fix logic

This commit is contained in:
Sam Machin
2026-01-06 15:49:44 +00:00
parent 78a3465ba7
commit b385c4ee97
4 changed files with 22 additions and 3 deletions
+6 -1
View File
@@ -141,9 +141,10 @@ router.put('/:sid/VoipCarriers/:voip_carrier_sid', async(req, res) => {
try {
if (process.env.JAMBONES_ADMIN_CARRIER == 1 && (!req.user.hasScope('service_provider')
|| !!req.user.hasScope('admin'))) {
&& !req.user.hasScope('admin'))) {
throw new DbErrorBadRequest('insufficient privileges');
}
const sid = parseVoipCarrierSid(req);
const account_sid = parseAccountSid(req);
await validateRequest(req, account_sid);
@@ -163,6 +164,10 @@ router.post('/:sid/VoipCarriers', async(req, res) => {
const logger = req.app.locals.logger;
const payload = req.body;
try {
if (process.env.JAMBONES_ADMIN_CARRIER == 1 && (!req.user.hasScope('service_provider')
|| !!req.user.hasScope('admin'))) {
throw new DbErrorBadRequest('insufficient privileges');
}
const account_sid = parseAccountSid(req);
await validateRequest(req, account_sid);
// Set the service_provder_sid to the relevent value for the account
+2 -1
View File
@@ -20,9 +20,10 @@ const hasWhitespace = (str) => /\s/.test(str);
async function validateAdd(req) {
try {
if (process.env.JAMBONES_ADMIN_CARRIER == 1 && (!req.user.hasScope('service_provider')
|| !!req.user.hasScope('admin'))) {
&& !req.user.hasScope('admin'))) {
throw new DbErrorBadRequest('insufficient privileges');
}
/* account level user can only act on carriers associated to his/her account */
if (req.user.hasAccountAuth) {
req.body.account_sid = req.user.account_sid;
+6
View File
@@ -45,6 +45,12 @@ const validate = async(req, sid) => {
const {netmask, ipv4, inbound, outbound} = req.body;
let voip_carrier_sid;
if (process.env.JAMBONES_ADMIN_CARRIER == 1 && (!req.user.hasScope('service_provider')
&& !req.user.hasScope('admin'))) {
throw new DbErrorBadRequest('insufficient privileges');
}
if (sid) {
const gateway = await lookupSipGatewayBySid(sid);
if (!gateway) throw new DbErrorBadRequest('invalid sip_gateway_sid');
+8 -1
View File
@@ -10,9 +10,10 @@ const validate = async(req) => {
const {lookupAppBySid, lookupAccountBySid} = req.app.locals;
if (process.env.JAMBONES_ADMIN_CARRIER == 1 && (!req.user.hasScope('service_provider')
|| !!req.user.hasScope('admin'))) {
&& !req.user.hasScope('admin'))) {
throw new DbErrorBadRequest('insufficient privileges');
}
/* account level user can only act on carriers associated to his/her account */
if (req.user.hasAccountAuth) {
req.body.account_sid = req.user.account_sid;
@@ -49,6 +50,12 @@ const validateUpdate = async(req, sid) => {
const validateDelete = async(req, sid) => {
const {lookupCarrierBySid} = req.app.locals;
if (process.env.JAMBONES_ADMIN_CARRIER == 1 && (!req.user.hasScope('service_provider')
&& !req.user.hasScope('admin'))) {
throw new DbErrorBadRequest('insufficient privileges');
}
if (req.user.hasAccountAuth) {
/* can only update carriers for the user's account */
const carrier = await lookupCarrierBySid(sid);