Ling0925
/
buster
mirror of https://github.com/buster-so/buster.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #466 from buster-so/dallin/bus-1353-restrict-invite-if-toggled-in-organization 

Dallin/bus-1353-restrict-invite-if-toggled-in-organization
This commit is contained in:
dal 2025-07-10 07:41:35 -07:00 committed by GitHub
parent e00736712c caad613297
commit 7a5b5e28b8
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
6 changed files with 47 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
apps/api/libs/database/src/models.rs
View File

@ -343,6 +343,9 @@ pub struct Organization {
pub updated_at: DateTime<Utc>, pub updated_at: DateTime<Utc>,
pub deleted_at: Option<DateTime<Utc>>, pub deleted_at: Option<DateTime<Utc>>,
pub payment_required: bool, pub payment_required: bool,
pub domains: Option<Vec<String>>,
pub restrict_new_user_invitations: bool,
pub default_role: UserOrganizationRole,
} }
#[derive( #[derive(

6
apps/api/libs/database/src/schema.rs
View File

@ -438,6 +438,9 @@ diesel::table! {
} }
diesel::table! { diesel::table! {
use diesel::sql_types::*;
use super::sql_types::UserOrganizationRoleEnum;
organizations (id) { organizations (id) {
id -> Uuid, id -> Uuid,
name -> Text, name -> Text,
@ -446,6 +449,9 @@ diesel::table! {
updated_at -> Timestamptz, updated_at -> Timestamptz,
deleted_at -> Nullable<Timestamptz>, deleted_at -> Nullable<Timestamptz>,
payment_required -> Bool, payment_required -> Bool,
domains -> Nullable<Array<Text>>,
restrict_new_user_invitations -> Bool,
default_role -> UserOrganizationRoleEnum,
} }
} }

3
apps/api/libs/handlers/src/organizations/post_organization_handler.rs
View File

@ -34,6 +34,9 @@ pub async fn post_organization_handler(name: String, user: AuthenticatedUser) ->
updated_at: now, updated_at: now,
deleted_at: None, deleted_at: None,
payment_required: true, payment_required: true,
domains: None,
restrict_new_user_invitations: false,
default_role: UserOrganizationRole::RestrictedQuerier,
}; };
insert_into(organizations::table) insert_into(organizations::table)

29
apps/api/libs/handlers/src/users/invite_user_handler.rs
View File

@ -51,6 +51,35 @@ pub async fn invite_user_handler(
.context("Failed to find organization")?; .context("Failed to find organization")?;
let organization_name = organization.name; let organization_name = organization.name;
// Check if the organization has restricted new user invitations
if organization.restrict_new_user_invitations {
// Get the inviting user's role in the organization
let inviter_org_membership = inviting_user
.organizations
.iter()
.find(|org| org.id == organization_id)
.context("Inviting user is not a member of the organization")?;
// Check if the user has admin permissions
match inviter_org_membership.role {
UserOrganizationRole::WorkspaceAdmin | UserOrganizationRole::DataAdmin => {
// User has permission to invite, continue
tracing::info!(
user_id = %inviting_user.id,
organization_id = %organization_id,
role = ?inviter_org_membership.role,
"Admin user bypassing invitation restriction"
);
}
_ => {
// User does not have permission to invite
return Err(anyhow::anyhow!(
"New user invitations have been restricted by the organization administrators. Only workspace admins and data admins can send invites."
));
}
}
}
let inviter_id = inviting_user.id; let inviter_id = inviting_user.id;
let now = Utc::now(); let now = Utc::now();
let mut successful_emails: Vec<String> = Vec::new(); let mut successful_emails: Vec<String> = Vec::new();

3
apps/api/server/src/routes/rest/routes/users/get_user.rs
View File

@ -120,6 +120,9 @@ pub async fn get_user_information(user_id: &Uuid) -> Result<UserInfoObject> {
organizations::updated_at, organizations::updated_at,
organizations::deleted_at, organizations::deleted_at,
organizations::payment_required, organizations::payment_required,
organizations::domains,
organizations::restrict_new_user_invitations,
organizations::default_role,
) )
.nullable(), .nullable(),
users_to_organizations::role.nullable(), users_to_organizations::role.nullable(),

3
apps/api/server/src/routes/ws/ws_utils.rs
View File

@ -410,6 +410,9 @@ pub async fn get_user_information(user_id: &Uuid) -> Result<UserInfoObject> {
organizations::updated_at, organizations::updated_at,
organizations::deleted_at, organizations::deleted_at,
organizations::payment_required, organizations::payment_required,
organizations::domains,
organizations::restrict_new_user_invitations,
organizations::default_role,
) )
.nullable(), .nullable(),
users_to_organizations::role.nullable(), users_to_organizations::role.nullable(),