Skip to content

fix: Org admin/owner can access team routing forms they are not part of#25412

Merged
anikdhabal merged 4 commits intomainfrom
routing-form-acess
Dec 1, 2025
Merged

fix: Org admin/owner can access team routing forms they are not part of#25412
anikdhabal merged 4 commits intomainfrom
routing-form-acess

Conversation

@anikdhabal
Copy link
Contributor

@anikdhabal anikdhabal commented Nov 26, 2025
edited
Loading

What does this PR do?

Summary by cubic

Org admins and owners can now access and manage routing forms for child teams even if they aren’t team members. We added a parent-org membership check and grant full permissions when present; otherwise the existing team-based access rules apply.

  • Bug Fixes
    • Check parent org admin/owner membership when team membership is missing.
    • Grant full routing-form permissions for qualified org admins/owners; return 404 if neither team nor parent org membership exists.
    • Rename unused destructured variable to avoid warnings.

Written for commit 0160fa9. Summary will update automatically on new commits.

@keithwillcode keithwillcode added the core area: core, team members only label Nov 26, 2025
@anikdhabal anikdhabal enabled auto-merge (squash) November 26, 2025 14:23
@vercel
Copy link

vercel bot commented Nov 26, 2025
edited
Loading

The latest updates on your projects. Learn more about Vercel for GitHub.

2 Skipped Deployments
Project Deployment Preview Comments Updated (UTC)
cal Ignored Ignored Nov 27, 2025 2:20pm
cal-eu Ignored Ignored Nov 27, 2025 2:20pm

cubic-dev-ai[bot]
cubic-dev-ai bot reviewed Nov 26, 2025
View reviewed changes
Copy link
Contributor

@cubic-dev-ai cubic-dev-ai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

No issues found across 1 file

cubic-dev-ai[bot]
cubic-dev-ai bot reviewed Nov 26, 2025
View reviewed changes
Copy link
Contributor

@cubic-dev-ai cubic-dev-ai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

No issues found across 1 file

Udit-takkar
Udit-takkar reviewed Nov 27, 2025
View reviewed changes
Copy link
Contributor

@Udit-takkar Udit-takkar left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can we move all this logic to pbac (Permission Service)?

@pull-request-size pull-request-size bot added size/L and removed size/M labels Nov 27, 2025
@anikdhabal anikdhabal merged commit 38890da into main Dec 1, 2025
79 of 82 checks passed
@anikdhabal anikdhabal deleted the routing-form-acess branch December 1, 2025 09:46
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@cubic-dev-ai cubic-dev-ai[bot] cubic-dev-ai[bot] left review comments

@eunjae-lee eunjae-lee Awaiting requested review from eunjae-lee

@CarinaWolli CarinaWolli Awaiting requested review from CarinaWolli

@Udit-takkar Udit-takkar Awaiting requested review from Udit-takkar

+1 more reviewer

@pallava-joshi pallava-joshi pallava-joshi approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

core area: core, team members only ready-for-e2e size/L

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@anikdhabal @Udit-takkar @pallava-joshi @keithwillcode

Comments