From 07723ec54f42a6106474790b831ca6a876400a22 Mon Sep 17 00:00:00 2001
From: Mathias Wagner <germannewsmaker@gmail.com>
Date: Wed, 2 Aug 2023 19:15:02 +0200
Subject: [PATCH] Added security checks in the group.ts controller

---
 src/controller/group.ts | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/src/controller/group.ts b/src/controller/group.ts
index 7b5eb1e..769d06f 100644
--- a/src/controller/group.ts
+++ b/src/controller/group.ts
@@ -31,6 +31,9 @@ export const createGroup = async (userId: string, projectId: string, configurati
     const count = await Group.countDocuments({ projectId: encryptClearField(String(access._id)) });
     if (count >= planLimits[access.plan].GROUPS) return { code: 95, message: "You have exceeded the group limit" };
 
+    const group = await Group.findOne({ projectId: encryptClearField(String(access._id)), name: encryptClearField(configuration.name) });
+    if (group !== null) return { code: 4008, message: "The provided group name is already in use" };
+
     // TODO: Check if permissions exist
 
     await Group.create({ ...configuration, projectId });
@@ -55,6 +58,11 @@ export const updateGroup = async (userId: string, projectId: string, groupName:
     const group = await Group.findOne({ projectId: encryptClearField(String(access._id)), name: encryptClearField(groupName) });
     if (group === null) return { code: 4009, message: "The provided group does not exist" };
 
+    if (config.name) {
+        const newGroup = await Group.findOne({ projectId: encryptClearField(String(access._id)), name: encryptClearField(config.name) });
+        if (newGroup !== null) return { code: 4008, message: "The provided group name is already in use" };
+    }
+
     // TODO: Check if permissions exist
 
     await group.updateOne(config);