fix: property validation on some permission endpoints

This commit is contained in:
KernelDeimos
2024-07-04 16:42:17 -04:00
parent dcbca2f829
commit 0855f2b36e
2 changed files with 12 additions and 0 deletions
@@ -44,6 +44,12 @@ module.exports = eggspress('/auth/grant-user-app', {
throw APIError.create('field_missing', null, { key: 'app_uid' });
}
if ( ! req.body.permission ) {
throw APIError.create('field_missing', null, {
key: 'permission'
});
}
const token = await svc_permission.grant_user_app_permission(
actor, req.body.app_uid, req.body.permission,
req.body.extra || {}, req.body.meta || {}
@@ -21,6 +21,12 @@ module.exports = eggspress('/auth/grant-user-user', {
throw APIError.create('field_missing', null, { key: 'target_username' });
}
if ( ! req.body.permission ) {
throw APIError.create('field_missing', null, {
key: 'permission'
});
}
await svc_permission.grant_user_user_permission(
actor, req.body.target_username, req.body.permission,
req.body.extra || {}, req.body.meta || {}