OilfieldToolsNet/shlink
4
0
Fork 0
mirror of https://github.com/shlinkio/shlink.git synced 2025-02-25 18:45:27 -06:00
Code Issues Packages Projects Releases Wiki Activity

Add ApiKey check to tell if it has any role that is short-url restrictive

Browse Source
This commit is contained in:
Alejandro Celaya
2023-05-30 09:32:44 +02:00
parent 8b03532ddb
commit 12da04ef37
4 changed files with 20 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
module/Core/src/Tag/Repository/TagRepository.php
View File

@@ -59,8 +59,8 @@ class TagRepository extends EntitySpecificationRepository implements TagReposito
default => $qb,
});
// For admins and when no API key is present, we'll return tags which are not linked to any short URL
$joiningMethod = ApiKey::isAdmin($apiKey) ? 'leftJoin' : 'join';
// For non-restricted API keys, we'll return tags which are not linked to any short URL
$joiningMethod = ! ApiKey::isShortUrlRestricted($apiKey) ? 'leftJoin' : 'join';
$tagsSubQb = $conn->createQueryBuilder();
$tagsSubQb
->select('t.id AS tag_id', 't.name AS tag', 'COUNT(DISTINCT s.id) AS short_urls_count')

4
module/Core/src/Tag/TagService.php
View File

@@ -59,7 +59,7 @@ class TagService implements TagServiceInterface
*/
public function deleteTags(array $tagNames, ?ApiKey $apiKey = null): void
{
if (! ApiKey::isAdmin($apiKey)) {
if (ApiKey::isShortUrlRestricted($apiKey)) {
throw ForbiddenTagOperationException::forDeletion();
}
@@ -75,7 +75,7 @@ class TagService implements TagServiceInterface
*/
public function renameTag(TagRenaming $renaming, ?ApiKey $apiKey = null): Tag
{
if (! ApiKey::isAdmin($apiKey)) {
if (ApiKey::isShortUrlRestricted($apiKey)) {
throw ForbiddenTagOperationException::forRenaming();
}