m/umami
1
0
Fork 0
mirror of https://github.com/kremalicious/umami.git synced 2024-11-22 09:57:00 +01:00
Code Issues Packages Projects Releases Wiki Activity

Always fetch website directly.

Browse Source
This commit is contained in:
Mike Cao 2024-02-19 18:30:44 -08:00
parent fcba703f82
commit 2832ff9622
1 changed files with 7 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
src/lib/auth.ts
View File

@ -5,8 +5,7 @@ import { PERMISSIONS, ROLE_PERMISSIONS, SHARE_TOKEN_HEADER, ROLES } from 'lib/co
import { secret } from 'lib/crypto';
import { NextApiRequest } from 'next';
import { createSecureToken, ensureArray, getRandomChars, parseToken } from 'next-basics';
import { getTeamUser } from 'queries';
import { loadWebsite } from './load';
import { getTeamUser, getWebsite } from 'queries';
import { Auth } from './types';
const log = debug('umami:auth');
@ -50,7 +49,7 @@ export async function canViewWebsite({ user, shareToken }: Auth, websiteId: stri
return true;
}
const website = await loadWebsite(websiteId);
const website = await getWebsite(websiteId);
if (website.userId) {
return user.id === website.userId;
@ -86,7 +85,7 @@ export async function canUpdateWebsite({ user }: Auth, websiteId: string) {
return true;
}
const website = await loadWebsite(websiteId);
const website = await getWebsite(websiteId);
if (website.userId) {
return user.id === website.userId;
@ -102,7 +101,7 @@ export async function canUpdateWebsite({ user }: Auth, websiteId: string) {
}
export async function canTransferWebsiteToUser({ user }: Auth, websiteId: string, userId: string) {
const website = await loadWebsite(websiteId);
const website = await getWebsite(websiteId);
if (website.teamId && user.id === userId) {
const teamUser = await getTeamUser(website.teamId, userId);
@ -114,9 +113,9 @@ export async function canTransferWebsiteToUser({ user }: Auth, websiteId: string
}
export async function canTransferWebsiteToTeam({ user }: Auth, websiteId: string, teamId: string) {
const website = await loadWebsite(websiteId);
const website = await getWebsite(websiteId);
if (website.userId === user.id) {
if (website.userId && website.userId === user.id) {
const teamUser = await getTeamUser(teamId, user.id);
return teamUser?.role === ROLES.teamOwner;
@ -130,7 +129,7 @@ export async function canDeleteWebsite({ user }: Auth, websiteId: string) {
return true;
}
const website = await loadWebsite(websiteId);
const website = await getWebsite(websiteId);
if (website.userId) {
return user.id === website.userId;