Skip to content
GitLab
Projects
Groups
Snippets
/
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Sign in / Register
Toggle navigation
Menu
Open sidebar
Open Subsurface Data Universe Software
Platform
Domain Data Management Services
Seismic
Seismic DMS Suite
seismic-dms-service
Commits
4185af3a
Commit
4185af3a
authored
Jun 30, 2021
by
Diego Molteni
Committed by
Sacha Brants
Jun 30, 2021
Browse files
fix: added missing auth check on close operation
parent
a0286e2f
Changes
1
Hide whitespace changes
Inline
Side-by-side
src/services/dataset/handler.ts
View file @
4185af3a
...
...
@@ -410,6 +410,19 @@ export class DatasetHandler {
// return immediately if it is a simple close with empty body (no patch to apply)
if
(
Object
.
keys
(
req
.
body
).
length
===
0
&&
req
.
body
.
constructor
===
Object
&&
wid
)
{
// Check authorizations
if
(
FeatureFlags
.
isEnabled
(
Feature
.
AUTHORIZATION
))
{
if
(
wid
.
startsWith
(
'
W
'
))
{
await
Auth
.
isWriteAuthorized
(
req
.
headers
.
authorization
,
subproject
.
acls
.
admins
,
datasetIN
.
tenant
,
subproject
.
name
,
tenant
.
esd
,
req
[
Config
.
DE_FORWARD_APPKEY
]);
}
else
{
await
Auth
.
isReadAuthorized
(
req
.
headers
.
authorization
,
subproject
.
acls
.
viewers
.
concat
(
subproject
.
acls
.
admins
),
datasetIN
.
tenant
,
datasetIN
.
subproject
,
tenant
.
esd
,
req
[
Config
.
DE_FORWARD_APPKEY
]);
}
}
// Retrieve the dataset metadata
const
dataset
=
subproject
.
enforce_key
?
await
DatasetDAO
.
getByKey
(
journalClient
,
datasetIN
)
:
...
...
Write
Preview
Supports
Markdown
0%
Try again
or
attach a new file
.
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment