MCPcopy Index your code
hub / github.com/chartbrew/chartbrew / checkFilterAccess

Function checkFilterAccess

server/api/ChartRoute.js:283–402  ·  view source on GitHub ↗
(req, res, next)

Source from the content-addressed store, hash-verified

281 };
282
283 const checkFilterAccess = async (req, res, next) => {
284 try {
285 const project = await projectController.findById(req.params.project_id);
286 if (!project) {
287 return res.status(404).json({ message: "Project not found" });
288 }
289
290 const chart = await chartController.findById(req.params.chart_id);
291 if (!chart) {
292 return res.status(404).json({ message: "Chart not found" });
293 }
294
295 if (`${chart.project_id}` !== `${project.id}`) {
296 return res.status(403).json({ message: "Access denied" });
297 }
298
299 if (req.user?.id) {
300 const teamRole = await teamController.getTeamRole(project.team_id, req.user.id);
301 if (teamRole?.role) {
302 req.user.teamRole = teamRole;
303
304 const permission = accessControl.can(teamRole.role).readOwn("chart");
305 if (permission.granted) {
306 if (["teamOwner", "teamAdmin"].includes(teamRole.role)) {
307 return next();
308 }
309
310 if (teamRole?.projects?.length > 0) {
311 const hasProjectAccess = teamRole.projects.some((projectId) => `${projectId}` === `${project.id}`);
312 if (hasProjectAccess || project.ghost) {
313 req.user.projects = teamRole.projects;
314 return next();
315 }
316 }
317 }
318 }
319 }
320
321 const snapshotAccessToken = req.query.accessToken || req.body?.accessToken;
322 if (snapshotAccessToken) {
323 try {
324 const decodedAccessToken = jwt.verify(snapshotAccessToken, settings.encryptionKey);
325 if (`${decodedAccessToken?.project_id}` === `${project.id}`) {
326 return next();
327 }
328 } catch (error) {
329 // Continue to other auth mechanisms.
330 }
331 }
332
333 const shareToken = req.query.token || req.body?.token;
334 if (!shareToken) {
335 const passwordInput = req.query.pass || req.headers.pass || req.body?.password;
336 const allowPublicAccess = await isPublicProjectFilterAllowed(project, chart, passwordInput);
337 if (allowPublicAccess) {
338 return next();
339 }
340 return res.status(401).json({ message: "Not authorized" });

Callers

nothing calls this directly

Calls 3

getTeamRoleMethod · 0.80
findByIdMethod · 0.45

Tested by

no test coverage detected