ob/sprint
1
0
Fork 0
mirror of https://github.com/hex248/sprint.git synced 2026-02-07 18:23:03 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
be57b4d6dfa57303c8fed510accdb136da0c33f5
sprint/packages/backend/src/routes/issue/create.ts
Oliver Bryan be57b4d6df patched security holes
2026-01-21 22:44:57 +00:00

41 lines
1.4 KiB
TypeScript
Raw Blame History

import { IssueCreateRequestSchema } from "@sprint/shared";
import type { AuthedRequest } from "../../auth/middleware";
import { createIssue, getOrganisationMemberRole, getProjectByID } from "../../db/queries";
import { errorResponse, parseJsonBody } from "../../validation";
export default async function issueCreate(req: AuthedRequest) {
const parsed = await parseJsonBody(req, IssueCreateRequestSchema);
if ("error" in parsed) return parsed.error;
const { projectId, title, description = "", status, assigneeIds, sprintId } = parsed.data;
const project = await getProjectByID(projectId);
if (!project) {
return errorResponse(`project not found: ${projectId}`, "PROJECT_NOT_FOUND", 404);
}
const requesterMember = await getOrganisationMemberRole(project.organisationId, req.userId);
if (!requesterMember) {
return errorResponse("you are not a member of this organisation", "NOT_MEMBER", 403);
}
if (requesterMember.role !== "owner" && requesterMember.role !== "admin") {
return errorResponse(
"only organisation owners and admins can create issues",
"PERMISSION_DENIED",
403,
);
}
const issue = await createIssue(
project.id,
title,
description,
req.userId,
sprintId ?? undefined,
assigneeIds,
status,
);
return Response.json(issue);
}
Reference in New Issue View Git Blame Copy Permalink