fix rendering issues on resource unauthorized

2025-08-04 10:05:53 +02:00 · 2024-11-29 21:48:48 -05:00 · 2024-11-29 21:48:48 -05:00 · 500a81aa42
commit 500a81aa42
parent 5bbf32f6a6
8 changed files with 58 additions and 20 deletions
--- a/server/routers/badger/verifySession.ts
+++ b/server/routers/badger/verifySession.ts
@ -10,6 +10,7 @@ import {
    resourcePassword,
    resourcePincode,
    resources,
+    User,
    userOrgs,
 } from "@server/db/schema";
 import { and, eq } from "drizzle-orm";
@ -106,7 +107,7 @@ export async function verifyResourceSession(
            const { session, user } = await validateSessionToken(sessionToken);
            if (session && user) {
                const isAllowed = await isUserAllowedToAccessResource(
-                    user.userId,
+                    user,
                    resource,
                );

@ -191,15 +192,19 @@ function allowed(res: Response) {
 }

 async function isUserAllowedToAccessResource(
-    userId: string,
+    user: User,
    resource: Resource,
-) {
+): Promise<boolean> {
+    if (config.flags?.require_email_verification && !user.emailVerified) {
+        return false;
+    }
+
    const userOrgRole = await db
        .select()
        .from(userOrgs)
        .where(
            and(
-                eq(userOrgs.userId, userId),
+                eq(userOrgs.userId, user.userId),
                eq(userOrgs.orgId, resource.orgId),
            ),
        )
@ -229,7 +234,7 @@ async function isUserAllowedToAccessResource(
        .from(userResources)
        .where(
            and(
-                eq(userResources.userId, userId),
+                eq(userResources.userId, user.userId),
                eq(userResources.resourceId, resource.resourceId),
            ),
        )