ben.carrasco/jambonz-api-server
1
0
Fork 0
mirror of https://github.com/jambonz/jambonz-api-server.git synced 2025-12-19 05:47:46 +00:00
Code Issues Packages Projects Releases Wiki Activity

admin can create call on behalf of account (#446)

Browse Source 
* admin and service provider can create call on behalf of account

* wip

* admin and service provider can create call on behalf of account

* wip

* wip

* wip
This commit is contained in:
Hoan Luu Huu
2025-05-28 21:22:52 +07:00
committed by GitHub
parent bb5dba7c20
commit c51b7bab82
1 changed files with 4 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
lib/routes/api/accounts.js
View File

@@ -382,7 +382,10 @@ async function validateCreateCall(logger, sid, req) {
const {lookupAppBySid} = req.app.locals;
const obj = req.body;
if (req.user.account_sid !== sid) throw new DbErrorBadRequest(`unauthorized createCall request for account ${sid}`);
if (req.user.hasServiceProviderAuth ||
req.user.hasAccountAuth && req.user.account_sid !== sid) {
throw new DbErrorBadRequest(`unauthorized createCall request for account ${sid}`);
}
obj.account_sid = sid;
if (!obj.from) throw new DbErrorBadRequest('missing from parameter');