[backend] trustlineController.refreshEmployee() doesn't verify the employee belongs to the requesting organization

[Wilfred007]

Description

refreshEmployee() refreshes trustline status for a given employee id without checking that the employee belongs to the organization the authenticated caller is acting on behalf of. This is a tenant-isolation gap that could let one organization trigger lookups (and potentially leak status) for another organization's employee records.

Where

backend/src/controllers — trustlineController.refreshEmployee

Acceptance Criteria

• Verify employee-organization ownership before proceeding
• Add a test asserting a cross-organization request is rejected with 403/404

[leocagli]

Hi, I'd like to fix trustlineController.refreshEmployee() to verify the employee exists before attempting a refresh. Input validation + test. Could you assign me?

[roobie001]

@roobie001 has applied to work on this issue as part of the Stellar Wave Program's 6th wave.

hello maintainer, can i work on this please

ℹ️ Repo Maintainers: To accept this application, review their application or assign @roobie001 to this issue.

[UzyKhs]

@UzyKhs has applied to work on this issue as part of the Stellar Wave Program's 6th wave.

Hi Maintainer, I'd like to work on Issue #930. I have experience with backend controller validation and can quickly add the necessary check to verify that the employee belongs to the requesting organization. Ready to submit a PR once assigned!

ℹ️ Repo Maintainers: To accept this application, review their application or assign @UzyKhs to this issue.

[beebozy]

@beebozy has applied to work on this issue as part of the Stellar Wave Program's 6th wave.

hi sir/madam, could you please assign this issue to me? .I am a backend and blockchain developer, I have contributed to various project across different chains, kindly assign me this issue

ℹ️ Repo Maintainers: To accept this application, review their application or assign @beebozy to this issue.

[ndyugwu]

@ndyugwu has applied to work on this issue as part of the Stellar Wave Program's 6th wave.

let me at this

ℹ️ Repo Maintainers: To accept this application, review their application or assign @ndyugwu to this issue.

[Ryjen1]

@Ryjen1 has applied to work on this issue as part of the Stellar Wave Program's 6th wave.

I'd like to work on this.

ℹ️ Repo Maintainers: To accept this application, review their application or assign @Ryjen1 to this issue.

[drips-wave]

Congratulations, @Ryjen1! 🎉 Your application was accepted by the repo's maintainers, and the issue is due on June 30, 2026.

🧑‍💻 @Ryjen1: Please resolve the issue such that the repo's maintainers have enough time to review your contribution before the due date. You'll earn Points for completing the issue on-time, which will make you eligible for a share of the Stellar Wave Program's reward pool.

Warning

When opening a PR, please link it to this issue to ensure it gets tracked accurately. Points are awarded when this issue is marked as completed by the maintainer.

🤠 Repo maintainers: Please keep an eye on the contributor's progress and review their work before the due date. You can manage this issue, including adjusting its complexity and points, here.

🌊 Happy Wave 🌊