Fix error

2025-08-04 10:05:53 +02:00 · 2024-10-12 23:05:43 -04:00 · 2024-10-12 23:05:43 -04:00 · 62f94a7236
commit 62f94a7236
parent 4facb91d7a
5 changed files with 53 additions and 9 deletions
--- a/server/auth/actions.ts
+++ b/server/auth/actions.ts
@ -35,7 +35,6 @@ export enum ActionsEnum {
    removeUser = "removeUser",
    listUsers = "listUsers",
    listSiteRoles = "listSiteRoles",
-    listUserRoles = "listUserRoles",
    listResourceRoles = "listResourceRoles",
    addRoleSite = "addRoleSite",
    addRoleResource = "addRoleResource",
--- a/server/routers/role/addRoleAction.ts
+++ b/server/routers/role/addRoleAction.ts
@ -7,9 +7,13 @@ import HttpCode from '@server/types/HttpCode';
 import createHttpError from 'http-errors';
 import { ActionsEnum, checkUserActionPermission } from '@server/auth/actions';
 import logger from '@server/logger';
+import { eq } from 'drizzle-orm';
+
+const addRoleActionParamSchema = z.object({
+    roleId: z.string().transform(Number).pipe(z.number().int().positive()),
+});

 const addRoleActionSchema = z.object({
-    roleId: z.string().transform(Number).pipe(z.number().int().positive()),
    actionId: z.string(),
 });

@ -25,7 +29,19 @@ export async function addRoleAction(req: Request, res: Response, next: NextFunct
            );
        }

-        const { roleId, actionId } = parsedBody.data;
+        const { actionId } = parsedBody.data;
+
+        const parsedParams = addRoleActionParamSchema.safeParse(req.params);
+        if (!parsedParams.success) {
+            return next(
+                createHttpError(
+                    HttpCode.BAD_REQUEST,
+                    parsedParams.error.errors.map(e => e.message).join(', ')
+                )
+            );
+        }
+
+        const { roleId } = parsedParams.data;

        // Check if the user has permission to add role actions
        const hasPermission = await checkUserActionPermission(ActionsEnum.addRoleAction, req);
@ -42,7 +58,7 @@ export async function addRoleAction(req: Request, res: Response, next: NextFunct
        const newRoleAction = await db.insert(roleActions).values({
            roleId,
            actionId,
-            orgId: role[0].orgId,
+            orgId: role[0].orgId!,
        }).returning();

        return response(res, {
--- a/server/routers/role/addRoleResource.ts
+++ b/server/routers/role/addRoleResource.ts
@ -8,8 +8,11 @@ import createHttpError from 'http-errors';
 import { ActionsEnum, checkUserActionPermission } from '@server/auth/actions';
 import logger from '@server/logger';

-const addRoleResourceSchema = z.object({
+const addRoleResourceParamsSchema = z.object({
    roleId: z.string().transform(Number).pipe(z.number().int().positive()),
+});
+
+const addRoleResourceSchema = z.object({
    resourceId: z.string(),
 });

@ -25,7 +28,19 @@ export async function addRoleResource(req: Request, res: Response, next: NextFun
            );
        }

-        const { roleId, resourceId } = parsedBody.data;
+        const { resourceId } = parsedBody.data;
+
+        const parsedParams = addRoleResourceParamsSchema.safeParse(req.params);
+        if (!parsedParams.success) {
+            return next(
+                createHttpError(
+                    HttpCode.BAD_REQUEST,
+                    parsedParams.error.errors.map(e => e.message).join(', ')
+                )
+            );
+        }
+
+        const { roleId } = parsedParams.data;

        // Check if the user has permission to add role resources
        const hasPermission = await checkUserActionPermission(ActionsEnum.addRoleResource, req);
--- a/server/routers/role/removeRoleResource.ts
+++ b/server/routers/role/removeRoleResource.ts
@ -9,8 +9,11 @@ import createHttpError from 'http-errors';
 import { ActionsEnum, checkUserActionPermission } from '@server/auth/actions';
 import logger from '@server/logger';

-const removeRoleResourceSchema = z.object({
+const removeRoleResourceParamsSchema = z.object({
    roleId: z.string().transform(Number).pipe(z.number().int().positive()),
+});
+
+const removeRoleResourceSchema = z.object({
    resourceId: z.string(),
 });

@ -26,7 +29,19 @@ export async function removeRoleResource(req: Request, res: Response, next: Next
            );
        }

-        const { roleId, resourceId } = parsedParams.data;
+        const { resourceId } = parsedParams.data;
+
+        const parsedBody = removeRoleResourceParamsSchema.safeParse(req.body);
+        if (!parsedBody.success) {
+            return next(
+                createHttpError(
+                    HttpCode.BAD_REQUEST,
+                    parsedBody.error.errors.map(e => e.message).join(', ')
+                )
+            );
+        }
+
+        const { roleId } = parsedBody.data;

        // Check if the user has permission to remove role resources
        const hasPermission = await checkUserActionPermission(ActionsEnum.removeRoleResource, req);
--- a/server/routers/user/index.ts
+++ b/server/routers/user/index.ts
@ -2,5 +2,4 @@ export * from "./getUser";
 export * from "./removeUserOrg";
 export * from "./addUserOrg";
 export * from "./listUsers";
-export * from "./listUserRoles";
 export * from "./setUserRole";