fm453/nocobase
1
0
Fork 0
mirror of https://gitee.com/nocobase/nocobase.git synced 2025-07-01 18:52:20 +08:00
Code Issues Packages Projects Releases Wiki Activity

fix: custom request server-side permission validation error (#6438)

Browse Source
This commit is contained in:
Katherine 2025-03-12 22:44:10 +08:00 committed by GitHub
parent 97940d246c
commit c408c916d7
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 2 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
packages/plugins/@nocobase/plugin-action-custom-request/src/server/actions/send.ts
View File

@ -77,13 +77,12 @@ export async function send(this: CustomRequestPlugin, ctx: Context, next: Next)
// root role has all permissions
if (ctx.state.currentRole !== 'root') {
const crRepo = ctx.db.getRepository('customRequestsRoles');
const crRepo = ctx.db.getRepository('uiButtonSchemasRoles');
const hasRoles = await crRepo.find({
filter: {
customRequestKey: filterByTk,
uid: filterByTk,
},
});
if (hasRoles.length) {
if (!hasRoles.find((item) => item.roleName === ctx.state.currentRole)) {
return ctx.throw(403, 'custom request no permission');