TryGhost/Ghost
1
0
Fork 0
mirror of https://github.com/TryGhost/Ghost.git synced 2025-01-03 00:15:11 +03:00
Code Issues Projects Releases Wiki Activity

Fixed unsafeAttributes fetching in Admin API v2

Browse Source 
no issue

- This check was misside and only was implemented for canary.
This commit is contained in:
Nazar Gargol 2019-10-09 21:16:27 +02:00
parent 27e77dda80
commit 4a10ddc8fa
1 changed files with 6 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
core/server/api/v2/utils/permissions.js
View File

@ -26,7 +26,12 @@ const nonePublicAuth = (apiConfig, frame) => {
permissionIdentifier = apiConfig.identifier(frame);
}
const unsafeAttrObject = apiConfig.unsafeAttrs && _.has(frame, `data.[${apiConfig.docName}][0]`) ? _.pick(frame.data[apiConfig.docName][0], apiConfig.unsafeAttrs) : {};
let unsafeAttrObject = apiConfig.unsafeAttrs && _.has(frame, `data.[${apiConfig.docName}][0]`) ? _.pick(frame.data[apiConfig.docName][0], apiConfig.unsafeAttrs) : {};
if (apiConfig.unsafeAttrsObject) {
unsafeAttrObject = apiConfig.unsafeAttrsObject(frame);
}
const permsPromise = permissions.canThis(frame.options.context)[apiConfig.method][singular](permissionIdentifier, unsafeAttrObject);
return permsPromise.then((result) => {