fix(auth): allow platform_admin to manage tenant members and invites
Member/invite endpoints were restricted to 'admin' role only, blocking platform_admin from accessing them on the tenant detail page (403). Added platform_admin and platform_super_admin to all six endpoints. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
parent
e48615e713
commit
4aabda440f
|
|
@ -159,7 +159,7 @@ export class TenantController {
|
||||||
* GET /api/v1/admin/tenants/:id/members
|
* GET /api/v1/admin/tenants/:id/members
|
||||||
*/
|
*/
|
||||||
@Get(':id/members')
|
@Get(':id/members')
|
||||||
@Roles('admin')
|
@Roles('admin', 'platform_admin', 'platform_super_admin')
|
||||||
async listMembers(@Param('id') id: string) {
|
async listMembers(@Param('id') id: string) {
|
||||||
const tenant = await this.findTenantOrFail(id);
|
const tenant = await this.findTenantOrFail(id);
|
||||||
const schemaName = `it0_t_${tenant.slug}`;
|
const schemaName = `it0_t_${tenant.slug}`;
|
||||||
|
|
@ -186,7 +186,7 @@ export class TenantController {
|
||||||
* PATCH /api/v1/admin/tenants/:id/members/:memberId
|
* PATCH /api/v1/admin/tenants/:id/members/:memberId
|
||||||
*/
|
*/
|
||||||
@Patch(':id/members/:memberId')
|
@Patch(':id/members/:memberId')
|
||||||
@Roles('admin')
|
@Roles('admin', 'platform_admin', 'platform_super_admin')
|
||||||
async updateMember(
|
async updateMember(
|
||||||
@Param('id') tenantId: string,
|
@Param('id') tenantId: string,
|
||||||
@Param('memberId') memberId: string,
|
@Param('memberId') memberId: string,
|
||||||
|
|
@ -259,7 +259,7 @@ export class TenantController {
|
||||||
* DELETE /api/v1/admin/tenants/:id/members/:memberId
|
* DELETE /api/v1/admin/tenants/:id/members/:memberId
|
||||||
*/
|
*/
|
||||||
@Delete(':id/members/:memberId')
|
@Delete(':id/members/:memberId')
|
||||||
@Roles('admin')
|
@Roles('admin', 'platform_admin', 'platform_super_admin')
|
||||||
async removeMember(
|
async removeMember(
|
||||||
@Param('id') tenantId: string,
|
@Param('id') tenantId: string,
|
||||||
@Param('memberId') memberId: string,
|
@Param('memberId') memberId: string,
|
||||||
|
|
@ -296,7 +296,7 @@ export class TenantController {
|
||||||
* GET /api/v1/admin/tenants/:id/invites
|
* GET /api/v1/admin/tenants/:id/invites
|
||||||
*/
|
*/
|
||||||
@Get(':id/invites')
|
@Get(':id/invites')
|
||||||
@Roles('admin')
|
@Roles('admin', 'platform_admin', 'platform_super_admin')
|
||||||
async listInvites(@Param('id') id: string) {
|
async listInvites(@Param('id') id: string) {
|
||||||
const tenant = await this.findTenantOrFail(id);
|
const tenant = await this.findTenantOrFail(id);
|
||||||
const invites = await this.authService.listInvites(tenant.slug);
|
const invites = await this.authService.listInvites(tenant.slug);
|
||||||
|
|
@ -315,7 +315,7 @@ export class TenantController {
|
||||||
* POST /api/v1/admin/tenants/:id/invites
|
* POST /api/v1/admin/tenants/:id/invites
|
||||||
*/
|
*/
|
||||||
@Post(':id/invites')
|
@Post(':id/invites')
|
||||||
@Roles('admin')
|
@Roles('admin', 'platform_admin', 'platform_super_admin')
|
||||||
async createInvite(
|
async createInvite(
|
||||||
@Param('id') id: string,
|
@Param('id') id: string,
|
||||||
@Body() body: { email: string; role?: string },
|
@Body() body: { email: string; role?: string },
|
||||||
|
|
@ -343,7 +343,7 @@ export class TenantController {
|
||||||
* DELETE /api/v1/admin/tenants/:id/invites/:inviteId
|
* DELETE /api/v1/admin/tenants/:id/invites/:inviteId
|
||||||
*/
|
*/
|
||||||
@Delete(':id/invites/:inviteId')
|
@Delete(':id/invites/:inviteId')
|
||||||
@Roles('admin')
|
@Roles('admin', 'platform_admin', 'platform_super_admin')
|
||||||
async revokeInvite(
|
async revokeInvite(
|
||||||
@Param('id') id: string,
|
@Param('id') id: string,
|
||||||
@Param('inviteId') inviteId: string,
|
@Param('inviteId') inviteId: string,
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue