github/directus
1
1
Fork 0
mirror of https://github.com/directus/directus.git synced 2026-04-03 03:00:39 -04:00
Code Issues Packages Projects Releases Wiki Activity

Throw error on reading forbidden collection

Browse Source 
Ref #4043
This commit is contained in:
rijkvanzanten
2021-02-15 13:50:44 -05:00
parent d1ecac4394
commit 76f1a387c7
2 changed files with 11 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
api/src/controllers/collections.ts
View File

@@ -55,16 +55,8 @@ router.get(
? req.params.collection.split(',')
: req.params.collection;
try {
const collection = await collectionsService.readByKey(collectionKey as any);
res.locals.payload = { data: collection || null };
} catch (error) {
if (error instanceof ForbiddenException) {
return next();
}
throw error;
}
const collection = await collectionsService.readByKey(collectionKey as any);
res.locals.payload = { data: collection || null };
return next();
}),
@@ -106,9 +98,11 @@ router.delete(
accountability: req.accountability,
schema: req.schema,
});
const collectionKey = req.params.collection.includes(',')
? req.params.collection.split(',')
: req.params.collection;
await collectionsService.delete(collectionKey as any);
return next();

7
api/src/services/collections.ts
View File

@@ -130,6 +130,7 @@ export class CollectionsService {
const tablesInDatabase = await schemaInspector.tableInfo();
const tables = tablesInDatabase.filter((table) => collectionKeys.includes(table.name));
const meta = (await collectionItemsService.readByQuery({
filter: { collection: { _in: collectionKeys } },
})) as CollectionMeta[];
@@ -157,6 +158,7 @@ export class CollectionsService {
knex: this.knex,
schema: this.schema,
});
let tablesInDatabase = await schemaInspector.tableInfo();
if (this.accountability && this.accountability.admin !== true) {
@@ -169,9 +171,14 @@ export class CollectionsService {
tablesInDatabase = tablesInDatabase.filter((table) => {
return collectionsYouHavePermissionToRead.includes(table.name);
});
if (tablesInDatabase.length === 0) {
throw new ForbiddenException();
}
}
const tablesToFetchInfoFor = tablesInDatabase.map((table) => table.name);
const meta = (await collectionItemsService.readByQuery({
filter: { collection: { _in: tablesToFetchInfoFor } },
})) as CollectionMeta[];