Add actions check to all endpoints

2026-03-07 03:06:40 +00:00 · 2024-10-06 16:43:59 -04:00
parent 20db6d450c
commit 81017139c5
25 changed files with 232 additions and 34 deletions
--- a/server/routers/resource/updateResource.ts
+++ b/server/routers/resource/updateResource.ts
@@ -6,6 +6,7 @@ import { eq } from 'drizzle-orm';
 import response from "@server/utils/response";
 import HttpCode from '@server/types/HttpCode';
 import createHttpError from 'http-errors';
+import { ActionsEnum, checkUserActionPermission } from '@server/auth/actions';

 // Define Zod schema for request parameters validation
 const updateResourceParamsSchema = z.object({
@@ -47,6 +48,12 @@ export async function updateResource(req: Request, res: Response, next: NextFunc
    const { resourceId } = parsedParams.data;
    const updateData = parsedBody.data;

+    // Check if the user has permission to list sites
+    const hasPermission = await checkUserActionPermission(ActionsEnum.updateResource, req);
+    if (!hasPermission) {
+      return next(createHttpError(HttpCode.FORBIDDEN, 'User does not have permission to list sites'));
+    }    
+
    // Update the resource in the database
    const updatedResource = await db.update(resources)
      .set(updateData)