fix(api): correct permission check in organization v2beta service

# Which Problems Are Solved The organozation v2beta service wrongly checked the permissions on the user's organization instead of the organization the user tried to access. # How the Problems Are Solved - Check permissions in business logic based on accessed organization rather than the user's organization. - Queries now use permission v2 to ensure this. - Also changed the / to use the same pattern even if the old was no direct issue. # Additional Changes None # Additional Context None
2025-12-30 08:27:43 +00:00 · 2025-11-05 09:33:06 +01:00
parent 9c5ad4efcc
commit 8dcfff97ed
20 changed files with 1597 additions and 567 deletions
--- a/internal/api/ui/login/register_org_handler.go
+++ b/internal/api/ui/login/register_org_handler.go
@@ -84,7 +84,7 @@ func (l *Login) handleRegisterOrgCheck(w http.ResponseWriter, r *http.Request) {
 		l.renderRegisterOrg(w, r, authRequest, data, err)
 		return
 	}
-	_, err = l.command.SetUpOrg(ctx, data.toCommandOrg(), true, userIDs...)
+	_, err = l.command.SetUpOrg(ctx, data.toCommandOrg(), true, nil, userIDs...)
 	if err != nil {
 		l.renderRegisterOrg(w, r, authRequest, data, err)
 		return