pangolin_mirror/pangolin
1
0
Fork 0
mirror of https://github.com/fosrl/pangolin.git synced 2026-03-01 00:06:38 +00:00
Code Issues Packages Projects Releases Wiki Activity

add extra org policy checks to middlewares

Browse Source
This commit is contained in:
miloschwartz
2025-12-03 15:50:24 -05:00
parent 9be5a01173
commit 5afff3c662
18 changed files with 285 additions and 34 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
server/middlewares/verifyTargetAccess.ts
View File

@@ -5,6 +5,7 @@ import { and, eq } from "drizzle-orm";
import createHttpError from "http-errors";
import HttpCode from "@server/types/HttpCode";
import { canUserAccessResource } from "../auth/canUserAccessResource";
import { checkOrgAccessPolicy } from "#dynamic/lib/checkOrgAccessPolicy";
export async function verifyTargetAccess(
req: Request,
@@ -102,6 +103,26 @@ export async function verifyTargetAccess(
req.userOrgId = resource[0].orgId!;
}
const orgId = req.userOrg.orgId;
if (req.orgPolicyAllowed === undefined && orgId) {
const policyCheck = await checkOrgAccessPolicy({
orgId,
userId,
session: req.session
});
req.orgPolicyAllowed = policyCheck.allowed;
if (!policyCheck.allowed || policyCheck.error) {
return next(
createHttpError(
HttpCode.FORBIDDEN,
"Failed organization access policy check: " +
(policyCheck.error || "Unknown error")
)
);
}
}
const resourceAllowed = await canUserAccessResource({
userId,
resourceId,