Skip to content

[backend] trustlineController.refreshEmployee() doesn't verify the employee belongs to the requesting organization #930

Description

@Wilfred007

Description

refreshEmployee() refreshes trustline status for a given employee id without checking that the employee belongs to the organization the authenticated caller is acting on behalf of. This is a tenant-isolation gap that could let one organization trigger lookups (and potentially leak status) for another organization's employee records.

Where

backend/src/controllers — trustlineController.refreshEmployee

Acceptance Criteria

  • Verify employee-organization ownership before proceeding
  • Add a test asserting a cross-organization request is rejected with 403/404

Metadata

Metadata

Assignees

Labels

Stellar WaveIssues in the Stellar wave programbackendBackend developmenthardComplex tasks

Type

No type
No fields configured for issues without a type.

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions