github/umami
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity

Fix share URL permissions. (#1745)

Browse Source 
* Fix share URL permissions.

* Add sql param logic.

* Add permissions to edit website.

* Update permissions.

* Move parameters to param injection.

* Sanitize eventdata.

* Remove caret.

* Fix avg.
This commit is contained in:
Brian Cao
2023-01-18 15:09:49 -08:00
committed by GitHub
parent 558ce268a0
commit 922c3acab3
16 changed files with 139 additions and 79 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
pages/api/websites/index.js
View File

@@ -7,6 +7,7 @@ export default async (req, res) => {
await useAuth(req, res);
const { user_id, include_all } = req.query;
const { userId: currentUserId, isAdmin } = req.auth;
const accountUuid = user_id || req.auth.accountUuid;
let account;
@@ -18,7 +19,7 @@ export default async (req, res) => {
const userId = account ? account.id : user_id;
if (req.method === 'GET') {
if (userId && userId !== currentUserId && !isAdmin) {
if (!userId || (userId !== currentUserId && !isAdmin)) {
return unauthorized(res);
}