pangolin_mirror/pangolin
1
0
Fork 0
mirror of https://github.com/fosrl/pangolin.git synced 2026-03-02 00:36:38 +00:00
Code Issues Packages Projects Releases Wiki Activity

add user checks in routes

Browse Source
This commit is contained in:
miloschwartz
2025-05-02 10:44:50 -04:00
parent f8e0219b49
commit a9f0b9aa38
21 changed files with 302 additions and 133 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
server/routers/resource/setResourceRoles.ts
View File

@@ -1,7 +1,7 @@
import { Request, Response, NextFunction } from "express";
import { z } from "zod";
import { db } from "@server/db";
import { roleResources, roles } from "@server/db/schemas";
import { apiKeys, roleResources, roles } from "@server/db/schemas";
import response from "@server/lib/response";
import HttpCode from "@server/types/HttpCode";
import createHttpError from "http-errors";
@@ -74,6 +74,17 @@ export async function setResourceRoles(
const { resourceId } = parsedParams.data;
const orgId = req.userOrg?.orgId || req.apiKeyOrg?.orgId;
if (!orgId) {
return next(
createHttpError(
HttpCode.INTERNAL_SERVER_ERROR,
"Organization not found"
)
);
}
// get this org's admin role
const adminRole = await db
.select()
@@ -81,7 +92,7 @@ export async function setResourceRoles(
.where(
and(
eq(roles.name, "Admin"),
eq(roles.orgId, req.userOrg!.orgId)
eq(roles.orgId, orgId)
)
)
.limit(1);
@@ -136,3 +147,4 @@ export async function setResourceRoles(
);
}
}