CartoDB-SQL-API/app/middlewares/access-validator.js

'use strict';

const pgEntitiesAccessValidator = require('../services/pg-entities-access-validator');

module.exports = function accessValidator () {
    return function accessValidatorMiddleware (req, res, next) {
        const { affectedTables, authorizationLevel } = res.locals;

        if(!pgEntitiesAccessValidator.validate(affectedTables, authorizationLevel)) {
            const error = new SyntaxError('system tables are forbidden');
            error.http_status = 403;

            return next(error);
        }

        return next();
    };
};
Extract access validator middleware 2019-07-27 00:05:47 +08:00			`'use strict';`

			`const pgEntitiesAccessValidator = require('../services/pg-entities-access-validator');`

			`module.exports = function accessValidator () {`
			`return function accessValidatorMiddleware (req, res, next) {`
			`const { affectedTables, authorizationLevel } = res.locals;`

			`if(!pgEntitiesAccessValidator.validate(affectedTables, authorizationLevel)) {`
			`const error = new SyntaxError('system tables are forbidden');`
			`error.http_status = 403;`

			`return next(error);`
			`}`

			`return next();`
			`};`
			`};`