mirrors/hedgedoc
1
0
Fork 0
mirror of https://github.com/hedgedoc/hedgedoc.git synced 2025-05-21 18:55:19 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

fix: add CompleteRequest type to have better type checks for HTTP-Request attribute injection.

Browse source 
Signed-off-by: Yannick Bungers <git@innay.de>
Signed-off-by: Tilman Vatteroth <git@tilmanvatteroth.de>
This commit is contained in:
Yannick Bungers 2023-03-25 16:26:52 +01:00 committed by Yannick Bungers
parent 0263c09ce1
commit d369132519
10 changed files with 34 additions and 38 deletions
Download patch file Download diff file Expand all files Collapse all files

9
backend/src/api/utils/permissions.guard.ts
View file

@ -5,14 +5,13 @@
*/
import { CanActivate, ExecutionContext, Injectable } from '@nestjs/common';
import { Reflector } from '@nestjs/core';
import { Request } from 'express';
import { ConsoleLoggerService } from '../../logger/console-logger.service';
import { NotesService } from '../../notes/notes.service';
import { Permission } from '../../permissions/permissions.enum';
import { PermissionsService } from '../../permissions/permissions.service';
import { User } from '../../users/user.entity';
import { getNote } from './get-note.interceptor';
import { CompleteRequest } from './request.type';
/**
* This guards controller methods from access, if the user has not the appropriate permissions.
@ -41,10 +40,8 @@ export class PermissionsGuard implements CanActivate {
);
return false;
}
const request: Request & { user: User } = context
.switchToHttp()
.getRequest();
const user = request.user;
const request: CompleteRequest = context.switchToHttp().getRequest();
const user = request.user ?? null;
// handle CREATE permissions, as this does not need any note
if (permissions[0] === Permission.CREATE) {
return this.permissionsService.mayCreate(user);