diff --git a/packages/server/src/enterprise/controllers/login-method.controller.ts b/packages/server/src/enterprise/controllers/login-method.controller.ts index bb574a87432..353d91605e7 100644 --- a/packages/server/src/enterprise/controllers/login-method.controller.ts +++ b/packages/server/src/enterprise/controllers/login-method.controller.ts @@ -162,6 +162,11 @@ export class LoginMethodController { public async testConfig(req: Request, res: Response, next: NextFunction) { let queryRunner try { + this.assertEnterprisePlatform() + + const user = getLoggedInUser(req) + assertQueryOrganizationMatchesActiveOrg(user, req.body.organizationId) + const providers = req.body.providers as { config: Record }[] const providerName = req.body.providerName as string const organizationId = req.body.organizationId as string | undefined diff --git a/packages/server/src/enterprise/services/role.service.ts b/packages/server/src/enterprise/services/role.service.ts index e2fed1b814d..ceecb7a0185 100644 --- a/packages/server/src/enterprise/services/role.service.ts +++ b/packages/server/src/enterprise/services/role.service.ts @@ -122,6 +122,8 @@ export class RoleService { const oldRole = await this.readRoleById(newRole.id, queryRunner) if (!oldRole) throw new InternalFlowiseError(StatusCodes.NOT_FOUND, RoleErrorMessage.ROLE_NOT_FOUND) + if (newRole.organizationId !== oldRole.organizationId) + throw new InternalFlowiseError(StatusCodes.NOT_FOUND, RoleErrorMessage.ROLE_NOT_FOUND) const user = await this.userService.readUserById(newRole.updatedBy, queryRunner) if (!user) throw new InternalFlowiseError(StatusCodes.NOT_FOUND, UserErrorMessage.USER_NOT_FOUND) if (newRole.name) this.validateRoleName(newRole.name)