From 2defd0c02b1afa794881fac6d3f3a7ceae2d1b5f Mon Sep 17 00:00:00 2001
From: miloschwartz <mschwartz10612@gmail.com>
Date: Wed, 26 Mar 2025 22:20:22 -0400
Subject: [PATCH] add createNewt action and remove max orgs restriction

---
 server/auth/actions.ts                 |  1 +
 server/middlewares/verifyRoleAccess.ts | 14 +++++++++++++-
 server/routers/external.ts             | 11 +++++++++--
 server/routers/org/createOrg.ts        |  2 +-
 4 files changed, 24 insertions(+), 4 deletions(-)

diff --git a/server/auth/actions.ts b/server/auth/actions.ts
index fa7c9e20..dc56ea94 100644
--- a/server/auth/actions.ts
+++ b/server/auth/actions.ts
@@ -63,6 +63,7 @@ export enum ActionsEnum {
     listResourceRules = "listResourceRules",
     updateResourceRule = "updateResourceRule",
     listOrgDomains = "listOrgDomains",
+    createNewt = "createNewt",
 }
 
 export async function checkUserActionPermission(
diff --git a/server/middlewares/verifyRoleAccess.ts b/server/middlewares/verifyRoleAccess.ts
index e3e55eae..54917044 100644
--- a/server/middlewares/verifyRoleAccess.ts
+++ b/server/middlewares/verifyRoleAccess.ts
@@ -44,6 +44,8 @@ export async function verifyRoleAccess(
             );
         }
 
+        const orgIds = new Set(rolesData.map((role) => role.orgId));
+
         // Check user access to each role's organization
         for (const role of rolesData) {
             const userOrgRole = await db
@@ -69,7 +71,16 @@ export async function verifyRoleAccess(
             req.userOrgId = role.orgId;
         }
 
-        const orgId = req.userOrgId;
+        if (orgIds.size > 1) {
+            return next(
+                createHttpError(
+                    HttpCode.FORBIDDEN,
+                    "Roles must belong to the same organization"
+                )
+            );
+        }
+
+        const orgId = orgIds.values().next().value;
 
         if (!orgId) {
             return next(
@@ -105,3 +116,4 @@ export async function verifyRoleAccess(
         );
     }
 }
+
diff --git a/server/routers/external.ts b/server/routers/external.ts
index 2eeae9de..39d283d7 100644
--- a/server/routers/external.ts
+++ b/server/routers/external.ts
@@ -383,7 +383,10 @@ authenticated.get(
 
 authenticated.get(`/org/:orgId/overview`, verifyOrgAccess, org.getOrgOverview);
 
-authenticated.post(`/supporter-key/validate`, supporterKey.validateSupporterKey);
+authenticated.post(
+    `/supporter-key/validate`,
+    supporterKey.validateSupporterKey
+);
 authenticated.post(`/supporter-key/hide`, supporterKey.hideSupporterKey);
 
 unauthenticated.get("/resource/:resourceId/auth", resource.getResourceAuthInfo);
@@ -470,7 +473,11 @@ authenticated.delete(
 //     role.removeRoleAction
 // );
 
-authenticated.put("/newt", createNewt);
+authenticated.put(
+    "/newt",
+    verifyUserHasAction(ActionsEnum.createNewt),
+    createNewt
+);
 
 // Auth routes
 export const authRouter = Router();
diff --git a/server/routers/org/createOrg.ts b/server/routers/org/createOrg.ts
index f7bb9ff2..c501ebfa 100644
--- a/server/routers/org/createOrg.ts
+++ b/server/routers/org/createOrg.ts
@@ -27,7 +27,7 @@ const createOrgSchema = z
     })
     .strict();
 
-const MAX_ORGS = 5;
+// const MAX_ORGS = 5;
 
 export async function createOrg(
     req: Request,