🔒 Update manager privileges

staart · Jul 31, 2019 · 3a4d48c · 3a4d48c
1 parent 66c4854
commit 3a4d48c
Show file tree

Hide file tree

Showing 2 changed files with 16 additions and 6 deletions.
diff --git a/package.json b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "staart-manager",
-  "version": "1.0.111",
+  "version": "1.0.112",
   "main": "index.js",
   "repository": "[email protected]:AnandChowdhary/staart.git",
   "author": "Anand Chowdhary <[email protected]>",
@@ -135,5 +135,5 @@
     "setup"
   ],
   "snyk": true,
-  "staart-version": "1.0.111"
+  "staart-version": "1.0.112"
 }
diff --git a/src/helpers/authorization.ts b/src/helpers/authorization.ts
@@ -102,16 +102,26 @@ const canUserOrganization = async (
     // An organization admin can do anything too
     if (membership.role == MembershipRole.ADMIN) allowed = true;
 
-    // An organization manager can do anything but delete
+    // An organization manager can do some things
     if (
       membership.role == MembershipRole.MANAGER &&
       action != Authorizations.DELETE &&
       action != Authorizations.DELETE_SECURE &&
       action != OrgScopes.DELETE_ORG &&
-      action != OrgScopes.DELETE_ORG_API_KEYS &&
-      action != OrgScopes.DELETE_ORG_DOMAINS &&
+      action != OrgScopes.READ_ORG_BILLING &&
+      action != OrgScopes.UPDATE_ORG_BILLING &&
+      action != OrgScopes.READ_ORG_SUBSCRIPTIONS &&
+      action != OrgScopes.UPDATE_ORG_SUBSCRIPTIONS &&
+      action != OrgScopes.CREATE_ORG_SUBSCRIPTIONS &&
+      action != OrgScopes.READ_ORG_INVOICES &&
+      action != OrgScopes.READ_ORG_PLANS &&
+      action != OrgScopes.READ_ORG_SOURCES &&
+      action != OrgScopes.UPDATE_ORG_SOURCES &&
       action != OrgScopes.DELETE_ORG_SOURCES &&
-      action != OrgScopes.DELETE_ORG_WEBHOOKS
+      action != OrgScopes.CREATE_ORG_SOURCES &&
+      action != OrgScopes.CREATE_ORG_WEBHOOKS &&
+      action != OrgScopes.DELETE_ORG_WEBHOOKS &&
+      action != OrgScopes.UPDATE_ORG_WEBHOOKS
     )
       allowed = true;