Policies refactor, guest roles (#6732)

2024-03-31 18:28:35 -06:00
parent ceb7ae1514
commit c27cd945a7
46 changed files with 901 additions and 1032 deletions
--- a/server/routes/api/groups/snapshots/groups.test.ts.snap
+++ b/server/routes/api/groups/snapshots/groups.test.ts.snap
@@ -2,8 +2,8 @@

 exports[`#groups.add_user should require admin 1`] = `
 {
-  "error": "admin_required",
-  "message": "An admin role is required to access this resource",
+  "error": "authorization_error",
+  "message": "Authorization error",
  "ok": false,
  "status": 403,
 }
@@ -56,8 +56,8 @@ exports[`#groups.memberships should require authentication 1`] = `

 exports[`#groups.remove_user should require admin 1`] = `
 {
-  "error": "admin_required",
-  "message": "An admin role is required to access this resource",
+  "error": "authorization_error",
+  "message": "Authorization error",
  "ok": false,
  "status": 403,
 }
--- a/server/routes/api/groups/groups.ts
+++ b/server/routes/api/groups/groups.ts
@@ -27,6 +27,7 @@ router.post(
  async (ctx: APIContext<T.GroupsListReq>) => {
    const { direction, sort, userId, name } = ctx.input.body;
    const { user } = ctx.state.auth;
+    authorize(user, "listGroups", user.team);

    let where: WhereOptions<Group> = {
      teamId: user.teamId,