github/umami
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity

Add admin check. (#1716)

Browse Source 
* Add admin check.

* Fix teamId check.
This commit is contained in:
Brian Cao
2022-12-27 15:18:58 -08:00
committed by GitHub
parent c90bd941b5
commit 561cde6e7e
20 changed files with 133 additions and 98 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
pages/api/websites/[id]/active.ts
View File

@@ -17,13 +17,10 @@ export default async (
await useCors(req, res);
await useAuth(req, res);
const {
user: { id: userId },
} = req.auth;
const { id: websiteId } = req.query;
if (req.method === 'GET') {
if (await canViewWebsite(userId, websiteId)) {
if (await canViewWebsite(req.auth, websiteId)) {
return unauthorized(res);
}

5
pages/api/websites/[id]/eventdata.ts
View File

@@ -24,13 +24,10 @@ export default async (
await useCors(req, res);
await useAuth(req, res);
const {
user: { id: userId },
} = req.auth;
const { id: websiteId } = req.query;
if (req.method === 'POST') {
if (canViewWebsite(userId, websiteId)) {
if (!(await canViewWebsite(req.auth, websiteId))) {
return unauthorized(res);
}

5
pages/api/websites/[id]/events.ts
View File

@@ -25,13 +25,10 @@ export default async (
await useCors(req, res);
await useAuth(req, res);
const {
user: { id: userId },
} = req.auth;
const { id: websiteId, startAt, endAt, unit, tz, url, eventName } = req.query;
if (req.method === 'GET') {
if (canViewWebsite(userId, websiteId)) {
if (!(await canViewWebsite(req.auth, websiteId))) {
return unauthorized(res);
}

9
pages/api/websites/[id]/index.ts
View File

@@ -22,13 +22,10 @@ export default async (
await useCors(req, res);
await useAuth(req, res);
const {
user: { id: userId },
} = req.auth;
const { id: websiteId } = req.query;
if (req.method === 'GET') {
if (!(await canViewWebsite(userId, websiteId))) {
if (!(await canViewWebsite(req.auth, websiteId))) {
return unauthorized(res);
}
@@ -38,7 +35,7 @@ export default async (
}
if (req.method === 'POST') {
if (!(await canUpdateWebsite(userId, websiteId))) {
if (!(await canUpdateWebsite(req.auth, websiteId))) {
return unauthorized(res);
}
@@ -56,7 +53,7 @@ export default async (
}
if (req.method === 'DELETE') {
if (!(await canDeleteWebsite(userId, websiteId))) {
if (!(await canDeleteWebsite(req.auth, websiteId))) {
return unauthorized(res);
}

5
pages/api/websites/[id]/metrics.ts
View File

@@ -55,9 +55,6 @@ export default async (
await useCors(req, res);
await useAuth(req, res);
const {
user: { id: userId },
} = req.auth;
const {
id: websiteId,
type,
@@ -72,7 +69,7 @@ export default async (
} = req.query;
if (req.method === 'GET') {
if (!(await canViewWebsite(userId, websiteId))) {
if (!(await canViewWebsite(req.auth, websiteId))) {
return unauthorized(res);
}

5
pages/api/websites/[id]/pageviews.ts
View File

@@ -30,9 +30,6 @@ export default async (
await useCors(req, res);
await useAuth(req, res);
const {
user: { id: userId },
} = req.auth;
const {
id: websiteId,
startAt,
@@ -48,7 +45,7 @@ export default async (
} = req.query;
if (req.method === 'GET') {
if (!(await canViewWebsite(userId, websiteId))) {
if (!(await canViewWebsite(req.auth, websiteId))) {
return unauthorized(res);
}

5
pages/api/websites/[id]/reset.ts
View File

@@ -16,13 +16,10 @@ export default async (
await useCors(req, res);
await useAuth(req, res);
const {
user: { id: userId },
} = req.auth;
const { id: websiteId } = req.query;
if (req.method === 'POST') {
if (!(await canViewWebsite(userId, websiteId))) {
if (!(await canViewWebsite(req.auth, websiteId))) {
return unauthorized(res);
}

5
pages/api/websites/[id]/stats.ts
View File

@@ -26,13 +26,10 @@ export default async (
await useCors(req, res);
await useAuth(req, res);
const {
user: { id: userId },
} = req.auth;
const { id: websiteId, startAt, endAt, url, referrer, os, browser, device, country } = req.query;
if (req.method === 'GET') {
if (!(await canViewWebsite(userId, websiteId))) {
if (!(await canViewWebsite(req.auth, websiteId))) {
return unauthorized(res);
}