From cc076494ff9ddefec97741fda281ef55922451fe Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jos=C3=A9=20Varela?= <joselcvarela@gmail.com>
Date: Tue, 4 Jan 2022 15:04:04 +0000
Subject: [PATCH] Check if is UUID before check permissions (#10837)

On checking permissions it reads the value from database, so we need to verify if is UUID before this process
---
 api/src/services/assets.ts | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/api/src/services/assets.ts b/api/src/services/assets.ts
index 807535ea35..1339b9325e 100644
--- a/api/src/services/assets.ts
+++ b/api/src/services/assets.ts
@@ -44,10 +44,6 @@ export class AssetsService {
 
 		const systemPublicKeys = Object.values(publicSettings || {});
 
-		if (systemPublicKeys.includes(id) === false && this.accountability?.admin !== true) {
-			await this.authorizationService.checkAccess('read', 'directus_files', id);
-		}
-
 		/**
 		 * This is a little annoying. Postgres will error out if you're trying to search in `where`
 		 * with a wrong type. In case of directus_files where id is a uuid, we'll have to verify the
@@ -57,6 +53,10 @@ export class AssetsService {
 
 		if (isValidUUID === false) throw new ForbiddenException();
 
+		if (systemPublicKeys.includes(id) === false && this.accountability?.admin !== true) {
+			await this.authorizationService.checkAccess('read', 'directus_files', id);
+		}
+
 		const file = (await this.knex.select('*').from('directus_files').where({ id }).first()) as File;
 
 		if (!file) throw new ForbiddenException();