Resolve potential issues with processing roleIds

server/middlewares/integration/verifyApiKeyRoleAccess.ts

@@ -23,9 +23,14 @@ export async function verifyApiKeyRoleAccess(
             );
         }
 
-        const { roleIds } = req.body;
+        let allRoleIds: number[] = [];
-        const allRoleIds =
+        if (!isNaN(singleRoleId)) {
-            roleIds || (isNaN(singleRoleId) ? [] : [singleRoleId]);
+            // If roleId is provided in URL params, query params, or body (single), use it exclusively
+            allRoleIds = [singleRoleId];
+        } else if (req.body?.roleIds) {
+            // Only use body.roleIds if no single roleId was provided
+            allRoleIds = req.body.roleIds;
+        }
 
         if (allRoleIds.length === 0) {
             return next();

server/middlewares/verifyRoleAccess.ts

@@ -23,8 +23,14 @@ export async function verifyRoleAccess(
         );
     }
 
-    const roleIds = req.body?.roleIds;
+    let allRoleIds: number[] = [];
-    const allRoleIds = roleIds || (isNaN(singleRoleId) ? [] : [singleRoleId]);
+    if (!isNaN(singleRoleId)) {
+        // If roleId is provided in URL params, query params, or body (single), use it exclusively
+        allRoleIds = [singleRoleId];
+    } else if (req.body?.roleIds) {
+        // Only use body.roleIds if no single roleId was provided
+        allRoleIds = req.body.roleIds;
+    }
 
     if (allRoleIds.length === 0) {
         return next();