Lucas Aymon
1 month ago
committed by
GitHub
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
2 changed files with
13 additions and
0 deletions
-
server/graph/resolvers/asset.js
-
server/helpers/error.js
|
|
|
@ -55,6 +55,15 @@ module.exports = { |
|
|
|
parentId: parentFolderId, |
|
|
|
slug: folderSlug |
|
|
|
}).first() |
|
|
|
|
|
|
|
const hierarchy = parentFolderId ? await WIKI.models.assetFolders.getHierarchy(parentFolderId) : [] |
|
|
|
|
|
|
|
// Check target folder permissions
|
|
|
|
const folderTargetPath = parentFolderId ? hierarchy.map(h => h.slug).join('/') + `/${folderSlug}` : folderSlug |
|
|
|
if (!WIKI.auth.checkAccess(context.req.user, ['write:assets'], { path: folderTargetPath })) { |
|
|
|
throw new WIKI.Error.AssetCreateFolderForbidden() |
|
|
|
} |
|
|
|
|
|
|
|
if (!result) { |
|
|
|
await WIKI.models.assetFolders.query().insert({ |
|
|
|
slug: folderSlug, |
|
|
|
|
|
|
|
@ -1,6 +1,10 @@ |
|
|
|
const CustomError = require('custom-error-instance') |
|
|
|
|
|
|
|
module.exports = { |
|
|
|
AssetCreateFolderForbidden: CustomError('AssetCreateFolderForbidden', { |
|
|
|
message: 'You are not authorized to create this folder.', |
|
|
|
code: 2010 |
|
|
|
}), |
|
|
|
AssetDeleteForbidden: CustomError('AssetDeleteForbidden', { |
|
|
|
message: 'You are not authorized to delete this asset.', |
|
|
|
code: 2003 |
|
|
|
|
