fix(api): permission checks (#399)

kouprlabs · Nov 28, 2024 · e05cae3 · e05cae3
1 parent 352cf56
commit e05cae3
Show file tree

Hide file tree

Showing 2 changed files with 5 additions and 3 deletions.
diff --git a/api/service/organization_service.go b/api/service/organization_service.go
@@ -267,8 +267,10 @@ func (svc *OrganizationService) RemoveMember(id string, memberID string, userID
 		return err
 	}
 
-	if err := svc.orgGuard.Authorize(userID, org, model.PermissionOwner); err != nil {
-		return err
+	if memberID != userID {
+		if err := svc.orgGuard.Authorize(userID, org, model.PermissionOwner); err != nil {
+			return err
+		}
 	}
 
 	/* Make sure member is not the last remaining owner of the organization */

diff --git a/api/service/workspace_service.go b/api/service/workspace_service.go
@@ -236,7 +236,7 @@ func (svc *WorkspaceService) PatchStorageCapacity(id string, storageCapacity int
 	if err != nil {
 		return nil, err
 	}
-	if err = svc.workspaceGuard.Authorize(userID, workspace, model.PermissionEditor); err != nil {
+	if err = svc.workspaceGuard.Authorize(userID, workspace, model.PermissionOwner); err != nil {
 		return nil, err
 	}
 	size, err := svc.fileRepo.ComputeSize(workspace.GetRootID())