m/umami
1
0
Fork 0
mirror of https://github.com/kremalicious/umami.git synced 2025-02-14 21:10:34 +01:00
Code Issues Packages Projects Releases Wiki Activity

add permission to create report.

Browse Source
This commit is contained in:
Brian Cao 2024-02-22 13:47:28 -08:00
parent 2832ff9622
commit fd1b9ff7b4
1 changed files with 5 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
src/pages/api/reports/index.ts
View File

@ -6,7 +6,7 @@ import { NextApiResponse } from 'next';
import { methodNotAllowed, ok, unauthorized } from 'next-basics'; import { methodNotAllowed, ok, unauthorized } from 'next-basics';
import { createReport, getReports } from 'queries'; import { createReport, getReports } from 'queries';
import * as yup from 'yup'; import * as yup from 'yup';
import { canViewTeam, canViewWebsite } from 'lib/auth'; import { canUpdateWebsite, canViewTeam, canViewWebsite } from 'lib/auth';
export interface ReportRequestBody { export interface ReportRequestBody {
websiteId: string; websiteId: string;
@ -89,6 +89,10 @@ export default async (
if (req.method === 'POST') { if (req.method === 'POST') {
const { websiteId, type, name, description, parameters } = req.body; const { websiteId, type, name, description, parameters } = req.body;
if (!(await canUpdateWebsite(req.auth, websiteId))) {
return unauthorized(res);
}
const result = await createReport({ const result = await createReport({
id: uuid(), id: uuid(),
userId, userId,