Created the orgAdminProcedure (#574)

Created a procedure to separate the logic checking if the user  in the organization is an administrator

Author: Esther-Lita

apps/platform/trpc/routers/orgRouter/mail/domainsRouter.ts

@@ -1,5 +1,5 @@
 import { z } from 'zod';
-import { router, orgProcedure } from '~platform/trpc/trpc';
+import { router, orgProcedure, orgAdminProcedure } from '~platform/trpc/trpc';
 import { and, eq } from '@u22n/database/orm';
 import {
   domains,
@@ -15,7 +15,7 @@ import { updateDnsRecords } from '~platform/utils/updateDnsRecords';
 import { iCanHazCallerFactory } from '../iCanHaz/iCanHazRouter';
 
 export const domainsRouter = router({
-  createNewDomain: orgProcedure
+  createNewDomain: orgAdminProcedure
     .input(
       z.object({
         domainName: z.string().min(3).max(255)
@@ -41,14 +41,6 @@ export const domainsRouter = router({
       const newPublicId = typeIdGenerator('domains');
       const domainName = input.domainName.toLowerCase();
 
-      const isAdmin = await isAccountAdminOfOrg(org);
-      if (!isAdmin) {
-        throw new TRPCError({
-          code: 'UNAUTHORIZED',
-          message: 'You are not an admin'
-        });
-      }
-
       const dnsData = await lookupNS(domainName);
       if (
         dnsData.success === false &&
@@ -175,7 +167,7 @@ export const domainsRouter = router({
       };
     }),
 
-  getDomain: orgProcedure
+  getDomain: orgAdminProcedure
     .input(
       z.object({
         domainPublicId: typeIdValidator('domains')
@@ -196,14 +188,6 @@ export const domainsRouter = router({
       // Handle when adding database replicas
       const dbReplica = db;
 
-      const isAdmin = await isAccountAdminOfOrg(org);
-      if (!isAdmin) {
-        throw new TRPCError({
-          code: 'UNAUTHORIZED',
-          message: 'You are not an admin'
-        });
-      }
-
       const domainResponse = await dbReplica.query.domains.findFirst({
         where: and(
           eq(domains.publicId, domainPublicId),
@@ -226,7 +210,7 @@ export const domainsRouter = router({
       };
     }),
 
-  getDomainDns: orgProcedure
+  getDomainDns: orgAdminProcedure
     .input(
       z.object({
         domainPublicId: typeIdValidator('domains')
@@ -237,14 +221,6 @@ export const domainsRouter = router({
       const orgId = org?.id;
       const { domainPublicId } = input;
 
-      const isAdmin = await isAccountAdminOfOrg(org);
-      if (!isAdmin) {
-        throw new TRPCError({
-          code: 'UNAUTHORIZED',
-          message: 'You are not an admin'
-        });
-      }
-
       return updateDnsRecords({ domainPublicId, orgId }, db);
     }),
 

apps/platform/trpc/routers/orgRouter/mail/emailIdentityRouter.ts

@@ -1,5 +1,5 @@
 import { z } from 'zod';
-import { router, orgProcedure } from '~platform/trpc/trpc';
+import { router, orgProcedure, orgAdminProcedure } from '~platform/trpc/trpc';
 import {
   and,
   eq,
@@ -87,7 +87,7 @@ export const emailIdentityRouter = router({
         available: true
       };
     }),
-  createNewEmailIdentity: orgProcedure
+  createNewEmailIdentity: orgAdminProcedure
     .input(
       z.object({
         emailUsername: z.string().min(1).max(255),
@@ -119,14 +119,6 @@ export const emailIdentityRouter = router({
 
       const emailUsername = input.emailUsername.toLowerCase();
 
-      const isAdmin = await isAccountAdminOfOrg(org);
-      if (!isAdmin) {
-        throw new TRPCError({
-          code: 'UNAUTHORIZED',
-          message: 'You are not an admin'
-        });
-      }
-
       if (!routeToOrgMemberPublicIds && !routeToTeamsPublicIds) {
         throw new TRPCError({
           code: 'BAD_REQUEST',

apps/platform/trpc/routers/orgRouter/setup/profileRouter.ts

@@ -1,5 +1,5 @@
 import { z } from 'zod';
-import { router, orgProcedure } from '~platform/trpc/trpc';
+import { router, orgProcedure, orgAdminProcedure } from '~platform/trpc/trpc';
 import { eq } from '@u22n/database/orm';
 import { orgs } from '@u22n/database/schema';
 import { typeIdValidator } from '@u22n/utils/typeid';
@@ -45,7 +45,7 @@ export const orgProfileRouter = router({
       };
     }),
 
-  setOrgProfile: orgProcedure
+  setOrgProfile: orgAdminProcedure
     .input(
       z.object({
         orgName: z.string().min(3).max(32)
@@ -62,14 +62,6 @@ export const orgProfileRouter = router({
       const orgId = org?.id;
       const { orgName } = input;
 
-      const isAdmin = await isAccountAdminOfOrg(org);
-      if (!isAdmin) {
-        throw new TRPCError({
-          code: 'UNAUTHORIZED',
-          message: 'You are not an admin'
-        });
-      }
-
       await db
         .update(orgs)
         .set({

apps/platform/trpc/routers/orgRouter/users/invitesRouter.ts

@@ -3,7 +3,8 @@ import {
   router,
   orgProcedure,
   accountProcedure,
-  publicProcedure
+  publicProcedure,
+  orgAdminProcedure
 } from '~platform/trpc/trpc';
 import { eq } from '@u22n/database/orm';
 import {
@@ -472,7 +473,7 @@ export const invitesRouter = router({
         orgShortCode: queryInvitesResponse.org.shortcode
       };
     }),
-  invalidateInvite: orgProcedure
+  invalidateInvite: orgAdminProcedure
     .input(
       z.object({
         invitePublicId: typeIdValidator('orgInvitations')
@@ -487,14 +488,6 @@ export const invitesRouter = router({
       }
       const { db, org } = ctx;
 
-      const isAdmin = await isAccountAdminOfOrg(org);
-      if (!isAdmin) {
-        throw new TRPCError({
-          code: 'UNAUTHORIZED',
-          message: 'You are not an admin'
-        });
-      }
-
       await db
         .update(orgInvitations)
         .set({
@@ -506,7 +499,7 @@ export const invitesRouter = router({
         success: true
       };
     }),
-  refreshInvite: orgProcedure
+  refreshInvite: orgAdminProcedure
     .input(
       z.object({
         invitePublicId: typeIdValidator('orgInvitations')
@@ -521,14 +514,6 @@ export const invitesRouter = router({
       }
       const { db, org } = ctx;
 
-      const isAdmin = await isAccountAdminOfOrg(org);
-      if (!isAdmin) {
-        throw new TRPCError({
-          code: 'UNAUTHORIZED',
-          message: 'You are not an admin'
-        });
-      }
-
       await db
         .update(orgInvitations)
         .set({

apps/platform/trpc/routers/orgRouter/users/teamsRouter.ts

@@ -1,5 +1,5 @@
 import { z } from 'zod';
-import { router, orgProcedure } from '~platform/trpc/trpc';
+import { router, orgProcedure, orgAdminProcedure } from '~platform/trpc/trpc';
 import { eq, and } from '@u22n/database/orm';
 import { teams } from '@u22n/database/schema';
 import { typeIdGenerator, typeIdValidator } from '@u22n/utils/typeid';
@@ -9,7 +9,7 @@ import { TRPCError } from '@trpc/server';
 import { addOrgMemberToTeamHandler } from './teamsHandler';
 
 export const teamsRouter = router({
-  createTeam: orgProcedure
+  createTeam: orgAdminProcedure
     .input(
       z.object({
         teamName: z.string().min(2).max(50),
@@ -30,14 +30,6 @@ export const teamsRouter = router({
       const { teamName, teamDescription, teamColor } = input;
       const newPublicId = typeIdGenerator('teams');
 
-      const isAdmin = await isAccountAdminOfOrg(org);
-      if (!isAdmin) {
-        throw new TRPCError({
-          code: 'UNAUTHORIZED',
-          message: 'You are not an admin'
-        });
-      }
-
       await db.insert(teams).values({
         publicId: newPublicId,
         name: teamName,
@@ -176,7 +168,7 @@ export const teamsRouter = router({
         team: teamQuery
       };
     }),
-  addOrgMemberToTeam: orgProcedure
+  addOrgMemberToTeam: orgAdminProcedure
     .input(
       z.object({
         teamPublicId: typeIdValidator('teams'),
@@ -193,14 +185,6 @@ export const teamsRouter = router({
       const { org, db } = ctx;
       const { teamPublicId, orgMemberPublicId } = input;
 
-      const isAdmin = await isAccountAdminOfOrg(org);
-      if (!isAdmin) {
-        throw new TRPCError({
-          code: 'UNAUTHORIZED',
-          message: 'You are not an admin'
-        });
-      }
-
       const newTeamMemberPublicId = await addOrgMemberToTeamHandler(db, {
         orgId: org.id,
         teamPublicId: teamPublicId,
@@ -212,7 +196,7 @@ export const teamsRouter = router({
         publicId: newTeamMemberPublicId
       };
     }),
-  updateTeamMembers: orgProcedure
+  updateTeamMembers: orgAdminProcedure
     .input(
       z.object({
         teamPublicId: typeIdValidator('teams'),
@@ -229,13 +213,6 @@ export const teamsRouter = router({
       const { org, db } = ctx;
       const { teamPublicId, orgMemberPublicIds } = input;
 
-      const isAdmin = await isAccountAdminOfOrg(org);
-      if (!isAdmin) {
-        throw new TRPCError({
-          code: 'UNAUTHORIZED',
-          message: 'You are not an admin'
-        });
-      }
       const teamMembers = await db.query.teams.findFirst({
         where: and(eq(teams.publicId, teamPublicId), eq(teams.orgId, org.id)),
         columns: {},

apps/platform/trpc/trpc.ts

@@ -4,6 +4,7 @@ import { validateOrgShortCode } from '~platform/utils/orgShortCode';
 import type { TrpcContext } from '~platform/ctx';
 import { z } from 'zod';
 import { env } from '~platform/env';
+import { isAccountAdminOfOrg } from '~platform/utils/account';
 
 export const trpcContext = initTRPC
   .context<TrpcContext>()
@@ -49,6 +50,7 @@ export const publicProcedure = trpcContext.procedure.use(
 );
 
 export const accountProcedure = publicProcedure.use(isAccountAuthenticated);
+
 export const orgProcedure = publicProcedure
   .use(isAccountAuthenticated)
   .input(z.object({ orgShortCode: z.string() }))
@@ -98,6 +100,17 @@ export const orgProcedure = publicProcedure
       })
   );
 
+export const orgAdminProcedure = orgProcedure.use(async ({ ctx, next }) => {
+  const isAdmin = await isAccountAdminOfOrg(ctx.org);
+  if (!isAdmin) {
+    throw new TRPCError({
+      code: 'UNAUTHORIZED',
+      message: 'You need to be an administrator'
+    });
+  }
+  return next();
+});
+
 export const turnstileProcedure = publicProcedure
   .input(z.object({ turnstileToken: z.string().optional() }))
   .use(async ({ input, ctx, next }) => {