Merge pull request #324 from databasus/develop

FIX (storages): Limit local storage usage in playground
2026-04-06 00:32:03 +02:00 · 2026-02-01 19:20:34 +03:00 · 2026-02-01 19:18:54 +03:00
4 changed files with 39 additions and 12 deletions
--- a/backend/internal/features/storages/controller.go
+++ b/backend/internal/features/storages/controller.go
@@ -58,7 +58,8 @@ func (c *StorageController) SaveStorage(ctx *gin.Context) {
 	}

 	if err := c.storageService.SaveStorage(user, request.WorkspaceID, &request); err != nil {
-		if errors.Is(err, ErrInsufficientPermissionsToManageStorage) {
+		if errors.Is(err, ErrInsufficientPermissionsToManageStorage) ||
+			errors.Is(err, ErrLocalStorageNotAllowedInCloudMode) {
 			ctx.JSON(http.StatusForbidden, gin.H{"error": err.Error()})
 			return
 		}
@@ -325,7 +326,11 @@ func (c *StorageController) TestStorageConnectionDirect(ctx *gin.Context) {
 		return
 	}

-	if err := c.storageService.TestStorageConnectionDirect(&request); err != nil {
+	if err := c.storageService.TestStorageConnectionDirect(user, &request); err != nil {
+		if errors.Is(err, ErrLocalStorageNotAllowedInCloudMode) {
+			ctx.JSON(http.StatusForbidden, gin.H{"error": err.Error()})
+			return
+		}
 		ctx.JSON(http.StatusBadRequest, gin.H{"error": err.Error()})
 		return
 	}
--- a/backend/internal/features/storages/errors.go
+++ b/backend/internal/features/storages/errors.go
@@ -39,4 +39,7 @@ var (
 	ErrSystemStorageCannotBeMadePrivate = errors.New(
 		"system storage cannot be changed to non-system",
 	)
+	ErrLocalStorageNotAllowedInCloudMode = errors.New(
+		"local storage can only be managed by administrators in cloud mode",
+	)
 )
--- a/backend/internal/features/storages/service.go
+++ b/backend/internal/features/storages/service.go
@@ -3,6 +3,7 @@ package storages
 import (
 	"fmt"

+	"databasus-backend/internal/config"
 	audit_logs "databasus-backend/internal/features/audit_logs"
 	users_enums "databasus-backend/internal/features/users/enums"
 	users_models "databasus-backend/internal/features/users/models"
@@ -37,6 +38,11 @@ func (s *StorageService) SaveStorage(
 		return ErrInsufficientPermissionsToManageStorage
 	}

+	if config.GetEnv().IsCloud && storage.Type == StorageTypeLocal &&
+		user.Role != users_enums.UserRoleAdmin {
+		return ErrLocalStorageNotAllowedInCloudMode
+	}
+
 	isUpdate := storage.ID != uuid.Nil

 	if storage.IsSystem && user.Role != users_enums.UserRoleAdmin {
@@ -238,8 +244,14 @@ func (s *StorageService) TestStorageConnection(
 }

 func (s *StorageService) TestStorageConnectionDirect(
+	user *users_models.User,
 	storage *Storage,
 ) error {
+	if config.GetEnv().IsCloud && storage.Type == StorageTypeLocal &&
+		user.Role != users_enums.UserRoleAdmin {
+		return ErrLocalStorageNotAllowedInCloudMode
+	}
+
 	var usingStorage *Storage

 	if storage.ID != uuid.Nil {
--- a/frontend/src/features/storages/ui/edit/EditStorageComponent.tsx
+++ b/frontend/src/features/storages/ui/edit/EditStorageComponent.tsx
@@ -317,6 +317,22 @@ export function EditStorageComponent({

  if (!storage) return <div />;

+  const storageTypeOptions = [
+    { label: 'Local storage', value: StorageType.LOCAL },
+    { label: 'S3', value: StorageType.S3 },
+    { label: 'Google Drive', value: StorageType.GOOGLE_DRIVE },
+    { label: 'NAS', value: StorageType.NAS },
+    { label: 'Azure Blob Storage', value: StorageType.AZURE_BLOB },
+    { label: 'FTP', value: StorageType.FTP },
+    { label: 'SFTP', value: StorageType.SFTP },
+    { label: 'Rclone', value: StorageType.RCLONE },
+  ].filter((option) => {
+    if (IS_CLOUD && option.value === StorageType.LOCAL && user.role !== UserRole.ADMIN) {
+      return false;
+    }
+    return true;
+  });
+
  return (
    <div>
      {isShowName && (
@@ -342,16 +358,7 @@ export function EditStorageComponent({
        <div className="flex items-center">
          <Select
            value={storage?.type}
-            options={[
-              { label: 'Local storage', value: StorageType.LOCAL },
-              { label: 'S3', value: StorageType.S3 },
-              { label: 'Google Drive', value: StorageType.GOOGLE_DRIVE },
-              { label: 'NAS', value: StorageType.NAS },
-              { label: 'Azure Blob Storage', value: StorageType.AZURE_BLOB },
-              { label: 'FTP', value: StorageType.FTP },
-              { label: 'SFTP', value: StorageType.SFTP },
-              { label: 'Rclone', value: StorageType.RCLONE },
-            ]}
+            options={storageTypeOptions}
            onChange={(value) => {
              setStorageType(value);
              setIsUnsaved(true);
Author	SHA1	Message	Date
Rostislav Dugin	a8465c1a10	Merge pull request #324 from databasus/develop FIX (storages): Limit local storage usage in playground	2026-02-01 19:20:34 +03:00
Rostislav Dugin	a9e5db70f6	FIX (storages): Limit local storage usage in playground	2026-02-01 19:18:54 +03:00