Fix token error while accepting invite

2024-11-22 05:06:37 +00:00 · 2020-03-20 10:51:17 +01:00 · 2020-03-20 10:51:17 +01:00 · 94341f9f3f
commit 94341f9f3f
parent ff19fb3426
1 changed files with 25 additions and 0 deletions
--- a/src/api/core/organizations.rs
+++ b/src/api/core/organizations.rs
@ -47,6 +47,7 @@ pub fn routes() -> Vec<Route> {
        post_delete_user,
        post_org_import,
        list_policies,
+        list_policies_token,
        get_policy,
        put_policy,
    ]
@ -911,6 +912,30 @@ fn list_policies(org_id: String, _headers: AdminHeaders, conn: DbConn) -> JsonRe
    })))
 }

+#[get("/organizations/<org_id>/policies/token?<token>")]
+fn list_policies_token(org_id: String, token: String, conn: DbConn) -> JsonResult {
+    let invite = crate::auth::decode_invite(&token)?;
+
+    let invite_org_id = match invite.org_id {
+        Some(invite_org_id) => invite_org_id,
+        None => err!("Invalid token"),
+    };
+
+    if invite_org_id != org_id {
+        err!("Token doesn't match request organization");
+    }
+    
+    // TODO: We receive the invite token as ?token=<>, validate it contains the org id
+    let policies = OrgPolicy::find_by_org(&org_id, &conn);
+    let policies_json: Vec<Value> = policies.iter().map(OrgPolicy::to_json).collect();
+
+    Ok(Json(json!({
+        "Data": policies_json,
+        "Object": "list",
+        "ContinuationToken": null
+    })))
+}
+
 #[get("/organizations/<org_id>/policies/<pol_type>")]
 fn get_policy(org_id: String, pol_type: i32, _headers: AdminHeaders, conn: DbConn) -> JsonResult {
    let pol_type_enum = match OrgPolicyType::from_i32(pol_type) {