self-hosted/joplin
1
0
Fork 0
mirror of https://github.com/laurent22/joplin.git synced 2025-07-03 23:50:33 +02:00
Code Issues Releases Activity

Server: Allow disabling item upload for a user

Browse Source
This commit is contained in:
Laurent Cozic
2021-05-27 16:25:37 +02:00
parent 3505a2a973
commit f8a26cf8f9
5 changed files with 35 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

BIN
packages/server/schema.sqlite
View File

Binary file not shown.

4
packages/server/src/db.ts
View File

@ -280,6 +280,8 @@ export interface User extends WithDates, WithUuid {
can_share?: number; can_share?: number;
email_confirmed?: number; email_confirmed?: number;
must_set_password?: number; must_set_password?: number;
account_type?: number;
can_upload?: number;
} }
export interface Session extends WithDates, WithUuid { export interface Session extends WithDates, WithUuid {
@ -405,6 +407,8 @@ export const databaseSchema: DatabaseTables = {
can_share: { type: 'number' }, can_share: { type: 'number' },
email_confirmed: { type: 'number' }, email_confirmed: { type: 'number' },
must_set_password: { type: 'number' }, must_set_password: { type: 'number' },
account_type: { type: 'number' },
can_upload: { type: 'number' },
}, },
sessions: { sessions: {
id: { type: 'string' }, id: { type: 'string' },

14
packages/server/src/migrations/20210527161932_can_upload.ts Normal file
View File

@ -0,0 +1,14 @@
import { Knex } from 'knex';
import { DbConnection } from '../db';
export async function up(db: DbConnection): Promise<any> {
await db.schema.alterTable('users', function(table: Knex.CreateTableBuilder) {
table.integer('can_upload').defaultTo(1).notNullable();
});
await db('users').update({ can_upload: 1 });
}
export async function down(_db: DbConnection): Promise<any> {
}

14
packages/server/src/routes/api/items.test.ts
View File

@ -276,4 +276,18 @@ describe('api_items', function() {
} }
}); });
test('should check permissions - should not allow uploading items if disabled', async function() {
const { user: user1, session: session1 } = await createUserAndSession(1);
await models().user().save({ id: user1.id, can_upload: 0 });
await expectHttpError(
async () => createNote(session1.id, {
id: '00000000000000000000000000000001',
body: '12345',
}),
ErrorForbidden.httpCode
);
});
}); });

4
packages/server/src/routes/api/items.ts
View File

@ -5,7 +5,7 @@ import Router from '../../utils/Router';
import { RouteType } from '../../utils/types'; import { RouteType } from '../../utils/types';
import { AppContext } from '../../utils/types'; import { AppContext } from '../../utils/types';
import * as fs from 'fs-extra'; import * as fs from 'fs-extra';
import { ErrorMethodNotAllowed, ErrorNotFound } from '../../utils/errors'; import { ErrorForbidden, ErrorMethodNotAllowed, ErrorNotFound } from '../../utils/errors';
import ItemModel, { ItemSaveOption } from '../../models/ItemModel'; import ItemModel, { ItemSaveOption } from '../../models/ItemModel';
import { requestDeltaPagination, requestPagination } from '../../models/utils/pagination'; import { requestDeltaPagination, requestPagination } from '../../models/utils/pagination';
import { AclAction } from '../../models/BaseModel'; import { AclAction } from '../../models/BaseModel';
@ -66,6 +66,8 @@ router.get('api/items/:id/content', async (path: SubPath, ctx: AppContext) => {
}); });
router.put('api/items/:id/content', async (path: SubPath, ctx: AppContext) => { router.put('api/items/:id/content', async (path: SubPath, ctx: AppContext) => {
if (!ctx.owner.can_upload) throw new ErrorForbidden('Uploading content is disabled');
const itemModel = ctx.models.item(); const itemModel = ctx.models.item();
const name = itemModel.pathToName(path.id); const name = itemModel.pathToName(path.id);
const parsedBody = await formParse(ctx.req); const parsedBody = await formParse(ctx.req);