chore: dashboard guard added into pipeline create method

ignavan39 · Mar 5, 2023 · 3eac838 · 3eac838
1 parent 90b10f5
commit 3eac838
Show file tree

Hide file tree

Showing 2 changed files with 5 additions and 12 deletions.
diff --git a/src/dashboard/guards/dashboard-permission.guard.ts b/src/dashboard/guards/dashboard-permission.guard.ts
@@ -13,7 +13,10 @@ export const DashboardPermissionGuard = (type?: PermissionType) => {
 				throw new UnauthorizedException();
 			}
 
-			const dashboardId = request.params.id ?? request.params.dashboardId;
+			const dashboardId = request.params.id ?? request.params.dashboardId ?? request.body?.dashboardId;
+			if (!dashboardId) {
+				return false;
+			}
 			const permission = await this.repository.findOne({
 				where: {
 					userId: user.id,

diff --git a/src/pipeline/pipeline.controller.ts b/src/pipeline/pipeline.controller.ts
@@ -30,19 +30,9 @@ export class PipelineController {
 		@InjectRepository(Permission) private readonly permissionRepository: Repository<Permission>,
 	) {}
 
+	@UseGuards(DashboardPermissionGuard(PermissionType.Admin))
 	@Post('/create')
 	async create(@Body() args: CreatePipelineDto) {
-		const permission = await this.permissionRepository
-			.createQueryBuilder('p')
-			.innerJoin('p.dashboard', 'd', 'd.id = p.dashboard_id')
-			.where('d.id =:id', { id: args.dashboardId })
-			.andWhere('p.type =:type', { type: PermissionType.Admin })
-			.getOne();
-
-		if (!permission) {
-			throw new ForbiddenException();
-		}
-
 		const pipelines = await this.repository.find({
 			where: {
 				dashboardId: args.dashboardId,