bugfix

andava aggiornato il controllo dei permessi avendo tolto api/v0 dai ruoli
Unipisa · Jan 11, 2024 · fa9ea3a · fa9ea3a
1 parent 6d5e18c
commit fa9ea3a
Show file tree

Hide file tree

Showing 2 changed files with 3 additions and 3 deletions.
diff --git a/package.json b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "dm-manager",
-  "version": "1.4.2",
+  "version": "1.4.3",
   "private": true,
   "dependencies": {
     "@babel/core": "^7.16.0",

diff --git a/server/controllers/middleware.js b/server/controllers/middleware.js
@@ -81,10 +81,10 @@ const requirePathPermissions = async (req, res, next) => {
         req.log_who = req.user.username
     }
 
-    console.log(`checking permissions for ${req.log_who} on ${fullUrl}`)
+    console.log(`checking permissions for ${req.log_who} with roles ${JSON.stringify(req.roles)} on ${fullUrl}`)
 
     const hasPermission = req.roles?.includes('admin') || req.roles.reduce(
-        (x,y) => x || fullUrl.startsWith(y), false
+        (x,y) => x || fullUrl.startsWith(`/api/v0${y}`), false
     )
 
     if (! hasPermission) {