From f37eda473915b380fee822a9d3e91e05068c1b61 Mon Sep 17 00:00:00 2001 From: Owen Date: Sat, 30 Aug 2025 22:28:37 -0700 Subject: [PATCH] Fix #1376 --- server/routers/external.ts | 1 + server/routers/org/deleteOrg.ts | 14 +------------- 2 files changed, 2 insertions(+), 13 deletions(-) diff --git a/server/routers/external.ts b/server/routers/external.ts index 91c185d2..0ca31117 100644 --- a/server/routers/external.ts +++ b/server/routers/external.ts @@ -82,6 +82,7 @@ authenticated.delete( "/org/:orgId", verifyOrgAccess, verifyUserIsOrgOwner, + verifyUserHasAction(ActionsEnum.deleteOrg), org.deleteOrg ); diff --git a/server/routers/org/deleteOrg.ts b/server/routers/org/deleteOrg.ts index 76e2ad79..63e9abb0 100644 --- a/server/routers/org/deleteOrg.ts +++ b/server/routers/org/deleteOrg.ts @@ -49,19 +49,7 @@ export async function deleteOrg( } const { orgId } = parsedParams.data; - // Check if the user has permission to list sites - const hasPermission = await checkUserActionPermission( - ActionsEnum.deleteOrg, - req - ); - if (!hasPermission) { - return next( - createHttpError( - HttpCode.FORBIDDEN, - "User does not have permission to perform this action" - ) - ); - } + const [org] = await db .select() .from(orgs)