From e7ec197da12335dff12d521be4ef12c1073e92ea Mon Sep 17 00:00:00 2001 From: Naz Date: Mon, 20 Sep 2021 19:11:16 +0200 Subject: [PATCH] Removed duplicate logic from settings edit permissions stage refs https://github.com/TryGhost/Team/issues/694 refs https://linear.app/tryghost/issue/CORE-13 - The removed logic is done more thoroughly on the settings BREAD service layer. --- core/server/api/canary/settings.js | 12 ------------ .../services/settings/settings-bread-service.js | 1 + 2 files changed, 1 insertion(+), 12 deletions(-) diff --git a/core/server/api/canary/settings.js b/core/server/api/canary/settings.js index 3a9607ed8b..7a2f7bf073 100644 --- a/core/server/api/canary/settings.js +++ b/core/server/api/canary/settings.js @@ -193,18 +193,6 @@ module.exports = { permissions: { unsafeAttrsObject(frame) { return _.find(frame.data.settings, {key: 'labs'}); - }, - async before(frame) { - if (frame.options.context && frame.options.context.internal) { - return; - } - - const firstCoreSetting = frame.data.settings.find(setting => setting.group === 'core'); - if (firstCoreSetting) { - throw new NoPermissionError({ - message: i18n.t('errors.api.settings.accessCoreSettingFromExtReq') - }); - } } }, async query(frame) { diff --git a/core/server/services/settings/settings-bread-service.js b/core/server/services/settings/settings-bread-service.js index 80b1f076cc..a1857cb6a6 100644 --- a/core/server/services/settings/settings-bread-service.js +++ b/core/server/services/settings/settings-bread-service.js @@ -116,6 +116,7 @@ class SettingsBREADService { if (!(options.context && options.context.internal)) { const firstCoreSetting = filteredSettings.find(setting => getSetting(setting).group === 'core'); + if (firstCoreSetting) { throw new NoPermissionError({ message: tpl(messages.accessCoreSettingFromExtReq)