chk
/
AppFlowy-Cloud
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fix: add validation to to list database row details endpoint (#1055)

This commit is contained in:
Bartosz Sypytkowski 2024-12-09 08:22:17 +01:00 committed by GitHub
parent b1ef53435f
commit ce086217fd
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 15 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
src/api/workspace.rs
View File

@ -1985,6 +1985,21 @@ async fn list_database_row_details_handler(
let list_db_row_query = param.into_inner();
let row_ids = list_db_row_query.into_ids();
if let Err(e) = Uuid::parse_str(&workspace_id) {
return Err(
AppError::InvalidRequest(format!("invalid workspace id `{}`: {}", db_id, e)).into(),
);
}
if let Err(e) = Uuid::parse_str(&db_id) {
return Err(AppError::InvalidRequest(format!("invalid database id `{}`: {}", db_id, e)).into());
}
for id in row_ids.iter() {
if let Err(e) = Uuid::parse_str(id) {
return Err(AppError::InvalidRequest(format!("invalid row id `{}`: {}", id, e)).into());
}
}
state
.workspace_access_control
.enforce_action(&uid, &workspace_id, Action::Read)