MCPcopy
hub / github.com/chartbrew/chartbrew / checkPublicAccess

Function checkPublicAccess

server/api/ChartRoute.js:106–153  ·  view source on GitHub ↗
(req, requiredAccess)

Source from the content-addressed store, hash-verified

104 };
105
106 const checkPublicAccess = async (req, requiredAccess) => {
107 const chart = await chartController.findById(req.params.chart_id);
108 if (!chart) {
109 return Promise.reject(404);
110 }
111
112 const projectId = req.params.project_id || chart.project_id;
113 const project = await projectController.findById(projectId);
114 if (!project || `${chart.project_id}` !== `${project.id}`) {
115 return Promise.reject(401);
116 }
117
118 if (!chart.onReport) {
119 return Promise.reject(401);
120 }
121
122 const hasAuthenticatedProjectAccess = await hasProjectReadAccess(project, req.user);
123
124 if (!project.public && !hasAuthenticatedProjectAccess) {
125 return Promise.reject(401);
126 }
127
128 const passwordInput = getPublicPasswordInput(req);
129 if (project.passwordProtected && passwordInput !== project.password && !hasAuthenticatedProjectAccess) {
130 return Promise.reject(401);
131 }
132
133 const sharePolicy = await db.SharePolicy.findOne({
134 where: {
135 entity_type: "Project",
136 entity_id: project.id,
137 },
138 });
139
140 const hasSharePolicyAccess = await verifyProjectSharePolicyAccess(req, project, sharePolicy);
141 if (!hasSharePolicyAccess && !hasAuthenticatedProjectAccess) {
142 return Promise.reject(401);
143 }
144
145 if (requiredAccess === "export") {
146 const team = await teamController.findById(project.team_id);
147 if (!team?.allowReportExport) {
148 return Promise.reject(401);
149 }
150 }
151
152 return { chart, project, hasAuthenticatedProjectAccess };
153 };
154
155 const resolveRuntimeVariables = async (req, project, providedVariables = {}) => {
156 const queryParams = req.body?.queryParams || {};

Callers 1

ChartRoute.jsFile · 0.85

Calls 4

hasProjectReadAccessFunction · 0.85
getPublicPasswordInputFunction · 0.85
findByIdMethod · 0.45

Tested by

no test coverage detected