Skip to content

Commit 411802e

Browse files
committed
fix: check update page access using original page path
1 parent 3f5388d commit 411802e

File tree

1 file changed

+10
-2
lines changed

1 file changed

+10
-2
lines changed

Diff for: server/models/pages.js

+10-2
Original file line numberDiff line numberDiff line change
@@ -371,8 +371,8 @@ module.exports = class Page extends Model {
371371

372372
// -> Check for page access
373373
if (!WIKI.auth.checkAccess(opts.user, ['write:pages'], {
374-
locale: opts.locale,
375-
path: opts.path
374+
locale: ogPage.localeCode,
375+
path: ogPage.path
376376
})) {
377377
throw new WIKI.Error.PageUpdateForbidden()
378378
}
@@ -456,6 +456,14 @@ module.exports = class Page extends Model {
456456

457457
// -> Perform move?
458458
if ((opts.locale && opts.locale !== page.localeCode) || (opts.path && opts.path !== page.path)) {
459+
// -> Check target path access
460+
if (!WIKI.auth.checkAccess(opts.user, ['write:pages'], {
461+
locale: opts.locale,
462+
path: opts.path
463+
})) {
464+
throw new WIKI.Error.PageMoveForbidden()
465+
}
466+
459467
await WIKI.models.pages.movePage({
460468
id: page.id,
461469
destinationLocale: opts.locale,

0 commit comments

Comments
 (0)