yuuza/outline
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Add additional future-proofing auth checks for creation

Browse Source
This commit is contained in:
Tom Moor
2018-02-18 11:08:43 -08:00
parent e3e084130c
commit 7a0aa0ecf8
3 changed files with 5 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
server/api/documents.js
View File

@@ -198,12 +198,15 @@ router.post('documents.create', auth(), async ctx => {
if (index) ctx.assertPositiveInteger(index, 'index must be an integer (>=0)');
const user = ctx.state.user;
authorize(user, 'create', Document);
const ownerCollection = await Collection.findOne({
where: {
id: collection,
teamId: user.teamId,
},
});
authorize(user, 'publish', ownerCollection);
if (!ownerCollection) throw httpErrors.BadRequest();