Halaman utama Jelajahi Bantuan
Masuk
wiki
/
weseek__growi
cermin dari https://github.com/weseek/growi
2
0
Fork 0
Berkas Masalah 0 Wiki
Jelajahi Sumber

change to check for grant at an earlier stage

WNomunomu 1 tahun lalu
induk
9c469ff08f
melakukan
f22c5670b4
1 mengubah file dengan 9 tambahan dan 7 penghapusan
Tampilan Split Tampilkan Statistik Diff
  1. 9 7
      apps/app/src/server/routes/apiv3/page/update-page.ts

+ 9 - 7
apps/app/src/server/routes/apiv3/page/update-page.ts
Tampilan Berkas 

@@ -123,7 +123,7 @@ export const updatePageHandlersFactory: UpdatePageHandlersFactory = (crowi) => {
 
     validator, apiV3FormValidator,
 
     async(req: UpdatePageRequest, res: ApiV3Response) => {
 
       const {
 
-        pageId, revisionId, body, origin,
 
+        pageId, revisionId, body, origin, grant,
 
       } = req.body;
 
 
       const sanitizeRevisionId = revisionId == null ? undefined : generalXssFilter.process(revisionId);
 
@@ -141,6 +141,12 @@ export const updatePageHandlersFactory: UpdatePageHandlersFactory = (crowi) => {
 
         return res.apiv3Err(new ErrorV3(`Page('${pageId}' is not found or forbidden`, 'notfound_or_forbidden'), 400);
 
       }
 
 
+      const isGrantImmutable = isTopPage(currentPage.path) || isUsersProtectedPages(currentPage.path);
 
+
 
+      if (grant && isGrantImmutable) {
 
+        return res.apiv3Err(new ErrorV3('The grant settings for the specified page cannot be modified.', PageUpdateErrorCode.FORBIDDEN), 403);
 
+      }
 
+
 
       if (currentPage != null) {
 
         // Normalize the latest revision which was borken by the migration script '20211227060705-revision-path-to-page-id-schema-migration--fixed-7549.js'
 
         try {
 
@@ -162,19 +168,15 @@ export const updatePageHandlersFactory: UpdatePageHandlersFactory = (crowi) => {
 
         return res.apiv3Err(new ErrorV3('Posted param "revisionId" is outdated.', PageUpdateErrorCode.CONFLICT, undefined, { returnLatestRevision }), 409);
 
       }
 
 
-      const isGrantImmutable = isTopPage(currentPage.path) || isUsersProtectedPages(currentPage.path);
 
-
 
       let updatedPage: PageDocument;
 
       let previousRevision: IRevisionHasId | null;
 
       try {
 
         const {
 
-          grant, userRelatedGrantUserGroupIds, overwriteScopesOfDescendants, wip,
 
+          userRelatedGrantUserGroupIds, overwriteScopesOfDescendants, wip,
 
         } = req.body;
 
         const options: IOptionsForUpdate = { overwriteScopesOfDescendants, origin, wip };
 
         if (grant != null) {
 
-          if (isGrantImmutable) {
 
-            return res.apiv3Err(new ErrorV3('The grant settings for the specified page cannot be modified.', PageUpdateErrorCode.FORBIDDEN), 403);
 
-          }
 
+          options.grant = grant;
 
           options.userRelatedGrantUserGroupIds = userRelatedGrantUserGroupIds;
 
         }
 
         previousRevision = await Revision.findById(sanitizeRevisionId);