mirror of
https://github.com/fosrl/pangolin.git
synced 2026-07-09 17:18:31 +00:00
Enforce the action inside of the function
This commit is contained in:
parent
471ae98204
commit
5a8a48f9bf
2 changed files with 23 additions and 1 deletions
|
|
@ -612,7 +612,7 @@ authenticated.post(
|
|||
verifyValidSubscription(tierMatrix.advancedPrivateResources),
|
||||
verifyOrgAccess,
|
||||
verifyLimits,
|
||||
verifyUserHasAction(ActionsEnum.signSshKey),
|
||||
// verifyUserHasAction(ActionsEnum.signSshKey), // this check happens inside of the function now
|
||||
// logActionAudit(ActionsEnum.signSshKey), // it is handled inside of the function below so we can include more metadata
|
||||
ssh.signSshKey
|
||||
);
|
||||
|
|
|
|||
|
|
@ -20,6 +20,7 @@ import {
|
|||
logsDb,
|
||||
newts,
|
||||
roles,
|
||||
roleActions,
|
||||
rolePolicies,
|
||||
roleResources,
|
||||
roleSiteResources,
|
||||
|
|
@ -141,6 +142,27 @@ export async function signSshKey(
|
|||
);
|
||||
}
|
||||
|
||||
const roleActionPermission = await db
|
||||
.select({ roleId: roleActions.roleId })
|
||||
.from(roleActions)
|
||||
.where(
|
||||
and(
|
||||
eq(roleActions.actionId, ActionsEnum.signSshKey),
|
||||
inArray(roleActions.roleId, roleIds),
|
||||
eq(roleActions.orgId, orgId)
|
||||
)
|
||||
)
|
||||
.limit(1);
|
||||
|
||||
if (roleActionPermission.length === 0) {
|
||||
return next(
|
||||
createHttpError(
|
||||
HttpCode.FORBIDDEN,
|
||||
"User does not have permission perform this action"
|
||||
)
|
||||
);
|
||||
}
|
||||
|
||||
const isLicensed = await isLicensedOrSubscribed(
|
||||
orgId,
|
||||
tierMatrix.advancedPrivateResources
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue