(aId = '') { public async validateImpersonationId(aId = '') {
if (this.request.user) {
const accessObject = await this.prismaService.access.findFirst({ const accessObject = await this.prismaService.access.findFirst({
where: { where: {
GranteeUser: { id: this.request.user.id }, GranteeUser: { id: this.request.user.id },
@ -20,7 +21,7 @@ export class ImpersonationService {
}); });
if (accessObject?.userId) { if (accessObject?.userId) {
return accessObject?.userId; return accessObject.userId;
} else if ( } else if (
hasPermission( hasPermission(
this.request.user.permissions, this.request.user.permissions,
@ -29,6 +30,19 @@ export class ImpersonationService {
) { ) {
return aId; return aId;
} }
} else {
// Public access
const accessObject = await this.prismaService.access.findFirst({
where: {
GranteeUser: null,
User: { id: aId }
}
});
if (accessObject?.userId) {
return accessObject.userId;
}
}
return null; return null;
} }

Write Preview
Loading…
Cancel
Save