pguerrerox/leads4less
Public Access
1
0
Fork 0
Code Actions Wiki Activity

feat: introduce app-admin authorization and audit logging

Browse Source 
- add migrations for owner/member workspace roles and application admins

- centralize /admin access checks with DB-backed admin resolution

- audit admin analytics/billing route access

- update account/admin UI typing and env/docs for ADMIN_EMAILS fallback behavior
This commit is contained in:
pguerrerox
2026-05-25 15:25:59 +00:00
parent 5508e15da1
commit f5e7e966e3
14 changed files with 269 additions and 302 deletions
Download Patch File Download Diff File Expand all files Collapse all files
server/src/routes/account.ts
+1 -1
View File
@@ -31,7 +31,7 @@ export const accountRoutes: FastifyPluginAsync = async (app) => {
return reply.code(500).send({ error: 'Failed to load workspace.' });
}
if (payload.workspaceName && workspace.role !== 'owner' && workspace.role !== 'admin') {
if (payload.workspaceName && workspace.role !== 'owner') {
return reply.code(403).send({ error: 'You do not have permission to update this workspace.' });
}