mirror/fosrl.pangolin
1
0
Fork 0
mirror of https://github.com/fosrl/pangolin.git synced 2025-08-04 10:05:53 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Add actions check to all endpoints

Browse source
This commit is contained in:
Owen Schwartz 2024-10-06 16:43:59 -04:00
parent 20db6d450c
commit 81017139c5
No known key found for this signature in database
GPG key ID: 8271FDFFD9E0CCBD
25 changed files with 232 additions and 34 deletions
Download patch file Download diff file Expand all files Collapse all files

9
server/routers/org/createOrg.ts
View file

@ -5,6 +5,7 @@ import { orgs } from '@server/db/schema';
import response from "@server/utils/response";
import HttpCode from '@server/types/HttpCode';
import createHttpError from 'http-errors';
import { ActionsEnum, checkUserActionPermission } from '@server/auth/actions';
const createOrgSchema = z.object({
name: z.string().min(1).max(255),
@ -25,7 +26,7 @@ export async function createOrg(req: Request, res: Response, next: NextFunction)
);
}
const userOrgIds = req.userOrgs;
const userOrgIds = req.userOrgIds;
if (userOrgIds && userOrgIds.length > MAX_ORGS) {
return next(
createHttpError(
@ -35,6 +36,12 @@ export async function createOrg(req: Request, res: Response, next: NextFunction)
);
}
// Check if the user has permission to list sites
const hasPermission = await checkUserActionPermission(ActionsEnum.createOrg, req);
if (!hasPermission) {
return next(createHttpError(HttpCode.FORBIDDEN, 'User does not have permission to list sites'));
}
const { name, domain } = parsedBody.data;
const newOrg = await db.insert(orgs).values({