add createNewt action and remove max orgs restriction

2025-08-04 10:05:53 +02:00 · 2025-03-26 22:20:22 -04:00 · 2025-03-26 22:20:22 -04:00 · 5e2f9e1eeb
commit 5e2f9e1eeb
parent fefb07e14c
4 changed files with 24 additions and 4 deletions
--- a/server/auth/actions.ts
+++ b/server/auth/actions.ts
@ -63,6 +63,7 @@ export enum ActionsEnum {
    listResourceRules = "listResourceRules",
    updateResourceRule = "updateResourceRule",
    listOrgDomains = "listOrgDomains",
+    createNewt = "createNewt",
 }

 export async function checkUserActionPermission(
--- a/server/middlewares/verifyRoleAccess.ts
+++ b/server/middlewares/verifyRoleAccess.ts
@ -44,6 +44,8 @@ export async function verifyRoleAccess(
            );
        }

+        const orgIds = new Set(rolesData.map((role) => role.orgId));
+
        // Check user access to each role's organization
        for (const role of rolesData) {
            const userOrgRole = await db
@ -69,7 +71,16 @@ export async function verifyRoleAccess(
            req.userOrgId = role.orgId;
        }

-        const orgId = req.userOrgId;
+        if (orgIds.size > 1) {
+            return next(
+                createHttpError(
+                    HttpCode.FORBIDDEN,
+                    "Roles must belong to the same organization"
+                )
+            );
+        }
+
+        const orgId = orgIds.values().next().value;

        if (!orgId) {
            return next(
@ -105,3 +116,4 @@ export async function verifyRoleAccess(
        );
    }
 }
+
--- a/server/routers/external.ts
+++ b/server/routers/external.ts
@ -383,7 +383,10 @@ authenticated.get(

 authenticated.get(`/org/:orgId/overview`, verifyOrgAccess, org.getOrgOverview);

-authenticated.post(`/supporter-key/validate`, supporterKey.validateSupporterKey);
+authenticated.post(
+    `/supporter-key/validate`,
+    supporterKey.validateSupporterKey
+);
 authenticated.post(`/supporter-key/hide`, supporterKey.hideSupporterKey);

 unauthenticated.get("/resource/:resourceId/auth", resource.getResourceAuthInfo);
@ -470,7 +473,11 @@ authenticated.delete(
 //     role.removeRoleAction
 // );

-authenticated.put("/newt", createNewt);
+authenticated.put(
+    "/newt",
+    verifyUserHasAction(ActionsEnum.createNewt),
+    createNewt
+);

 // Auth routes
 export const authRouter = Router();
--- a/server/routers/org/createOrg.ts
+++ b/server/routers/org/createOrg.ts
@ -27,7 +27,7 @@ const createOrgSchema = z
    })
    .strict();

-const MAX_ORGS = 5;
+// const MAX_ORGS = 5;

 export async function createOrg(
    req: Request,