MCPcopy
hub / github.com/pocketbase/pocketbase / checkForSuperuserOnlyRuleFields

Function checkForSuperuserOnlyRuleFields

apis/record_helpers.go:515–534  ·  view source on GitHub ↗

checkForSuperuserOnlyRuleFields loosely checks and returns an error if the provided RequestInfo contains rule fields that only the superuser can use.

(requestInfo *core.RequestInfo)

Source from the content-addressed store, hash-verified

513// checkForSuperuserOnlyRuleFields loosely checks and returns an error if
514// the provided RequestInfo contains rule fields that only the superuser can use.
515func checkForSuperuserOnlyRuleFields(requestInfo *core.RequestInfo) error {
516 if len(requestInfo.Query) == 0 || requestInfo.HasSuperuserAuth() {
517 return nil // superuser or nothing to check
518 }
519
520 for _, param := range ruleQueryParams {
521 v := requestInfo.Query[param]
522 if v == "" {
523 continue
524 }
525
526 for _, field := range superuserOnlyRuleFields {
527 if strings.Contains(v, field) {
528 return router.NewForbiddenError("Only superusers can filter by "+field, nil)
529 }
530 }
531 }
532
533 return nil
534}
535
536// firstApiError returns the first ApiError from the errors list
537// (this is used usually to prevent unnecessary wraping and to allow bubling ApiError from nested hooks)

Callers 2

recordsListFunction · 0.85
realtimeCanAccessRecordFunction · 0.85

Calls 2

NewForbiddenErrorFunction · 0.92
HasSuperuserAuthMethod · 0.45

Tested by

no test coverage detected

Used in the wild real call sites across dependent graphs

searching dependent graphs…