clone/nocodb
1
0
Fork 0
mirror of https://github.com/nocodb/nocodb.git synced 2026-04-25 02:35:12 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #12027 from nocodb/nc-fix/api-v3-base

Browse Source 
fix: define proper scope
This commit is contained in:
Pranav C
2025-08-05 15:03:49 +05:30
committed by GitHub
parent 9ab2c51ee5 bfe8affe56
commit 725fa4d851
2 changed files with 9 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
packages/nocodb/src/controllers/v3/bases-v3.controller.ts
View File

@@ -18,14 +18,19 @@ import { MetaApiLimiterGuard } from '~/guards/meta-api-limiter.guard';
import { TenantContext } from '~/decorators/tenant-context.decorator';
import { NcContext, NcRequest } from '~/interface/config';
import { BasesV3Service } from '~/services/v3/bases-v3.service';
import { isEE } from '~/utils';
// decide scope based on whether it's EE or CE
const BASE_SCOPE = isEE ? 'workspace' : 'org';
@UseGuards(MetaApiLimiterGuard, GlobalGuard)
@Controller()
export class BasesV3Controller {
constructor(protected readonly baseV3Service: BasesV3Service) {}
@Acl('baseList', {
scope: 'org',
// decide permission name based on whether it's EE or CE
@Acl(isEE ? 'workspaceBaseList' : 'baseList', {
scope: BASE_SCOPE,
})
@Get('/api/v3/meta/workspaces/:workspaceId/bases')
async list(
@@ -91,7 +96,7 @@ export class BasesV3Controller {
}
@Acl('baseCreate', {
scope: 'org',
scope: BASE_SCOPE,
})
@HttpCode(200)
@Post('/api/v3/meta/workspaces/:workspaceId/bases')

4
packages/nocodb/tests/unit/rest/tests/metaApiV3/error-handling/base.test.ts
View File

@@ -62,9 +62,7 @@ export default function () {
if (isEE) {
expect(result.body.error).to.eq('FORBIDDEN');
expect(
result.body.message.startsWith(
'Forbidden - You do not have permission to perform the action "baseCreate" ',
),
result.body.message.startsWith('Forbidden - Unauthorized access'),
).to.eq(true);
} else {
expect(result.body.error).to.eq('PERMISSION_DENIED');