ben.carrasco/jambonz-api-server
1
0
Fork 0
mirror of https://github.com/jambonz/jambonz-api-server.git synced 2026-01-25 02:08:24 +00:00
Code Issues Packages Projects Releases Wiki Activity

Fix 403 for SP calling RecentCalls/Alerts via /Accounts route (#149)

Browse Source 
* fix 403 for SP calling RecentCalls/Alerts via /Accounts route

* update base image

* update base image

---------

Co-authored-by: eglehelms <e.helms@cognigy.com>
This commit is contained in:
EgleH
2023-04-12 19:22:40 +02:00
committed by GitHub
parent 36607b505f
commit ba431aeb35
2 changed files with 13 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
Dockerfile.db-create
View File

@@ -1,4 +1,4 @@
FROM --platform=linux/amd64 node:18.14.1-alpine3.16 as base
FROM --platform=linux/amd64 node:18.15-alpine3.16 as base
RUN apk --update --no-cache add --virtual .builds-deps build-base python3

13
lib/routes/api/utils.js
View File

@@ -242,7 +242,18 @@ const hasAccountPermissions = async(req, res, next) => {
if (req.user.hasScope('service_provider')) {
const service_provider_sid = parseServiceProviderSid(req);
if (service_provider_sid === req.user.service_provider_sid) return next();
const account_sid = parseAccountSid(req);
if (service_provider_sid) {
if (service_provider_sid === req.user.service_provider_sid) {
return next();
}
}
if (account_sid) {
const [r] = await Account.retrieve(account_sid);
if (r && r.service_provider_sid === req.user.service_provider_sid) {
return next();
}
}
}
if (req.user.hasScope('account')) {