@apolitical/server 2.4.0 → 2.4.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/CHANGELOG.md
CHANGED
|
@@ -5,6 +5,14 @@ All notable changes to this project will be documented in this file.
|
|
|
5
5
|
The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
|
|
6
6
|
and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
|
|
7
7
|
|
|
8
|
+
## [2.4.2] - 2022-03-03
|
|
9
|
+
### Bumped
|
|
10
|
+
- Version number for testing
|
|
11
|
+
|
|
12
|
+
## [2.4.1] - 2022-03-02
|
|
13
|
+
### Changed
|
|
14
|
+
- Update authorisation middleware to include req.user check in cases where we would like to protect endpoints
|
|
15
|
+
|
|
8
16
|
## [2.4.0] - 2022-02-22
|
|
9
17
|
### Added
|
|
10
18
|
- User slug to error logs as metadata
|
package/package.json
CHANGED
package/src/config.js
CHANGED
|
@@ -20,7 +20,9 @@ module.exports = ({ logger, serverError: { Forbidden }, config }) => {
|
|
|
20
20
|
}
|
|
21
21
|
// Check permissions and prevent unauthorised requests
|
|
22
22
|
let unauthorised = false;
|
|
23
|
-
if (!allowNonAdmin &&
|
|
23
|
+
if (!allowNonAdmin && !req.user) {
|
|
24
|
+
unauthorised = true;
|
|
25
|
+
} else if (!allowNonAdmin && isNotAdmin && isNotMyselfSlug) {
|
|
24
26
|
unauthorised = true;
|
|
25
27
|
} else if (!allowNonAdmin && isNotAdmin && !myselfSource) {
|
|
26
28
|
unauthorised = true;
|