@@ -1030,7 +1030,7 @@ func HandleGetOrg(resp http.ResponseWriter, request *http.Request) {
10301030 }
10311031
10321032 if !found {
1033- log.Printf("[ERROR] User '%s' (%s) isn't a part of org %s (get)", user.Username, user.Id, org.Id)
1033+ log.Printf("[ERROR] User '%s' (%s) isn't a part of org %s (%s) ( get org )", user.Username, user.Id, org.Name , org.Id)
10341034 resp.WriteHeader(401)
10351035 resp.Write([]byte(`{"success": false, "reason": "User doesn't have access to org"}`))
10361036 return
@@ -1379,7 +1379,7 @@ func HandleGetSubOrgs(resp http.ResponseWriter, request *http.Request) {
13791379 }
13801380
13811381 if !userFound && !parentUser && !user.SupportAccess {
1382- log.Printf("[ERROR] User '%s' (%s) isn't a part of org %s (get)", user.Username, user.Id, orgId )
1382+ log.Printf("[ERROR] User '%s' (%s) isn't a part of org %s (%s) ( get suborgs from parent )", user.Username, user.Id, parentOrg.Name, parentOrg.Id )
13831383 resp.WriteHeader(401)
13841384 resp.Write([]byte(`{"success": false, "reason": "User doesn't have access to org"}`))
13851385 return
@@ -11734,7 +11734,7 @@ func HandleChangeUserOrg(resp http.ResponseWriter, request *http.Request) {
1173411734 }
1173511735
1173611736 // Support access pivot
11737- if strings.Contains(fileId , "@") && strings.Contains(fileId, ". ") && user.SupportAccess && user.Active && user.Verified && project.Environment == "cloud" {
11737+ if strings.HasSuffix(user.Username , "@shuffler.io ") && user.SupportAccess && user.Active && user.Verified && project.Environment == "cloud" {
1173811738 foundUsers, err := FindUser(ctx, fileId)
1173911739 if err != nil || len(foundUsers) == 0 {
1174011740 log.Printf("[ERROR] Failed finding user %s for support access: %s", user.Username, err)
@@ -11777,13 +11777,6 @@ func HandleChangeUserOrg(resp http.ResponseWriter, request *http.Request) {
1177711777 foundOrg = true
1177811778 }
1177911779
11780- if !foundOrg || tmpData.OrgId != fileId {
11781- log.Printf("[WARNING] User swap to the org \"%s\" - access denied", tmpData.OrgId)
11782- resp.WriteHeader(403)
11783- resp.Write([]byte(`{"success": false, "reason": "No permission to change to this org. Please contact
[email protected] if this is unexpected."}`))
11784- return
11785- }
11786-
1178711780 org, err := GetOrg(ctx, tmpData.OrgId)
1178811781 if err != nil {
1178911782 log.Printf("[WARNING] Organization %s doesn't exist: %s", tmpData.OrgId, err)
@@ -11792,6 +11785,28 @@ func HandleChangeUserOrg(resp http.ResponseWriter, request *http.Request) {
1179211785 return
1179311786 }
1179411787
11788+ if !foundOrg || tmpData.OrgId != fileId {
11789+ found := false
11790+ if !foundOrg {
11791+ for _, user := range org.Users {
11792+ if user.Id == user.Id {
11793+ log.Printf("[ERROR] User %s (%s) lost org %s (%s) in their user list, but has it in their org list. Fixing.", user.Username, user.Id, org.Name, org.Id)
11794+ user.Orgs = append(user.Orgs, org.Id)
11795+ found = true
11796+ break
11797+ }
11798+ }
11799+ }
11800+
11801+ if !found {
11802+ log.Printf("[WARNING] User swap to the org \"%s\" - access denied", tmpData.OrgId)
11803+ resp.WriteHeader(403)
11804+ resp.Write([]byte(`{"success": false, "reason": "No permission to change to this org. Please contact
[email protected] if this is unexpected."}`))
11805+ return
11806+ }
11807+ }
11808+
11809+
1179511810 if (org.SSOConfig.SSORequired == true && user.UsersLastSession != user.Session && user.SupportAccess == false) || tmpData.SSO {
1179611811
1179711812 // Check if the org is the suborg or not?
0 commit comments