hailin
/
it0
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fix(auth): allow platform_admin to manage tenant members and invites 

Member/invite endpoints were restricted to 'admin' role only, blocking
platform_admin from accessing them on the tenant detail page (403).
Added platform_admin and platform_super_admin to all six endpoints.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
hailin 2026-03-07 05:45:59 -08:00
parent e48615e713
commit 4aabda440f
1 changed files with 6 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
packages/services/auth-service/src/interfaces/rest/controllers/tenant.controller.ts
View File

@ -159,7 +159,7 @@ export class TenantController {
* GET /api/v1/admin/tenants/:id/members
*/
@Get(':id/members')
@Roles('admin')
@Roles('admin', 'platform_admin', 'platform_super_admin')
async listMembers(@Param('id') id: string) {
const tenant = await this.findTenantOrFail(id);
const schemaName = `it0_t_${tenant.slug}`;
@ -186,7 +186,7 @@ export class TenantController {
* PATCH /api/v1/admin/tenants/:id/members/:memberId
*/
@Patch(':id/members/:memberId')
@Roles('admin')
@Roles('admin', 'platform_admin', 'platform_super_admin')
async updateMember(
@Param('id') tenantId: string,
@Param('memberId') memberId: string,
@ -259,7 +259,7 @@ export class TenantController {
* DELETE /api/v1/admin/tenants/:id/members/:memberId
*/
@Delete(':id/members/:memberId')
@Roles('admin')
@Roles('admin', 'platform_admin', 'platform_super_admin')
async removeMember(
@Param('id') tenantId: string,
@Param('memberId') memberId: string,
@ -296,7 +296,7 @@ export class TenantController {
* GET /api/v1/admin/tenants/:id/invites
*/
@Get(':id/invites')
@Roles('admin')
@Roles('admin', 'platform_admin', 'platform_super_admin')
async listInvites(@Param('id') id: string) {
const tenant = await this.findTenantOrFail(id);
const invites = await this.authService.listInvites(tenant.slug);
@ -315,7 +315,7 @@ export class TenantController {
* POST /api/v1/admin/tenants/:id/invites
*/
@Post(':id/invites')
@Roles('admin')
@Roles('admin', 'platform_admin', 'platform_super_admin')
async createInvite(
@Param('id') id: string,
@Body() body: { email: string; role?: string },
@ -343,7 +343,7 @@ export class TenantController {
* DELETE /api/v1/admin/tenants/:id/invites/:inviteId
*/
@Delete(':id/invites/:inviteId')
@Roles('admin')
@Roles('admin', 'platform_admin', 'platform_super_admin')
async revokeInvite(
@Param('id') id: string,
@Param('inviteId') inviteId: string,