LicenseAPI/Backend
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Added security checks in the group.ts controller

Browse Source
This commit is contained in:
Mathias Wagner 2023-08-02 19:15:02 +02:00
parent 8f0c6fb30f
commit 07723ec54f
Signed by: Mathias
GPG Key ID: B8DC354B0A1F5B44
1 changed files with 8 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
src/controller/group.ts
View File

@ -31,6 +31,9 @@ export const createGroup = async (userId: string, projectId: string, configurati
const count = await Group.countDocuments({ projectId: encryptClearField(String(access._id)) }); const count = await Group.countDocuments({ projectId: encryptClearField(String(access._id)) });
if (count >= planLimits[access.plan].GROUPS) return { code: 95, message: "You have exceeded the group limit" }; if (count >= planLimits[access.plan].GROUPS) return { code: 95, message: "You have exceeded the group limit" };
const group = await Group.findOne({ projectId: encryptClearField(String(access._id)), name: encryptClearField(configuration.name) });
if (group !== null) return { code: 4008, message: "The provided group name is already in use" };
// TODO: Check if permissions exist // TODO: Check if permissions exist
await Group.create({ ...configuration, projectId }); await Group.create({ ...configuration, projectId });
@ -55,6 +58,11 @@ export const updateGroup = async (userId: string, projectId: string, groupName:
const group = await Group.findOne({ projectId: encryptClearField(String(access._id)), name: encryptClearField(groupName) }); const group = await Group.findOne({ projectId: encryptClearField(String(access._id)), name: encryptClearField(groupName) });
if (group === null) return { code: 4009, message: "The provided group does not exist" }; if (group === null) return { code: 4009, message: "The provided group does not exist" };
if (config.name) {
const newGroup = await Group.findOne({ projectId: encryptClearField(String(access._id)), name: encryptClearField(config.name) });
if (newGroup !== null) return { code: 4008, message: "The provided group name is already in use" };
}
// TODO: Check if permissions exist // TODO: Check if permissions exist
await group.updateOne(config); await group.updateOne(config);