Commit 05832f25 authored by A. Koch's avatar A. Koch

fix acl check for api service

parent ff9850e3
Pipeline #1271 passed with stage
......@@ -32,10 +32,11 @@ class Service extends TinyEmitter {
const items = []
for (let entry of results) {
let allowed = false
const roles = req.user ? req.user.profile.roles : ['public']
if (entry.author && entry.author.id === user) allowed = true
else {
try {
allowed = await this._acl.isAllowed(user, entry.uuid, 'get')
allowed = await this._acl.areAnyRolesAllowed(roles, entry.uuid, ['get'])
}
catch (err) {
api.captureException(err)
......@@ -49,12 +50,13 @@ class Service extends TinyEmitter {
async getHandler (req, res) {
const result = await this.client.get(req.params.id, req.params)
const user = req.user ? req.user.uuid : 'anon'
const roles = req.user ? req.user.profile.roles : ['public']
if (result) {
let allowed = false
if (result.author && result.author.id === user) allowed = true
else {
try {
allowed = await this._acl.isAllowed(user, result.uuid, 'get')
allowed = await this._acl.areAnyRolesAllowed(roles, entry.uuid, ['get'])
}
catch (err) {
api.captureException(err)
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment