pangolin_mirror/pangolin
1
0
Fork 0
mirror of https://github.com/fosrl/pangolin.git synced 2026-03-01 16:26:39 +00:00
Code Issues Packages Projects Releases Wiki Activity

set users on resource working

Browse Source
This commit is contained in:
Milo Schwartz
2024-11-15 23:38:08 -05:00
parent 9f87b8d271
commit b1e53ed8d7
16 changed files with 414 additions and 118 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
server/routers/auth/index.ts
View File

@@ -18,4 +18,5 @@ export * from "./requestEmailVerificationCode";
export * from "./changePassword";
export * from "./requestPasswordReset";
export * from "./resetPassword";
export * from "./verifyUserInRole";
export * from "./verifyUserInRole";
export * from "./verifySetResourceUsers";

45
server/routers/auth/verifyRoleAccess.ts
View File

@@ -5,12 +5,6 @@ import { and, eq, inArray } from "drizzle-orm";
import createHttpError from "http-errors";
import HttpCode from "@server/types/HttpCode";
import logger from "@server/logger";
import { z } from "zod";
import { fromError } from "zod-validation-error";
const verifyRoleAccessSchema = z.object({
roleIds: z.array(z.number().int().positive()).optional(),
});
export async function verifyRoleAccess(
req: Request,
@@ -28,17 +22,7 @@ export async function verifyRoleAccess(
);
}
const parsedBody = verifyRoleAccessSchema.safeParse(req.body);
if (!parsedBody.success) {
return next(
createHttpError(
HttpCode.BAD_REQUEST,
fromError(parsedBody.error).toString()
)
);
}
const { roleIds } = parsedBody.data;
const { roleIds } = req.body;
const allRoleIds = roleIds || (isNaN(singleRoleId) ? [] : [singleRoleId]);
if (allRoleIds.length === 0) {
@@ -81,6 +65,33 @@ export async function verifyRoleAccess(
)
);
}
req.userOrgId = role.orgId;
}
const orgId = req.userOrgId;
if (!orgId) {
return next(
createHttpError(
HttpCode.BAD_REQUEST,
"Organization ID not found"
)
);
}
if (!req.userOrg) {
// get the userORg
const userOrg = await db
.select()
.from(userOrgs)
.where(
and(eq(userOrgs.userId, userId), eq(userOrgs.orgId, orgId!))
)
.limit(1);
req.userOrg = userOrg[0];
req.userOrgRoleId = userOrg[0].roleId;
}
return next();

70
server/routers/auth/verifySetResourceUsers.ts Normal file
View File

@@ -0,0 +1,70 @@
import { Request, Response, NextFunction } from "express";
import { db } from "@server/db";
import { userOrgs } from "@server/db/schema";
import { and, eq, inArray, or } from "drizzle-orm";
import createHttpError from "http-errors";
import HttpCode from "@server/types/HttpCode";
export async function verifySetResourceUsers(
req: Request,
res: Response,
next: NextFunction
) {
const userId = req.user!.userId;
const userIds = req.body.userIds;
if (!userId) {
return next(
createHttpError(HttpCode.UNAUTHORIZED, "User not authenticated")
);
}
if (!req.userOrg) {
return next(
createHttpError(
HttpCode.FORBIDDEN,
"User does not have access to this user"
)
);
}
if (!userIds) {
return next(createHttpError(HttpCode.BAD_REQUEST, "Invalid user IDs"));
}
if (userIds.length === 0) {
return next();
}
try {
const orgId = req.userOrg.orgId;
// get all userOrgs for the users
const userOrgsData = await db
.select()
.from(userOrgs)
.where(
and(
inArray(userOrgs.userId, userIds),
eq(userOrgs.orgId, orgId)
)
);
if (userOrgsData.length !== userIds.length) {
return next(
createHttpError(
HttpCode.FORBIDDEN,
"User does not have access to this user"
)
);
}
return next();
} catch (error) {
return next(
createHttpError(
HttpCode.INTERNAL_SERVER_ERROR,
"Error checking if user has access to this user"
)
);
}
}