xfarrow
/
blink
mirror of https://github.com/xfarrow/blink.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Update organization_model.js

This commit is contained in:
xfarrow 2024-02-28 10:45:48 +01:00
parent 38ffe52555
commit 6e3fd69bf8
1 changed files with 0 additions and 29 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

29
backend/apis/nodejs/src/models/organization_model.js
View File

@ -73,35 +73,6 @@ async function insertOrganization (organization, organizationAdministratorId) {
* @returns true if the row was updated, false otherwise
*/
async function updateOrganization (organization, organizationId, requester) {
// // const isOrganizationAdmin = await knex('OrganizationAdministrator')
// // .where('id_person', req.jwt.person_id)
// // .where('id_organization', req.params.id)
// // .select('*')
// // .first();
// // // This introduces a Time of check Time of use weakeness
// // // which could'have been fixed by either
// // // 1) Using "whereExists", thanks to the "it's easier to ask for
// // // forgiveness than for permission" padarigm. Or,
// // // 2) Using a serializable transaction.
// // //
// // // The undersigned chose not to follow these approaches because
// // // this does not introduces any serious vulnerability. In this
// // // way it seems more readable.
// // if(!isOrganizationAdmin){
// // return res.status(403).json({error : "Forbidden"});
// // }
// // await knex('Organization')
// // .where('id', req.params.id)
// // .update({
// // name: req.body.name,
// // location: req.body.location,
// // description: req.body.description,
// // is_hiring: req.body.isHiring
// // });
const numberOfUpdatedRows = await knex('Organization')
.where('id', organizationId)
.whereExists(function () {