move action permission check to middleware

2026-03-03 09:16:40 +00:00 · 2024-11-05 23:55:46 -05:00
parent 03051878ef
commit 372e51c0a5
48 changed files with 266 additions and 936 deletions
--- a/server/routers/user/inviteUser.ts
+++ b/server/routers/user/inviteUser.ts
@@ -64,19 +64,6 @@ export async function inviteUser(
        const { orgId } = parsedParams.data;
        const { email, validHours, roleId } = parsedBody.data;

-        const hasPermission = await checkUserActionPermission(
-            ActionsEnum.inviteUser,
-            req
-        );
-        if (!hasPermission) {
-            return next(
-                createHttpError(
-                    HttpCode.FORBIDDEN,
-                    "User does not have permission to perform this action"
-                )
-            );
-        }
-
        const currentTime = Date.now();
        const oneHourAgo = currentTime - 3600000;

@@ -86,7 +73,7 @@ export async function inviteUser(

        inviteTracker[email].timestamps = inviteTracker[
            email
-        ].timestamps.filter((timestamp) => timestamp > oneHourAgo);
+        ].timestamps.filter((timestamp) => timestamp > oneHourAgo); // TODO: this could cause memory increase over time if the object is never deleted

        if (inviteTracker[email].timestamps.length >= 3) {
            return next(