fm453/nocobase
1
0
Fork 0
mirror of https://gitee.com/nocobase/nocobase.git synced 2025-05-05 05:29:26 +08:00
Code Issues Packages Projects Releases Wiki Activity

fix(acl): return 403 instead of 401 fro invalid user roles after sign-in

Browse Source
This commit is contained in:
xilesun 2025-04-25 13:29:18 +08:00
parent b0cee75bf1
commit d2fee799c2
2 changed files with 5 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
packages/plugins/@nocobase/plugin-acl/src/server/__tests__/setCurrentRole.test.ts
View File

@ -79,7 +79,7 @@ describe('role', () => {
const throwFn = vi.fn(); const throwFn = vi.fn();
ctx.throw = throwFn; ctx.throw = throwFn;
await setCurrentRole(ctx, () => {}); await setCurrentRole(ctx, () => {});
expect(throwFn).lastCalledWith(401, { expect(throwFn).lastCalledWith(403, {
code: 'ROLE_NOT_FOUND_FOR_USER', code: 'ROLE_NOT_FOUND_FOR_USER',
message: 'The role does not belong to the user', message: 'The role does not belong to the user',
}); });
@ -214,7 +214,7 @@ describe('role', () => {
const throwFn = vi.fn(); const throwFn = vi.fn();
ctx.throw = throwFn; ctx.throw = throwFn;
await setCurrentRole(ctx, () => {}); await setCurrentRole(ctx, () => {});
expect(throwFn).lastCalledWith(401, { expect(throwFn).lastCalledWith(403, {
code: 'USER_HAS_NO_ROLES_ERR', code: 'USER_HAS_NO_ROLES_ERR',
message: 'The current user has no roles. Please try another account.', message: 'The current user has no roles. Please try another account.',
}); });

6
packages/plugins/@nocobase/plugin-acl/src/server/middlewares/setCurrentRole.ts
View File

@ -33,7 +33,7 @@ export async function setCurrentRole(ctx: Context, next) {
)) as Model[]; )) as Model[];
if (!roles.length && !attachRoles.length) { if (!roles.length && !attachRoles.length) {
ctx.state.currentRole = undefined; ctx.state.currentRole = undefined;
return ctx.throw(401, { return ctx.throw(403, {
code: 'USER_HAS_NO_ROLES_ERR', code: 'USER_HAS_NO_ROLES_ERR',
message: ctx.t('The current user has no roles. Please try another account.', { ns: 'acl' }), message: ctx.t('The current user has no roles. Please try another account.', { ns: 'acl' }),
}); });
@ -51,7 +51,7 @@ export async function setCurrentRole(ctx: Context, next) {
if (currentRole) { if (currentRole) {
role = userRoles.find((role) => role.name === currentRole)?.name; role = userRoles.find((role) => role.name === currentRole)?.name;
if (!role) { if (!role) {
return ctx.throw(401, { return ctx.throw(403, {
code: 'ROLE_NOT_FOUND_FOR_USER', code: 'ROLE_NOT_FOUND_FOR_USER',
message: ctx.t('The role does not belong to the user', { ns: 'acl' }), message: ctx.t('The role does not belong to the user', { ns: 'acl' }),
}); });
@ -64,7 +64,7 @@ export async function setCurrentRole(ctx: Context, next) {
} }
ctx.state.currentRole = role; ctx.state.currentRole = role;
if (!ctx.state.currentRole) { if (!ctx.state.currentRole) {
return ctx.throw(401, { return ctx.throw(403, {
code: 'ROLE_NOT_FOUND_ERR', code: 'ROLE_NOT_FOUND_ERR',
message: ctx.t('The user role does not exist. Please try signing in again', { ns: 'acl' }), message: ctx.t('The user role does not exist. Please try signing in again', { ns: 'acl' }),
}); });