Files
jambonz-api-server/lib/models/tenant.js
T
Dave Horton bff9314622 fix(security): add authorization checks to prevent cross-account access (CWE-639) (#558)
- Add precondition support to decorate.js retrieve function
- Fix google-custom-voices.js typo and add delete precondition
- Check ownership via speech_credential for google-custom-voices
- Add retrieve/delete preconditions to lcr-carrier-set-entries.js
- Add retrieve precondition to sip-gateways.js and smpp-gateways.js
- Add scope check to lcr-routes.js custom GET handler
- Add full authorization to tenants.js for all CRUD operations
- Add scoped query methods to tenant model

Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>
2026-06-27 15:53:51 -04:00

56 lines
1.2 KiB
JavaScript

const Model = require('./model');
const {promisePool} = require('../db');
class MsTeamsTenant extends Model {
constructor() {
super();
}
static async retrieveAll(account_sid) {
if (account_sid) {
const sql = `SELECT * FROM ${this.table} WHERE account_sid = ?`;
const [rows] = await promisePool.query(sql, account_sid);
return rows;
}
const sql = `SELECT * FROM ${this.table}`;
const [rows] = await promisePool.query(sql);
return rows;
}
static async retrieveAllByServiceProviderSid(service_provider_sid) {
const sql = `SELECT * FROM ${this.table} WHERE service_provider_sid = ?`;
const [rows] = await promisePool.query(sql, service_provider_sid);
return rows;
}
}
MsTeamsTenant.table = 'ms_teams_tenants';
MsTeamsTenant.fields = [
{
name: 'ms_teams_tenant_sid',
type: 'string',
primaryKey: true
},
{
name: 'service_provider_sid',
type: 'string',
required: true
},
{
name: 'account_sid',
type: 'string',
required: true
},
{
name: 'application_sid',
type: 'string'
},
{
name: 'tenant_fqdn',
type: 'string',
required: true
}
];
module.exports = MsTeamsTenant;