TheCloud/PronounsPage
1
0
Fork 0
mirror of https://gitlab.com/PronounsPage/PronounsPage.git synced 2025-09-24 05:05:20 -04:00
Code Issues Packages Projects Releases Wiki Activity

(admin) check for global *-users or *-community roles when accessing /api/admin/users

Browse Source
This commit is contained in:
Valentyne Stigloher 2024-10-19 17:20:31 +02:00
parent e1710e7362
commit 904dd92d6f
2 changed files with 3 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
pages/admin/users.vue
View File

@ -31,6 +31,7 @@
</button>
<button
:class="['btn', localeFilter ? 'btn-secondary' : 'btn-outline-secondary']"
:disabled="!$isGranted('users', '*') && !$isGranted('community', '*')"
@click="localeFilter = !localeFilter"
>
Only this version

3
server/express/admin.ts
View File

@ -106,7 +106,8 @@ router.get('/admin/list/footer', handleErrorAsync(async (req, res) => {
}));
router.get('/admin/users', handleErrorAsync(async (req, res) => {
if (!req.isGranted('users') && !req.isGranted('community')) {
const checkLocale = req.query.localeFilter ? global.config.locale : '*';
if (!req.isGranted('users', checkLocale) && !req.isGranted('community', checkLocale)) {
return res.status(401).json({ error: 'Unauthorised' });
}