jjkiers/cloudron-box
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

users: validate groupIds items

Browse Source
This commit is contained in:
Girish Ramakrishnan
2024-04-05 11:59:16 +02:00
parent 76aa0b4a70
commit 2760e25c0f
1 changed files with 1 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
src/routes/users.js
+1
View File
@@ -195,6 +195,7 @@ async function setLocalGroups(req, res, next) {
assert.strictEqual(typeof req.resource, 'object');
if (!Array.isArray(req.body.groupIds)) return next(new HttpError(400, 'API call requires a groups array.'));
if (req.body.groupIds.some((gid) => typeof gid !== 'string')) return next(new HttpError(400, 'groupIds array must contain strings'));
if (users.compareRoles(req.user.role, req.resource.role) < 0) return next(new HttpError(403, `role '${req.resource.role}' is required but user has only '${req.user.role}'`));
const [error] = await safe(groups.setLocalMembership(req.resource, req.body.groupIds));