@axium/server 0.35.0 → 0.35.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/auth.js +5 -4
- package/package.json +1 -1
package/dist/auth.js
CHANGED
|
@@ -132,16 +132,17 @@ export async function authSessionForItem(itemType, itemId, permissions, session)
|
|
|
132
132
|
fromACL: false,
|
|
133
133
|
};
|
|
134
134
|
if (!session || !user)
|
|
135
|
-
error(
|
|
135
|
+
error(401, 'Item is not public');
|
|
136
136
|
if (user.isSuspended)
|
|
137
137
|
error(403, 'User is suspended');
|
|
138
138
|
if (userId == item.userId)
|
|
139
139
|
return result;
|
|
140
140
|
result.fromACL = true;
|
|
141
141
|
if (!item.acl || !item.acl.length)
|
|
142
|
-
error(403, '
|
|
143
|
-
|
|
144
|
-
|
|
142
|
+
error(403, 'Item is not shared with you');
|
|
143
|
+
const missing = Array.from(acl.check(item.acl, permissions));
|
|
144
|
+
if (missing.length)
|
|
145
|
+
error(403, 'Missing permissions: ' + missing.join(', '));
|
|
145
146
|
return result;
|
|
146
147
|
}
|
|
147
148
|
/**
|