Add actions check to all endpoints

server/routers/org/updateOrg.ts

@@ -6,6 +6,7 @@ import { eq } from 'drizzle-orm';
 import response from "@server/utils/response";
 import HttpCode from '@server/types/HttpCode';
 import createHttpError from 'http-errors';
+import { ActionsEnum, checkUserActionPermission } from '@server/auth/actions';
 
 const updateOrgParamsSchema = z.object({
   orgId: z.string().transform(Number).pipe(z.number().int().positive())
@@ -43,6 +44,13 @@ export async function updateOrg(req: Request, res: Response, next: NextFunction)
     const { orgId } = parsedParams.data;
     const updateData = parsedBody.data;
 
+
+    // Check if the user has permission to list sites
+    const hasPermission = await checkUserActionPermission(ActionsEnum.updateOrg, req);
+    if (!hasPermission) {
+      return next(createHttpError(HttpCode.FORBIDDEN, 'User does not have permission to list sites'));
+    }
+
     const updatedOrg = await db.update(orgs)
       .set(updateData)
       .where(eq(orgs.orgId, orgId))