WARNING: THIS SITE IS A MIRROR OF GITHUB.COM / IT CANNOT LOGIN OR REGISTER ACCOUNTS / THE CONTENTS ARE PROVIDED AS-IS / THIS SITE ASSUMES NO RESPONSIBILITY FOR ANY DISPLAYED CONTENT OR LINKS / IF YOU FOUND SOMETHING MAY NOT GOOD FOR EVERYONE, CONTACT ADMIN AT ilovescratch@foxmail.com
Skip to content

Commit ef01da2

Browse files
yaroslav8765yaroslav8765
committed
fix: enhance error messaging for file URL retrieval and add permission checks for download actions
1 parent abf7ee3 commit ef01da2

File tree

2 files changed

+13
-9
lines changed

2 files changed

+13
-9
lines changed

custom/uploader.vue

Lines changed: 2 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -141,12 +141,12 @@ onMounted(async () => {
141141
});
142142
if (resp.error) {
143143
adminforth.alert({
144-
message: t('Error getting file url'),
144+
message: t('Error getting file url for firld {field}:', { field: props.meta.pathColumnName }),
145145
variant: 'danger'
146146
});
147147
return;
148148
}
149-
const filename = resp.url.split('/').pop()?.split('?')[0] || `file`;
149+
const filename = resp.url.split('/').pop()?.split('?')[0] || `file`;
150150
const filenameParts = filename.split('.');
151151
const extension = filenameParts.length > 1 ? filenameParts.pop() : '';
152152
const nameWithoutExt = filenameParts.join('.');
@@ -158,9 +158,6 @@ onMounted(async () => {
158158
const res = await fetch(resp.url);
159159
const fileBlob = await res.blob();
160160
const file = new File([fileBlob], newFileName, { type: fileBlob.type });
161-
if (!file) {
162-
return;
163-
}
164161
onFileChange({
165162
target: {
166163
files: [file],

index.ts

Lines changed: 11 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -3,6 +3,8 @@ import { PluginOptions } from './types.js';
33
import { AdminForthPlugin, AdminForthResourceColumn, AdminForthResource, Filters, IAdminForth, IHttpServer, suggestIfTypo } from "adminforth";
44
import { Readable } from "stream";
55
import { RateLimiter } from "adminforth";
6+
import { interpretResource } from 'adminforth';
7+
import { ActionCheckSource } from 'adminforth';
68

79
const ADMINFORTH_NOT_YET_USED_TAG = 'adminforth-candidate-for-cleanup';
810

@@ -436,11 +438,16 @@ export default class UploadPlugin extends AdminForthPlugin {
436438
if (!filePath) {
437439
return { error: 'Missing filePath' };
438440
}
439-
const url = await this.options.storageAdapter.getDownloadUrl(filePath, 1800);
441+
const allowedActions = await interpretResource( adminUser, this.resourceConfig, '', ActionCheckSource.CustomActionRequest, this.adminforth )
442+
console.log('allowedActions', allowedActions);
443+
if (allowedActions.allowedActions.create === true || allowedActions.allowedActions.edit === true) {
444+
const url = await this.options.storageAdapter.getDownloadUrl(filePath, 1800);
440445

441-
return {
442-
url,
443-
};
446+
return {
447+
url,
448+
};
449+
}
450+
return { error: 'You do not have permission to download this file' };
444451
},
445452
});
446453

0 commit comments

Comments
 (0)