mirror of
https://github.com/hedgedoc/hedgedoc.git
synced 2024-11-27 03:58:02 -05:00
NotesService: Check if note alias is forbidden
If the note alias is forbidden return a BadRequest. Signed-off-by: Philip Molares <philip.molares@udo.edu>
This commit is contained in:
parent
cbc88fd315
commit
9b25f401f7
2 changed files with 47 additions and 0 deletions
|
@ -21,6 +21,7 @@ import {
|
|||
} from '@nestjs/common';
|
||||
import {
|
||||
AlreadyInDBError,
|
||||
ForbiddenIdError,
|
||||
NotInDBError,
|
||||
PermissionsUpdateInconsistentError,
|
||||
} from '../../../errors/errors';
|
||||
|
@ -86,6 +87,9 @@ export class NotesController {
|
|||
if (e instanceof NotInDBError) {
|
||||
throw new NotFoundException(e.message);
|
||||
}
|
||||
if (e instanceof ForbiddenIdError) {
|
||||
throw new BadRequestException(e.message);
|
||||
}
|
||||
throw e;
|
||||
}
|
||||
if (!this.permissionsService.mayRead(req.user, note)) {
|
||||
|
@ -114,6 +118,9 @@ export class NotesController {
|
|||
if (e instanceof AlreadyInDBError) {
|
||||
throw new BadRequestException(e.message);
|
||||
}
|
||||
if (e instanceof ForbiddenIdError) {
|
||||
throw new BadRequestException(e.message);
|
||||
}
|
||||
throw e;
|
||||
}
|
||||
}
|
||||
|
@ -137,6 +144,9 @@ export class NotesController {
|
|||
if (e instanceof NotInDBError) {
|
||||
throw new NotFoundException(e.message);
|
||||
}
|
||||
if (e instanceof ForbiddenIdError) {
|
||||
throw new BadRequestException(e.message);
|
||||
}
|
||||
throw e;
|
||||
}
|
||||
}
|
||||
|
@ -161,6 +171,9 @@ export class NotesController {
|
|||
if (e instanceof NotInDBError) {
|
||||
throw new NotFoundException(e.message);
|
||||
}
|
||||
if (e instanceof ForbiddenIdError) {
|
||||
throw new BadRequestException(e.message);
|
||||
}
|
||||
throw e;
|
||||
}
|
||||
}
|
||||
|
@ -182,6 +195,9 @@ export class NotesController {
|
|||
if (e instanceof NotInDBError) {
|
||||
throw new NotFoundException(e.message);
|
||||
}
|
||||
if (e instanceof ForbiddenIdError) {
|
||||
throw new BadRequestException(e.message);
|
||||
}
|
||||
throw e;
|
||||
}
|
||||
}
|
||||
|
@ -205,6 +221,9 @@ export class NotesController {
|
|||
if (e instanceof PermissionsUpdateInconsistentError) {
|
||||
throw new BadRequestException(e.message);
|
||||
}
|
||||
if (e instanceof ForbiddenIdError) {
|
||||
throw new BadRequestException(e.message);
|
||||
}
|
||||
throw e;
|
||||
}
|
||||
}
|
||||
|
@ -228,6 +247,9 @@ export class NotesController {
|
|||
if (e instanceof NotInDBError) {
|
||||
throw new NotFoundException(e.message);
|
||||
}
|
||||
if (e instanceof ForbiddenIdError) {
|
||||
throw new BadRequestException(e.message);
|
||||
}
|
||||
throw e;
|
||||
}
|
||||
}
|
||||
|
@ -253,6 +275,9 @@ export class NotesController {
|
|||
if (e instanceof NotInDBError) {
|
||||
throw new NotFoundException(e.message);
|
||||
}
|
||||
if (e instanceof ForbiddenIdError) {
|
||||
throw new BadRequestException(e.message);
|
||||
}
|
||||
throw e;
|
||||
}
|
||||
}
|
||||
|
@ -276,6 +301,9 @@ export class NotesController {
|
|||
if (e instanceof NotInDBError) {
|
||||
throw new NotFoundException(e.message);
|
||||
}
|
||||
if (e instanceof ForbiddenIdError) {
|
||||
throw new BadRequestException(e.message);
|
||||
}
|
||||
throw e;
|
||||
}
|
||||
}
|
||||
|
|
|
@ -9,6 +9,7 @@ import { InjectRepository } from '@nestjs/typeorm';
|
|||
import { Repository } from 'typeorm';
|
||||
import {
|
||||
AlreadyInDBError,
|
||||
ForbiddenIdError,
|
||||
NotInDBError,
|
||||
PermissionsUpdateInconsistentError,
|
||||
} from '../errors/errors';
|
||||
|
@ -91,6 +92,15 @@ export class NotesService {
|
|||
]);
|
||||
if (alias) {
|
||||
newNote.alias = alias;
|
||||
if (this.appConfig.forbiddenNoteIds.includes(alias)) {
|
||||
this.logger.debug(
|
||||
`Creating a note with the alias '${alias}' is forbidden by the administrator.`,
|
||||
'createNote',
|
||||
);
|
||||
throw new ForbiddenIdError(
|
||||
`Creating a note with the alias '${alias}' is forbidden by the administrator.`,
|
||||
);
|
||||
}
|
||||
}
|
||||
if (owner) {
|
||||
newNote.historyEntries = [HistoryEntry.create(owner)];
|
||||
|
@ -151,6 +161,15 @@ export class NotesService {
|
|||
`Trying to find note '${noteIdOrAlias}'`,
|
||||
'getNoteByIdOrAlias',
|
||||
);
|
||||
if (this.appConfig.forbiddenNoteIds.includes(noteIdOrAlias)) {
|
||||
this.logger.debug(
|
||||
`Accessing a note with the alias '${noteIdOrAlias}' is forbidden by the administrator.`,
|
||||
'getNoteByIdOrAlias',
|
||||
);
|
||||
throw new ForbiddenIdError(
|
||||
`Accessing a note with the alias '${noteIdOrAlias}' is forbidden by the administrator.`,
|
||||
);
|
||||
}
|
||||
const note = await this.noteRepository.findOne({
|
||||
where: [
|
||||
{
|
||||
|
|
Loading…
Reference in a new issue