diff options
| author | syuilo <Syuilotan@yahoo.co.jp> | 2023-01-13 14:46:56 +0900 |
|---|---|---|
| committer | syuilo <Syuilotan@yahoo.co.jp> | 2023-01-13 14:46:56 +0900 |
| commit | 0a6e237d09b8c2bed4977a086d83d7282c20b774 (patch) | |
| tree | e985a8f56caf9fef4558dcc640411fc7cbfd6d7f /packages/backend/src/server/api/ApiCallService.ts | |
| parent | Update CHANGELOG.md (diff) | |
| download | sharkey-0a6e237d09b8c2bed4977a086d83d7282c20b774.tar.gz sharkey-0a6e237d09b8c2bed4977a086d83d7282c20b774.tar.bz2 sharkey-0a6e237d09b8c2bed4977a086d83d7282c20b774.zip | |
refactor
Diffstat (limited to 'packages/backend/src/server/api/ApiCallService.ts')
| -rw-r--r-- | packages/backend/src/server/api/ApiCallService.ts | 11 |
1 files changed, 11 insertions, 0 deletions
diff --git a/packages/backend/src/server/api/ApiCallService.ts b/packages/backend/src/server/api/ApiCallService.ts index 415fbf08dd..c19e861a5a 100644 --- a/packages/backend/src/server/api/ApiCallService.ts +++ b/packages/backend/src/server/api/ApiCallService.ts @@ -271,6 +271,17 @@ export class ApiCallService implements OnApplicationShutdown { } } + if (ep.meta.requireRoleOption != null && !user!.isRoot) { + const myRole = await this.roleService.getUserRoleOptions(user!.id); + if (!myRole[ep.meta.requireRoleOption]) { + throw new ApiError({ + message: 'You are not assigned to a required role.', + code: 'ROLE_PERMISSION_DENIED', + id: '7f86f06f-7e15-4057-8561-f4b6d4ac755a', + }); + } + } + if (token && ep.meta.kind && !token.permission.some(p => p === ep.meta.kind)) { throw new ApiError({ message: 'Your app does not have the necessary permissions to use this endpoint.', |