From a06186ede054e95c647bc30fa6e015923be8c822 Mon Sep 17 00:00:00 2001 From: Dan Gowans Date: Tue, 22 Nov 2022 15:00:10 -0500 Subject: [PATCH] check if prints are allowed --- handlers/print-get/pdf.js | 5 +++++ handlers/print-get/pdf.ts | 10 ++++++++++ handlers/print-get/screen.js | 4 ++-- handlers/print-get/screen.ts | 4 ++-- 4 files changed, 19 insertions(+), 4 deletions(-) diff --git a/handlers/print-get/pdf.js b/handlers/print-get/pdf.js index c4d52a3c..05c1c075 100644 --- a/handlers/print-get/pdf.js +++ b/handlers/print-get/pdf.js @@ -9,6 +9,11 @@ import camelcase from "camelcase"; const attachmentOrInline = configFunctions.getProperty("settings.printPdf.contentDisposition"); export const handler = async (request, response, next) => { const printName = request.params.printName; + if (!configFunctions.getProperty("settings.lotOccupancy.prints").includes("pdf/" + printName) && + !configFunctions.getProperty("settings.workOrders.prints").includes("pdf/" + printName)) { + return response.redirect(configFunctions.getProperty("reverseProxy.urlPrefix") + + "/dashboard/?error=printConfigNotAllowed"); + } const printConfig = getPdfPrintConfig(printName); if (!printConfig) { return response.redirect(configFunctions.getProperty("reverseProxy.urlPrefix") + diff --git a/handlers/print-get/pdf.ts b/handlers/print-get/pdf.ts index 7bfa2f38..98f07464 100644 --- a/handlers/print-get/pdf.ts +++ b/handlers/print-get/pdf.ts @@ -17,6 +17,16 @@ const attachmentOrInline = configFunctions.getProperty("settings.printPdf.conten export const handler: RequestHandler = async (request, response, next) => { const printName = request.params.printName; + if ( + !configFunctions.getProperty("settings.lotOccupancy.prints").includes("pdf/" + printName) && + !configFunctions.getProperty("settings.workOrders.prints").includes("pdf/" + printName) + ) { + return response.redirect( + configFunctions.getProperty("reverseProxy.urlPrefix") + + "/dashboard/?error=printConfigNotAllowed" + ); + } + const printConfig = getPdfPrintConfig(printName); if (!printConfig) { diff --git a/handlers/print-get/screen.js b/handlers/print-get/screen.js index b93a3390..ccc264de 100644 --- a/handlers/print-get/screen.js +++ b/handlers/print-get/screen.js @@ -2,8 +2,8 @@ import * as configFunctions from "../../helpers/functions.config.js"; import { getReportData, getScreenPrintConfig } from "../../helpers/functions.print.js"; export const handler = (request, response) => { const printName = request.params.printName; - if (!configFunctions.getProperty("settings.lotOccupancy.prints").includes(printName) && - !configFunctions.getProperty("settings.workOrders.prints").includes(printName)) { + if (!configFunctions.getProperty("settings.lotOccupancy.prints").includes("screen/" + printName) && + !configFunctions.getProperty("settings.workOrders.prints").includes("screen/" + printName)) { return response.redirect(configFunctions.getProperty("reverseProxy.urlPrefix") + "/dashboard/?error=printConfigNotAllowed"); } diff --git a/handlers/print-get/screen.ts b/handlers/print-get/screen.ts index a1f5c1bb..3c4dce64 100644 --- a/handlers/print-get/screen.ts +++ b/handlers/print-get/screen.ts @@ -7,8 +7,8 @@ export const handler: RequestHandler = (request, response) => { const printName = request.params.printName; if ( - !configFunctions.getProperty("settings.lotOccupancy.prints").includes(printName) && - !configFunctions.getProperty("settings.workOrders.prints").includes(printName) + !configFunctions.getProperty("settings.lotOccupancy.prints").includes("screen/" + printName) && + !configFunctions.getProperty("settings.workOrders.prints").includes("screen/" + printName) ) { return response.redirect( configFunctions.getProperty("reverseProxy.urlPrefix") +