Use middleware for checks
This commit is contained in:
Adria Navarro
parent
5cfddabac7
commit
7a9a997d73
|
|
@ -35,10 +35,6 @@ export async function patch(
|
|||
const tableId = utils.getTableId(ctx)
|
||||
const body = ctx.request.body
|
||||
|
||||
if (body._viewId) {
|
||||
ctx.throw(400, "Table row endpoints cannot contain view info")
|
||||
}
|
||||
|
||||
// if it doesn't have an _id then its save
|
||||
if (body && !body._id) {
|
||||
return save(ctx)
|
||||
|
|
@ -69,10 +65,6 @@ export const save = async (ctx: UserCtx<Row, Row>) => {
|
|||
const tableId = utils.getTableId(ctx)
|
||||
const body = ctx.request.body
|
||||
|
||||
if (body._viewId) {
|
||||
ctx.throw(400, "Table row endpoints cannot contain view info")
|
||||
}
|
||||
|
||||
// if it has an ID already then its a patch
|
||||
if (body && body._id) {
|
||||
return patch(ctx as UserCtx<PatchRowRequest, PatchRowResponse>)
|
||||
|
|
|
|||
|
|
@ -4,6 +4,7 @@ import authorized from "../../middleware/authorized"
|
|||
import { paramResource, paramSubResource } from "../../middleware/resourceId"
|
||||
import { permissions } from "@budibase/backend-core"
|
||||
import { internalSearchValidator } from "./utils/validators"
|
||||
import guardViewRowInfo from "../../middleware/guardViewRowInfo"
|
||||
const { PermissionType, PermissionLevel } = permissions
|
||||
|
||||
const router: Router = new Router()
|
||||
|
|
@ -174,6 +175,7 @@ router
|
|||
"/api/:tableId/rows",
|
||||
paramResource("tableId"),
|
||||
authorized(PermissionType.TABLE, PermissionLevel.WRITE),
|
||||
guardViewRowInfo(),
|
||||
rowController.save
|
||||
)
|
||||
/**
|
||||
|
|
@ -188,6 +190,7 @@ router
|
|||
"/api/:tableId/rows",
|
||||
paramResource("tableId"),
|
||||
authorized(PermissionType.TABLE, PermissionLevel.WRITE),
|
||||
guardViewRowInfo(),
|
||||
rowController.patch
|
||||
)
|
||||
/**
|
||||
|
|
@ -294,4 +297,11 @@ router
|
|||
* @apiSuccess {string} [_rev] If saving to an internal table a revision will also be returned.
|
||||
* @apiSuccess {object} body The contents of the row that was saved will be returned as well.
|
||||
*/
|
||||
.post(
|
||||
"/api/v2/views/:viewId/rows",
|
||||
paramResource("viewId"),
|
||||
authorized(PermissionType.VIEW, PermissionLevel.WRITE),
|
||||
rowController.views.save
|
||||
)
|
||||
|
||||
export default router
|
||||
|
|
|
|||
12
packages/server/src/middleware/guardViewRowInfo.ts
Normal file
12
packages/server/src/middleware/guardViewRowInfo.ts
Normal file
|
|
@ -0,0 +1,12 @@
|
|||
import { Ctx, Row } from "@budibase/types"
|
||||
|
||||
const checkNoViewData = async (ctx: Ctx<Row>) => {
|
||||
if (ctx.request.body._viewId) {
|
||||
ctx.throw(400, "Table row endpoints cannot contain view info")
|
||||
}
|
||||
}
|
||||
|
||||
export default () => async (ctx: any, next: any) => {
|
||||
await checkNoViewData(ctx)
|
||||
return next()
|
||||
}
|
||||
Loading…
Reference in a new issue