Fix #1376

server/routers/external.ts

@@ -82,6 +82,7 @@ authenticated.delete(
     "/org/:orgId",
     verifyOrgAccess,
     verifyUserIsOrgOwner,
+    verifyUserHasAction(ActionsEnum.deleteOrg),
     org.deleteOrg
 );
 

server/routers/org/deleteOrg.ts

@@ -49,19 +49,7 @@ export async function deleteOrg(
         }
 
         const { orgId } = parsedParams.data;
-        // Check if the user has permission to list sites
+
-        const hasPermission = await checkUserActionPermission(
-            ActionsEnum.deleteOrg,
-            req
-        );
-        if (!hasPermission) {
-            return next(
-                createHttpError(
-                    HttpCode.FORBIDDEN,
-                    "User does not have permission to perform this action"
-                )
-            );
-        }
         const [org] = await db
             .select()
             .from(orgs)