github/directus
1
0
Fork 0
mirror of https://github.com/directus/directus.git synced 2026-01-25 13:38:02 -05:00
Code Issues Packages Projects Releases Wiki Activity

Use update permissions explicitly

Browse Source
This commit is contained in:
rijkvanzanten
2020-08-21 12:14:09 -06:00
parent 1ccf1b0ada
commit 1ba8577a38
1 changed files with 9 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
api/src/services/utils.ts
View File

@@ -29,7 +29,15 @@ export default class UtilsService {
}
if (this.accountability?.admin !== true) {
const permissions = await this.knex.select('fields').from('directus_permissions').where({ role: this.accountability?.role || null, collection }).first();
const permissions = await this.knex
.select('fields')
.from('directus_permissions')
.where({
collection,
operation: 'update',
role: this.accountability?.role || null,
})
.first();
if (!permissions) {
throw new ForbiddenException();