github/directus
1
1
Fork 0
mirror of https://github.com/directus/directus.git synced 2026-04-25 03:00:53 -04:00
Code Issues Packages Projects Releases Wiki Activity

Don't surface forbidden reasoning

Browse Source
This commit is contained in:
rijkvanzanten
2021-03-03 17:33:11 -05:00
parent bac8b9ebab
commit c3dd7023a7
2 changed files with 19 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
api/src/services/authorization.ts
View File

@@ -52,7 +52,17 @@ export class AuthorizationService {
const uniqueCollectionsRequestedCount = uniq(collectionsRequested.map(({ collection }) => collection)).length;
if (uniqueCollectionsRequestedCount !== permissionsForCollections.length) {
throw new ForbiddenException();
// Find the first collection that doesn't have permissions configured
const { collection, field } = collectionsRequested.find(
({ collection }) =>
permissionsForCollections.find((permission) => permission.collection === collection) === undefined
)!;
if (field) {
throw new ForbiddenException(`You don't have permission to access the "${field}" field.`);
} else {
throw new ForbiddenException(`You don't have permission to access the "${collection}" collection.`);
}
}
validateFields(ast);