(req, res, next)
| 281 | }; |
| 282 | |
| 283 | const checkFilterAccess = async (req, res, next) => { |
| 284 | try { |
| 285 | const project = await projectController.findById(req.params.project_id); |
| 286 | if (!project) { |
| 287 | return res.status(404).json({ message: "Project not found" }); |
| 288 | } |
| 289 | |
| 290 | const chart = await chartController.findById(req.params.chart_id); |
| 291 | if (!chart) { |
| 292 | return res.status(404).json({ message: "Chart not found" }); |
| 293 | } |
| 294 | |
| 295 | if (`${chart.project_id}` !== `${project.id}`) { |
| 296 | return res.status(403).json({ message: "Access denied" }); |
| 297 | } |
| 298 | |
| 299 | if (req.user?.id) { |
| 300 | const teamRole = await teamController.getTeamRole(project.team_id, req.user.id); |
| 301 | if (teamRole?.role) { |
| 302 | req.user.teamRole = teamRole; |
| 303 | |
| 304 | const permission = accessControl.can(teamRole.role).readOwn("chart"); |
| 305 | if (permission.granted) { |
| 306 | if (["teamOwner", "teamAdmin"].includes(teamRole.role)) { |
| 307 | return next(); |
| 308 | } |
| 309 | |
| 310 | if (teamRole?.projects?.length > 0) { |
| 311 | const hasProjectAccess = teamRole.projects.some((projectId) => `${projectId}` === `${project.id}`); |
| 312 | if (hasProjectAccess || project.ghost) { |
| 313 | req.user.projects = teamRole.projects; |
| 314 | return next(); |
| 315 | } |
| 316 | } |
| 317 | } |
| 318 | } |
| 319 | } |
| 320 | |
| 321 | const snapshotAccessToken = req.query.accessToken || req.body?.accessToken; |
| 322 | if (snapshotAccessToken) { |
| 323 | try { |
| 324 | const decodedAccessToken = jwt.verify(snapshotAccessToken, settings.encryptionKey); |
| 325 | if (`${decodedAccessToken?.project_id}` === `${project.id}`) { |
| 326 | return next(); |
| 327 | } |
| 328 | } catch (error) { |
| 329 | // Continue to other auth mechanisms. |
| 330 | } |
| 331 | } |
| 332 | |
| 333 | const shareToken = req.query.token || req.body?.token; |
| 334 | if (!shareToken) { |
| 335 | const passwordInput = req.query.pass || req.headers.pass || req.body?.password; |
| 336 | const allowPublicAccess = await isPublicProjectFilterAllowed(project, chart, passwordInput); |
| 337 | if (allowPublicAccess) { |
| 338 | return next(); |
| 339 | } |
| 340 | return res.status(401).json({ message: "Not authorized" }); |
nothing calls this directly
no test coverage detected