fix: putting schema related endpoints behind schema permission and add tests

2026-03-17 04:46:05 +00:00 · 2025-12-02 08:53:49 +01:00
parent 8f4de33a76
commit 319469f44b
7 changed files with 276 additions and 25 deletions
--- a/app/src/data/api/DataController.ts
+++ b/app/src/data/api/DataController.ts
@@ -96,6 +96,9 @@ export class DataController extends Controller {
      // read entity schema
      hono.get(
         "/schema.json",
+         permission(SystemPermissions.schemaRead, {
+            context: (_c) => ({ module: "data" }),
+         }),
         permission(DataPermissions.entityRead, {
            context: (c) => ({ entity: c.req.param("entity") }),
         }),
@@ -124,6 +127,9 @@ export class DataController extends Controller {
      // read schema
      hono.get(
         "/schemas/:entity/:context?",
+         permission(SystemPermissions.schemaRead, {
+            context: (_c) => ({ module: "data" }),
+         }),
         permission(DataPermissions.entityRead, {
            context: (c) => ({ entity: c.req.param("entity") }),
         }),
@@ -161,7 +167,7 @@ export class DataController extends Controller {
      hono.get(
         "/types",
         permission(SystemPermissions.schemaRead, {
-            context: (c) => ({ module: "data" }),
+            context: (_c) => ({ module: "data" }),
         }),
         describeRoute({
            summary: "Retrieve data typescript definitions",
@@ -182,6 +188,9 @@ export class DataController extends Controller {
       */
      hono.get(
         "/info/:entity",
+         permission(SystemPermissions.schemaRead, {
+            context: (_c) => ({ module: "data" }),
+         }),
         permission(DataPermissions.entityRead, {
            context: (c) => ({ entity: c.req.param("entity") }),
         }),