task-l.3
This commit is contained in:
@@ -11,6 +11,8 @@ import {
|
||||
users
|
||||
} from '@/db/schema';
|
||||
import { db } from '@/lib/db';
|
||||
import { resolveCrmMembershipAccess } from '@/lib/auth/crm-access';
|
||||
import { type SystemRole } from '@/lib/auth/rbac';
|
||||
import { AuthError } from '@/lib/auth/session';
|
||||
import { auditAction } from '@/features/foundation/audit-log/service';
|
||||
import { getActiveOptionsByCategory } from '@/features/foundation/master-options/service';
|
||||
@@ -611,7 +613,17 @@ async function assertActorCanHandleStep(organizationId: string, userId: string,
|
||||
throw new AuthError('Organization membership required', 403);
|
||||
}
|
||||
|
||||
if (membership.role === 'admin' || membership.businessRole === roleCode) {
|
||||
const resolvedAccess = await resolveCrmMembershipAccess({
|
||||
systemRole: userRow.systemRole as SystemRole,
|
||||
organizationId,
|
||||
membership
|
||||
});
|
||||
|
||||
if (
|
||||
membership.role === 'admin' ||
|
||||
resolvedAccess.businessRoles.includes(roleCode) ||
|
||||
resolvedAccess.businessRole === roleCode
|
||||
) {
|
||||
return;
|
||||
}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user