jjkiers/cloudron-box
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

Start using req.resources = { app, volume, ...} pattern

Browse Source 
Reason was that req.app was clashing with expressjs v5 which
stores the main expressjs app object there
This commit is contained in:
Johannes Zellner
2025-06-10 11:02:41 +02:00
parent a556237963
commit 2e4bc5e218
12 changed files with 223 additions and 207 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
src/routes/accesscontrol.js
View File

@@ -90,11 +90,11 @@ function authorize(requiredRole) {
async function authorizeOperator(req, res, next) {
assert.strictEqual(typeof req.params.id, 'string');
assert.strictEqual(typeof req.user, 'object');
assert.strictEqual(typeof req.app, 'object');
assert.strictEqual(typeof req.resources.app, 'object');
assert.strictEqual(typeof req.token, 'object');
if (!tokens.hasScope(req.token, req.method, req.path)) return next(new HttpError(403, 'access token does not have this scope'));
if (apps.isOperator(req.app, req.user)) return next();
if (apps.isOperator(req.resources.app, req.user)) return next();
return next(new HttpError(403, 'user is not an operator'));
}