Commit Graph

2 Commits

Author SHA1 Message Date
Dave Horton bff9314622 fix(security): add authorization checks to prevent cross-account access (CWE-639) (#558)
- Add precondition support to decorate.js retrieve function
- Fix google-custom-voices.js typo and add delete precondition
- Check ownership via speech_credential for google-custom-voices
- Add retrieve/delete preconditions to lcr-carrier-set-entries.js
- Add retrieve precondition to sip-gateways.js and smpp-gateways.js
- Add scope check to lcr-routes.js custom GET handler
- Add full authorization to tenants.js for all CRUD operations
- Add scoped query methods to tenant model

Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>
2026-06-27 15:53:51 -04:00
Dave Horton 02806a109c added schema changes for LCR (#150)
* added schema changes for LCR

* fix FK

* first draft

* force drop table

* add testcases

* swagger updated

* update code

* wip: add service provider LCR

* fix userpermission on lcr

* add lcr.is_active

* remove FK constraints on lcr

* wip

* wip

* wip

* fix: review comments

* fix: final review

* fix: final review

* fix: update database schema

* fix: update database schema

* fix: update database schema

* update schema

* fix: review comments

* lcr_routes.priority should not be unique

* fix review comments

---------

Co-authored-by: Quan HL <quan.luuhoang8@gmail.com>
2023-05-05 20:09:34 -04:00