Dockery/Trilium
1
0
Fork 0
mirror of https://github.com/zadam/trilium.git synced 2025-11-03 20:06:08 +01:00
Code Issues Packages Projects Releases Activity

don't allow patching relation's value in ETAPI #3998

Browse Source
This commit is contained in:
zadam
2023-06-03 00:21:46 +02:00
parent af67cf64b1
commit c4f69fd9cb
1 changed files with 10 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
src/etapi/attributes.js
View File

@@ -40,19 +40,25 @@ function register(router) {
} }
}); });
const ALLOWED_PROPERTIES_FOR_PATCH = { const ALLOWED_PROPERTIES_FOR_PATCH_LABEL = {
'value': [v.notNull, v.isString], 'value': [v.notNull, v.isString],
'position': [v.notNull, v.isInteger] 'position': [v.notNull, v.isInteger]
}; };
const ALLOWED_PROPERTIES_FOR_PATCH_RELATION = {
'position': [v.notNull, v.isInteger]
};
eu.route(router, 'patch' ,'/etapi/attributes/:attributeId', (req, res, next) => { eu.route(router, 'patch' ,'/etapi/attributes/:attributeId', (req, res, next) => {
const attribute = eu.getAndCheckAttribute(req.params.attributeId); const attribute = eu.getAndCheckAttribute(req.params.attributeId);
if (attribute.type === 'relation') { if (attribute.type === 'label') {
eu.validateAndPatch(attribute, req.body, ALLOWED_PROPERTIES_FOR_PATCH_LABEL);
} else if (attribute.type === 'relation') {
eu.getAndCheckNote(req.body.value); eu.getAndCheckNote(req.body.value);
}
eu.validateAndPatch(attribute, req.body, ALLOWED_PROPERTIES_FOR_PATCH); eu.validateAndPatch(attribute, req.body, ALLOWED_PROPERTIES_FOR_PATCH_RELATION);
}
attribute.save(); attribute.save();