Add simple validation checks

backend/src/controllers/v1/secretsFolderController.ts

@@ -3,6 +3,8 @@ import { Secret } from '../../models';
 import Folder from '../../models/folder';
 import { BadRequestError } from '../../utils/errors';
 import { ROOT_FOLDER_PATH, getFolderPath, getParentPath, normalizePath, validateFolderName } from '../../utils/folder';
+import { ADMIN, MEMBER } from '../../variables';
+import { validateMembership } from '../../helpers/membership';
 
 // TODO
 // verify workspace id/environment
@@ -63,6 +65,13 @@ export const deleteFolder = async (req: Request, res: Response) => {
     throw BadRequestError({ message: "The folder doesn't exist" })
   }
 
+  // check that user is a member of the workspace
+  await validateMembership({
+    userId: req.user._id.toString(),
+    workspaceId: folder.workspace as any,
+    acceptedRoles: [ADMIN, MEMBER]
+  });
+
   while (queue.length > 0) {
     const currentFolderId = queue.shift();
 

backend/src/routes/v1/secretsFolder.ts

@@ -2,16 +2,22 @@ import express, { Request, Response } from 'express';
 const router = express.Router();
 import {
 	requireAuth,
+	requireWorkspaceAuth,
 	validateRequest
 } from '../../middleware';
 import { body, param } from 'express-validator';
 import { createFolder, deleteFolder } from '../../controllers/v1/secretsFolderController';
+import { ADMIN, MEMBER } from '../../variables';
 
 router.post(
 	'/',
 	requireAuth({
 		acceptedAuthModes: ['jwt']
 	}),
+	requireWorkspaceAuth({
+		acceptedRoles: [ADMIN, MEMBER],
+		location: 'body'
+	}),
 	body('workspaceId').exists(),
 	body('environment').exists(),
 	body('folderName').exists(),