CartoDB-SQL-API/lib/api/middlewares/access-validator.js

'use strict';

const pgEntitiesAccessValidator = require('../../services/pg-entities-access-validator');

module.exports = function accessValidator () {
    return function accessValidatorMiddleware (req, res, next) {
        const { affectedTables, authorizationLevel } = res.locals;

        if(!pgEntitiesAccessValidator.validate(affectedTables, authorizationLevel)) {
            const error = new SyntaxError('system tables are forbidden');
            error.http_status = 403;

            return next(error);
        }

        return next();
    };
};
Extract access validator middleware 2019-07-27 00:05:47 +08:00			`'use strict';`

Changed folder structure to reflect application functionallity. Renamed files using hyphens instead of underscore to have a more consistent naming across the whole project 2019-10-04 00:24:39 +08:00			`const pgEntitiesAccessValidator = require('../../services/pg-entities-access-validator');`
Extract access validator middleware 2019-07-27 00:05:47 +08:00
			`module.exports = function accessValidator () {`
			`return function accessValidatorMiddleware (req, res, next) {`
			`const { affectedTables, authorizationLevel } = res.locals;`

			`if(!pgEntitiesAccessValidator.validate(affectedTables, authorizationLevel)) {`
			`const error = new SyntaxError('system tables are forbidden');`
			`error.http_status = 403;`

			`return next(error);`
			`}`

			`return next();`
			`};`
			`};`