|
@@ -6,6 +6,7 @@ const loggerFactory = require('@alias/logger');
|
|
|
const logger = loggerFactory('growi:routes:apiv3:security-setting');
|
|
const logger = loggerFactory('growi:routes:apiv3:security-setting');
|
|
|
|
|
|
|
|
const express = require('express');
|
|
const express = require('express');
|
|
|
|
|
+const luceneQueryParser = require('lucene-query-parser');
|
|
|
|
|
|
|
|
const router = express.Router();
|
|
const router = express.Router();
|
|
|
|
|
|
|
@@ -663,7 +664,7 @@ module.exports = (crowi) => {
|
|
|
const rule = req.body.ABLCRule;
|
|
const rule = req.body.ABLCRule;
|
|
|
// Empty string disables attribute-based login control.
|
|
// Empty string disables attribute-based login control.
|
|
|
// So, when rule is empty string, validation is passed.
|
|
// So, when rule is empty string, validation is passed.
|
|
|
- if (rule != null && (rule == null || crowi.passportService.parseABLCRule(rule) == null)) {
|
|
|
|
|
|
|
+ if (rule != null && (rule == null || luceneQueryParser.parse(rule) == null)) {
|
|
|
return res.apiv3Err(req.t('form_validation.invalid_syntax', req.t('security_setting.form_item_name.ABLCRule')), 400);
|
|
return res.apiv3Err(req.t('form_validation.invalid_syntax', req.t('security_setting.form_item_name.ABLCRule')), 400);
|
|
|
}
|
|
}
|
|
|
|
|
|
yusuketk