(req, requiredAccess)
| 104 | }; |
| 105 | |
| 106 | const checkPublicAccess = async (req, requiredAccess) => { |
| 107 | const chart = await chartController.findById(req.params.chart_id); |
| 108 | if (!chart) { |
| 109 | return Promise.reject(404); |
| 110 | } |
| 111 | |
| 112 | const projectId = req.params.project_id || chart.project_id; |
| 113 | const project = await projectController.findById(projectId); |
| 114 | if (!project || `${chart.project_id}` !== `${project.id}`) { |
| 115 | return Promise.reject(401); |
| 116 | } |
| 117 | |
| 118 | if (!chart.onReport) { |
| 119 | return Promise.reject(401); |
| 120 | } |
| 121 | |
| 122 | const hasAuthenticatedProjectAccess = await hasProjectReadAccess(project, req.user); |
| 123 | |
| 124 | if (!project.public && !hasAuthenticatedProjectAccess) { |
| 125 | return Promise.reject(401); |
| 126 | } |
| 127 | |
| 128 | const passwordInput = getPublicPasswordInput(req); |
| 129 | if (project.passwordProtected && passwordInput !== project.password && !hasAuthenticatedProjectAccess) { |
| 130 | return Promise.reject(401); |
| 131 | } |
| 132 | |
| 133 | const sharePolicy = await db.SharePolicy.findOne({ |
| 134 | where: { |
| 135 | entity_type: "Project", |
| 136 | entity_id: project.id, |
| 137 | }, |
| 138 | }); |
| 139 | |
| 140 | const hasSharePolicyAccess = await verifyProjectSharePolicyAccess(req, project, sharePolicy); |
| 141 | if (!hasSharePolicyAccess && !hasAuthenticatedProjectAccess) { |
| 142 | return Promise.reject(401); |
| 143 | } |
| 144 | |
| 145 | if (requiredAccess === "export") { |
| 146 | const team = await teamController.findById(project.team_id); |
| 147 | if (!team?.allowReportExport) { |
| 148 | return Promise.reject(401); |
| 149 | } |
| 150 | } |
| 151 | |
| 152 | return { chart, project, hasAuthenticatedProjectAccess }; |
| 153 | }; |
| 154 | |
| 155 | const resolveRuntimeVariables = async (req, project, providedVariables = {}) => { |
| 156 | const queryParams = req.body?.queryParams || {}; |
no test coverage detected