🚧 list authentication items from policy APIs

2026-05-11 23:04:59 +00:00 · 2026-02-18 05:08:42 +01:00
parent e409a34a09
commit ee21e1faa7
9 changed files with 623 additions and 1 deletions
--- a/server/routers/external.ts
+++ b/server/routers/external.ts
@@ -42,7 +42,8 @@ import {
    verifyUserIsOrgOwner,
    verifySiteResourceAccess,
    verifyOlmAccess,
-    verifyLimits
+    verifyLimits,
+    verifyResourcePolicyAccess
 } from "@server/middlewares";
 import { ActionsEnum } from "@server/auth/actions";
 import rateLimit, { ipKeyGenerator } from "express-rate-limit";
@@ -676,6 +677,39 @@ authenticated.post(
    resource.setResourceUsers
 );

+authenticated.get(
+    "/resource-policy/:resourcePolicyId/roles",
+    verifyResourcePolicyAccess,
+    verifyUserHasAction(ActionsEnum.listResourcePolicyRoles),
+    resource.listResourcePolicyRoles
+);
+
+authenticated.get(
+    "/resource-policy/:resourcePolicyId/users",
+    verifyResourcePolicyAccess,
+    verifyUserHasAction(ActionsEnum.listResourcePolicyUsers),
+    resource.listResourcePolicyUsers
+);
+
+authenticated.post(
+    "/resource-policy/:resourcePolicyId/roles",
+    verifyResourcePolicyAccess,
+    verifyRoleAccess,
+    verifyLimits,
+    verifyUserHasAction(ActionsEnum.setResourcePolicyRoles),
+    logActionAudit(ActionsEnum.setResourcePolicyRoles),
+    resource.setResourcePolicyRoles
+);
+
+authenticated.post(
+    "/resource-policy/:resourcePolicyId/users",
+    verifyResourcePolicyAccess,
+    verifyLimits,
+    verifyUserHasAction(ActionsEnum.setResourcePolicyUsers),
+    logActionAudit(ActionsEnum.setResourcePolicyUsers),
+    resource.setResourcePolicyUsers
+);
+
 authenticated.post(
    `/resource/:resourceId/password`,
    verifyResourceAccess,