Adjusting role actions
Deploy / deploy-dev (push) Successful in 2m29s
Deploy / deploy-prod (push) Has been skipped

This commit is contained in:
blaisadmin
2026-06-05 21:09:31 -04:00
parent c3bec15c63
commit bb589e3489
4 changed files with 419 additions and 24 deletions
+44 -2
View File
@@ -119,6 +119,7 @@ import {
setWorkspaceSubscriptionStatusByStripeSubscriptionId,
updateRescueVerificationStatus,
updateWorkspace,
updateWorkspaceMemberRole,
upsertWorkspaceMember,
} from './repositories/workspaceRepository.js';
import type {
@@ -3388,9 +3389,51 @@ app.post('/api/workspace/members', requireAuth, requireWriteAccess, requireWorks
}
});
app.put('/api/workspace/members/:memberId', requireAuth, requireWriteAccess, requireWorkspaceRole(['owner', 'assistant']), async (req: Request, res: Response, next: NextFunction) => {
const parsed = z.object({ role: workspaceRoleSchema.exclude(['owner']) }).safeParse(req.body);
if (!parsed.success) {
res.status(400).json({ error: 'Invalid flock member role payload', details: parsed.error.flatten() });
return;
}
try {
const billingEmail = req.auth!.workspace.billing_email ? normalizeEmail(req.auth!.workspace.billing_email) : '';
const requesterIsBillingOwner = Boolean(billingEmail && billingEmail === normalizeEmail(req.auth!.user.email));
const member = await updateWorkspaceMemberRole({
memberId: req.params.memberId,
workspaceId: req.auth!.workspace.id,
role: parsed.data.role,
requesterMemberId: req.auth!.membership.id,
requesterIsBillingOwner,
requesterRole: req.auth!.membership.role,
billingEmail,
});
if (!member) {
res.status(404).json({ error: 'Flock member not found or cannot be changed.' });
return;
}
await writeAuditLog(req.auth!, 'workspace_member.role_updated', 'workspace_member', member.id, member.name, {
role: member.role,
});
res.json({ member: normalizeWorkspaceMember(member) });
} catch (error) {
next(error);
}
});
app.delete('/api/workspace/members/:memberId', requireAuth, requireWriteAccess, requireWorkspaceRole(['owner', 'assistant']), async (req: Request, res: Response, next: NextFunction) => {
try {
const deleted = await deleteWorkspaceMember(req.params.memberId, req.auth!.workspace.id);
const billingEmail = req.auth!.workspace.billing_email ? normalizeEmail(req.auth!.workspace.billing_email) : '';
const requesterIsBillingOwner = Boolean(billingEmail && billingEmail === normalizeEmail(req.auth!.user.email));
const deleted = await deleteWorkspaceMember({
memberId: req.params.memberId,
workspaceId: req.auth!.workspace.id,
requesterMemberId: req.auth!.membership.id,
requesterIsBillingOwner,
});
if (!deleted) {
res.status(404).json({ error: 'Flock member not found or cannot be removed.' });
@@ -3398,7 +3441,6 @@ app.delete('/api/workspace/members/:memberId', requireAuth, requireWriteAccess,
}
await writeAuditLog(req.auth!, 'workspace_member.deleted', 'workspace_member', req.params.memberId);
await writeAuditLog(req.auth!, 'integration_token.revoked', 'integration_token', req.params.tokenId);
res.status(204).send();
} catch (error) {
next(error);