Home Explore Help
Sign In
wiki
/
weseek__growi
mirror of https://github.com/weseek/growi
2
0
Fork 0
Files Issues 0 Wiki
Browse Source

feat: implement user page access control based on disableUserPages setting

Shun Miyazawa 2 months ago
parent
8d37440125
commit
5006c2c470
3 changed files with 35 additions and 0 deletions
Split View Show Diff Stats
  1. 11 0
      apps/app/src/server/routes/apiv3/page/create-page.ts
  2. 13 0
      apps/app/src/server/routes/apiv3/page/update-page.ts
  3. 11 0
      apps/app/src/server/routes/apiv3/pages/index.js

+ 11 - 0
apps/app/src/server/routes/apiv3/page/create-page.ts
View File 

@@ -6,6 +6,7 @@ import {
 
   isCreatablePage,
 
   isUserPage,
 
   isUsersHomepage,
 
+  isUsersTopPage,
 
 } from '@growi/core/dist/utils/page-path-utils';
 
 import {
 
   attachTitleHeader,
 
@@ -310,6 +311,16 @@ export const createPageHandlersFactory: CreatePageHandlersFactory = (crowi) => {
 
         );
 
       }
 
 
+      const disableUserPages = configManager.getConfig(
 
+        'security:disableUserPages',
 
+      );
 
+      if (
 
+        (disableUserPages && isUsersTopPage(pathToCreate)) ||
 
+        isUserPage(pathToCreate)
 
+      ) {
 
+        return res.apiv3Err('User pages are disabled');
 
+      }
 
+
 
       if (isUserPage(pathToCreate)) {
 
         const isExistUser = await User.isExistUserByUserPagePath(pathToCreate);
 
         if (!isExistUser) {

+ 13 - 0
apps/app/src/server/routes/apiv3/page/update-page.ts
View File 

@@ -5,7 +5,9 @@ import { ErrorV3 } from '@growi/core/dist/models';
 
 import { serializeUserSecurely } from '@growi/core/dist/models/serializers';
 
 import {
 
   isTopPage,
 
+  isUserPage,
 
   isUsersProtectedPages,
 
+  isUsersTopPage,
 
 } from '@growi/core/dist/utils/page-path-utils';
 
 import type { Request, RequestHandler } from 'express';
 
 import type { ValidationChain } from 'express-validator';
 
@@ -29,6 +31,7 @@ import {
 
   serializePageSecurely,
 
   serializeRevisionSecurely,
 
 } from '~/server/models/serializers';
 
+import { configManager } from '~/server/service/config-manager/config-manager';
 
 import { preNotifyService } from '~/server/service/pre-notify';
 
 import { normalizeLatestRevisionIfBroken } from '~/server/service/revision/normalize-latest-revision-if-broken';
 
 import { getYjsService } from '~/server/service/yjs';
 
@@ -224,6 +227,16 @@ export const updatePageHandlersFactory: UpdatePageHandlersFactory = (crowi) => {
 
         );
 
       }
 
 
+      const disableUserPages = configManager.getConfig(
 
+        'security:disableUserPages',
 
+      );
 
+      if (
 
+        (disableUserPages && isUsersTopPage(currentPage.path)) ||
 
+        isUserPage(currentPage.path)
 
+      ) {
 
+        return res.apiv3Err('User pages are disabled');
 
+      }
 
+
 
       const isGrantImmutable =
 
         isTopPage(currentPage.path) || isUsersProtectedPages(currentPage.path);

+ 11 - 0
apps/app/src/server/routes/apiv3/pages/index.js
View File 

@@ -6,6 +6,7 @@ import {
 
   isCreatablePage,
 
   isTrashPage,
 
   isUserPage,
 
+  isUsersTopPage,
 
 } from '@growi/core/dist/utils/page-path-utils';
 
 import {
 
   addHeadingSlash,
 
@@ -763,6 +764,16 @@ module.exports = (crowi) => {
 
         );
 
       }
 
 
+      const disableUserPages = configManager.getConfig(
 
+        'security:disableUserPages',
 
+      );
 
+      if (
 
+        (disableUserPages && isUsersTopPage(pathToCreate)) ||
 
+        isUserPage(pathToCreate)
 
+      ) {
 
+        return res.apiv3Err('User pages are disabled');
 
+      }
 
+
 
       if (isUserPage(newPagePath)) {
 
         const isExistUser = await User.isExistUserByUserPagePath(newPagePath);
 
         if (!isExistUser) {