public-offering
/
cal.pub0.org
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge branch 'main' into enterprise-license

staging
kodiakhq[bot] 2022-04-24 21:03:05 +00:00 committed by GitHub
parent eaa316e473 53d7e57142
commit aa73712270
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 15 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
apps/web/server/routers/viewer/eventTypes.tsx
View File

@ -193,6 +193,21 @@ export const eventTypesRouter = createProtectedRouter()
throw new TRPCError({ code: "UNAUTHORIZED" }); throw new TRPCError({ code: "UNAUTHORIZED" });
} }
const inputUsers = (rawInput as any).users || [];
const isAllowed = (function () {
if (event.team) {
const allTeamMembers = event.team.members.map((member) => member.userId);
return inputUsers.every((userId: string) => allTeamMembers.includes(Number.parseInt(userId)));
}
return inputUsers.every((userId: string) => Number.parseInt(userId) === ctx.user.id);
})();
if (!isAllowed) {
console.warn(`User ${ctx.user.id} attempted to an create an event for users ${inputUsers.join(", ")}.`);
throw new TRPCError({ code: "FORBIDDEN" });
}
return next(); return next();
}) })
.mutation("update", { .mutation("update", {