-
Notifications
You must be signed in to change notification settings - Fork 220
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat: Apply read-only-validator.ts #7639
feat: Apply read-only-validator.ts #7639
Conversation
if (user.readOnly) { | ||
const message = 'This user is read only user'; | ||
logger.warn(message); | ||
|
||
return res.apiv3Err(new ErrorV3(message, 'validatioin_failed')); | ||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
readOnly フラグが true ならば apiv3Err() でエラーを返すようにしました。
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
名前を excludeReadOnlyUser に変えてください
apiv1 全般カバーが必要だと思う |
if (user.readOnly) { | ||
const message = 'This user is read only user'; | ||
logger.warn(message); | ||
|
||
return res.apiv3Err(new ErrorV3(message, 'validatioin_failed')); | ||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
名前を excludeReadOnlyUser に変えてください
@@ -575,35 +576,36 @@ module.exports = (crowi) => { | |||
} | |||
}); | |||
|
|||
router.post('/resume-rename', accessTokenParser, loginRequiredStrictly, validator.resumeRenamePage, apiV3FormValidator, async(req, res) => { | |||
router.post('/resume-rename', accessTokenParser, loginRequiredStrictly, readOnlyValidator, validator.resumeRenamePage, apiV3FormValidator, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
resume はできてもいいね
export const excludeReadOnlyUser = (req: Request, res: Response & { apiv3Err }, next: () => NextFunction): NextFunction => { | ||
const user = req.user; | ||
|
||
if (user.readOnly) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
user が null の場合を一応カバーしておきたい。カバーしていない場合、暗黙的に loginRequiredStrictly の後に実行される必要があるという制約ができてしまうので。
user が null の場合は、logger.warn でその旨を出した上で通過させてよい。
task: https://redmine.weseek.co.jp/issues/121339
Screenshot
console warning
toastr