pangolin_mirror/pangolin
1
0
Fork 0
mirror of https://github.com/fosrl/pangolin.git synced 2026-02-21 12:26:40 +00:00
Code Issues Packages Projects Releases Wiki Activity

add user checks in routes

Browse Source
This commit is contained in:
miloschwartz
2025-05-02 10:44:50 -04:00
parent f8e0219b49
commit a9f0b9aa38
21 changed files with 302 additions and 133 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
server/routers/user/addUserRole.ts
View File

@@ -49,7 +49,7 @@ export async function addUserRole(
const { userId, roleId } = parsedParams.data;
if (!req.userOrg) {
if (req.user && !req.userOrg) {
return next(
createHttpError(
HttpCode.FORBIDDEN,
@@ -58,7 +58,13 @@ export async function addUserRole(
);
}
const orgId = req.userOrg.orgId;
const orgId = req.userOrg?.orgId || req.apiKeyOrg?.orgId;
if (!orgId) {
return next(
createHttpError(HttpCode.BAD_REQUEST, "Invalid organization ID")
);
}
const existingUser = await db
.select()

2
server/routers/user/getOrgUser.ts
View File

@@ -106,7 +106,7 @@ export async function getOrgUser(
);
}
if (user.userId !== req.userOrg.userId) {
if (req.user && user.userId !== req.userOrg.userId) {
const hasPermission = await checkUserActionPermission(
ActionsEnum.getOrgUser,
req