github/infisical
1
0
Fork 0
mirror of https://github.com/Infisical/infisical.git synced 2026-01-09 07:28:09 -05:00
Code Issues Packages Projects Releases Wiki Activity

fix: correct membership update constraints

Browse Source
This commit is contained in:
Scott Wilson
2025-12-10 19:15:34 -08:00
parent 6da7d7e96c
commit 9bd775929f
3 changed files with 22 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
backend/src/services/additional-privilege/additional-privilege-service.ts
View File

@@ -58,6 +58,10 @@ export const additionalPrivilegeServiceFactory = ({
const scope = factory.getScopeField(dto.scopeData);
const dbActorField = data.actorType === ActorType.IDENTITY ? "actorIdentityId" : "actorUserId";
if (dto.data.actorId === dto.permission.id) {
throw new BadRequestError({ message: "Cannot assign additional privileges to your own membership" });
}
const existingSlug = await additionalPrivilegeDAL.findOne({
name: data.name,
[dbActorField]: data.actorId,
@@ -120,6 +124,10 @@ export const additionalPrivilegeServiceFactory = ({
const scope = factory.getScopeField(dto.scopeData);
const dbActorField = dto.selector.actorType === ActorType.IDENTITY ? "actorIdentityId" : "actorUserId";
if (dto.selector.actorId === dto.permission.id) {
throw new BadRequestError({ message: "Cannot update additional privileges on your own membership" });
}
const existingPrivilege = await additionalPrivilegeDAL.findOne({
[dbActorField]: dto.selector.actorId,
id: dto.selector.id,
@@ -181,6 +189,10 @@ export const additionalPrivilegeServiceFactory = ({
const scope = factory.getScopeField(dto.scopeData);
const dbActorField = dto.selector.actorType === ActorType.IDENTITY ? "actorIdentityId" : "actorUserId";
if (dto.selector.actorId === dto.permission.id) {
throw new BadRequestError({ message: "Cannot remove additional privileges from your own membership" });
}
const existingPrivilege = await additionalPrivilegeDAL.findOne({
id: selector.id,
[dbActorField]: dto.selector.actorId,

5
backend/src/services/membership-identity/membership-identity-service.ts
View File

@@ -203,6 +203,11 @@ export const membershipIdentityServiceFactory = ({
message: "Identity doesn't have membership"
});
if (existingMembership.actorIdentityId === dto.permission.id)
throw new BadRequestError({
message: "You can't update your own membership"
});
const scopeField = factory.getScopeField(dto.scopeData);
const customRoles = hasCustomRole
? await roleDAL.find({

5
backend/src/services/membership-user/membership-user-service.ts
View File

@@ -326,6 +326,11 @@ export const membershipUserServiceFactory = ({
message: "User doesn't have membership"
});
if (existingMembership.actorUserId === dto.permission.id)
throw new BadRequestError({
message: "You can't update your own membership"
});
const scopeField = factory.getScopeField(dto.scopeData);
const customRoles = hasCustomRole
? await roleDAL.find({