mirror/fosrl.pangolin
1
0
Fork 0
mirror of https://github.com/fosrl/pangolin.git synced 2025-08-26 12:15:35 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

remove api-key-org association for root keys

Browse source
This commit is contained in:
miloschwartz 2025-08-01 15:55:47 -07:00
parent 6d359b6bb9
commit 7402590f49
No known key found for this signature in database
11 changed files with 47 additions and 26 deletions
Download patch file Download diff file Expand all files Collapse all files

5
server/middlewares/integration/verifyApiKeySetResourceUsers.ts
View file

@ -32,6 +32,11 @@ export async function verifyApiKeySetResourceUsers(
return next(createHttpError(HttpCode.BAD_REQUEST, "Invalid user IDs"));
}
if (apiKey.isRoot) {
// Root keys can access any key in any org
return next();
}
if (userIds.length === 0) {
return next();
}