xfarrow/blink
0
0
Fork 0
mirror of https://github.com/xfarrow/blink synced 2025-06-27 09:03:02 +02:00
Code Issues Packages Projects Releases Wiki Activity

Update example usage

Browse Source
This commit is contained in:
xfarrow
2023-10-19 17:54:02 +02:00
parent 9c880af4d8
commit 533b223c8b
4 changed files with 4 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
backend/apis/nodejs/api_controller.js
View File

@ -242,12 +242,12 @@ async function deleteOrganization(req, res){
try {
// Here we do not actually need a transaction. Two different queries,
// one who checks if the user is admin and one to add the user would've
// one who checks if the user is admin and one to delete the organization would've
// been sufficient and non-exploitable, but still it'd have been a
// TOC/TOU weakness (https://en.wikipedia.org/wiki/Time-of-check_to_time-of-use).
// Whether a good practice or not is matter of debate.
// There are other points in the code using the same technique to address the same
// problematic
// problem
knex.transaction(async (trx) => {
// Check if the current user is a organization's administrator
const isOrganizationAdmin = await trx('OrganizationAdministrator')