lee/puter
1
0
Fork 0
mirror of https://github.com/HeyPuter/puter.git synced 2026-05-04 00:20:45 +00:00
Code Issues Actions 8 Packages Projects Releases Wiki Activity

add extra permission check for granted apps (#2503)

Browse Source
This commit is contained in:
Neal Shah
2026-02-17 01:29:54 -05:00
committed by GitHub
parent 00befdc192
commit 562671e498
1 changed files with 5 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files
extensions/app-telemetry/app-user-count.ts
+5 -1
View File
@@ -1,7 +1,8 @@
const { Eq } = extension.import('query');
const { db } = extension.import('data');
const { APIError } = extension.import('core');
const { APIError, Context } = extension.import('core');
const app_es = extension.import('service:es:app') as any;
const svc_permission = extension.import('service:permission') as any;
const DEFAULT_LIMIT = 100;
const MAX_LIMIT = 1000;
@@ -98,6 +99,9 @@ extension.on('create.drivers', event => {
if ( ! result ) {
throw APIError.create('permission_denied');
}
if ( ! (await svc_permission.check(Context.get('actor'), `apps-of-user:${result.values_.owner.uuid}:write`, { no_cache: true })) ) {
throw APIError.create('permission_denied');
}
// Fetch and return users
const users: Array<{ username: string, uuid: string }> = await db.read(`SELECT user.username, user.uuid FROM user_to_app_permissions