Adding promoting to owner
Deploy / deploy-dev (push) Has been skipped
Deploy / deploy-prod (push) Successful in 2m23s

This commit is contained in:
blaisadmin
2026-06-05 21:15:55 -04:00
parent 88ff06237e
commit 5735bb7735
4 changed files with 65 additions and 2 deletions
+7 -1
View File
@@ -3210,7 +3210,7 @@ app.post('/api/workspace/members', requireAuth, requireWriteAccess, requireWorks
});
app.put('/api/workspace/members/:memberId', requireAuth, requireWriteAccess, requireWorkspaceRole(['owner', 'assistant']), async (req: Request, res: Response, next: NextFunction) => {
const parsed = z.object({ role: workspaceRoleSchema.exclude(['owner']) }).safeParse(req.body);
const parsed = z.object({ role: workspaceRoleSchema }).safeParse(req.body);
if (!parsed.success) {
res.status(400).json({ error: 'Invalid flock member role payload', details: parsed.error.flatten() });
@@ -3220,6 +3220,12 @@ app.put('/api/workspace/members/:memberId', requireAuth, requireWriteAccess, req
try {
const billingEmail = req.auth!.workspace.billing_email ? normalizeEmail(req.auth!.workspace.billing_email) : '';
const requesterIsBillingOwner = Boolean(billingEmail && billingEmail === normalizeEmail(req.auth!.user.email));
if (parsed.data.role === 'owner' && !requesterIsBillingOwner) {
res.status(403).json({ error: 'Only the billing owner can promote collaborators to owner.' });
return;
}
const member = await updateWorkspaceMemberRole({
memberId: req.params.memberId,
workspaceId: req.auth!.workspace.id,