Adding promoting to owner
This commit is contained in:
+7
-1
@@ -3210,7 +3210,7 @@ app.post('/api/workspace/members', requireAuth, requireWriteAccess, requireWorks
|
||||
});
|
||||
|
||||
app.put('/api/workspace/members/:memberId', requireAuth, requireWriteAccess, requireWorkspaceRole(['owner', 'assistant']), async (req: Request, res: Response, next: NextFunction) => {
|
||||
const parsed = z.object({ role: workspaceRoleSchema.exclude(['owner']) }).safeParse(req.body);
|
||||
const parsed = z.object({ role: workspaceRoleSchema }).safeParse(req.body);
|
||||
|
||||
if (!parsed.success) {
|
||||
res.status(400).json({ error: 'Invalid flock member role payload', details: parsed.error.flatten() });
|
||||
@@ -3220,6 +3220,12 @@ app.put('/api/workspace/members/:memberId', requireAuth, requireWriteAccess, req
|
||||
try {
|
||||
const billingEmail = req.auth!.workspace.billing_email ? normalizeEmail(req.auth!.workspace.billing_email) : '';
|
||||
const requesterIsBillingOwner = Boolean(billingEmail && billingEmail === normalizeEmail(req.auth!.user.email));
|
||||
|
||||
if (parsed.data.role === 'owner' && !requesterIsBillingOwner) {
|
||||
res.status(403).json({ error: 'Only the billing owner can promote collaborators to owner.' });
|
||||
return;
|
||||
}
|
||||
|
||||
const member = await updateWorkspaceMemberRole({
|
||||
memberId: req.params.memberId,
|
||||
workspaceId: req.auth!.workspace.id,
|
||||
|
||||
Reference in New Issue
Block a user