File tree Expand file tree Collapse file tree
Expand file tree Collapse file tree Original file line number Diff line number Diff line change @@ -3646,6 +3646,13 @@ export class Message {
36463646 if ( msg . object != "plans" && msg . object != "subscription_items" && msg . object != "invoices_upcoming" && msg . object != "billing_portal/sessions" ) {
36473647 throw new Error ( "Access to " + msg . object + " is not allowed" ) ;
36483648 }
3649+ if ( msg . object == "billing_portal/sessions" ) {
3650+ const tuser = Crypt . verityToken ( cli . jwt ) ;
3651+ const customer = await Config . db . getbyid ( msg . customerid , "users" , cli . jwt , null ) ;
3652+ if ( ! tuser . HasRoleName ( customer . name + " admins" ) && ! tuser . HasRoleName ( "admins" ) ) {
3653+ throw new Error ( "Access denied, adding plan (admins)" ) ;
3654+ }
3655+ }
36493656 if ( msg . object == "subscription_items" && msg . method != "POST" ) throw new Error ( "Access to " + msg . object + " is not allowed" ) ;
36503657 if ( msg . object == "plans" && msg . method != "GET" ) throw new Error ( "Access to " + msg . object + " is not allowed" ) ;
36513658 if ( msg . object == "invoices_upcoming" && msg . method != "GET" ) throw new Error ( "Access to " + msg . object + " is not allowed" ) ;
You can’t perform that action at this time.
0 commit comments