From 271ab16cd62c20b5ae7183ba022e6fdc7ab2f3b6 Mon Sep 17 00:00:00 2001
From: shreddedbacon <b@benjackson.email>
Date: Wed, 12 Jun 2024 15:38:13 +1000
Subject: [PATCH] fix: return an error if organization doesnt exist on
 addproject

---
 services/api/src/resources/project/resolvers.ts | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/services/api/src/resources/project/resolvers.ts b/services/api/src/resources/project/resolvers.ts
index d823bc1640..e87fe56fc3 100644
--- a/services/api/src/resources/project/resolvers.ts
+++ b/services/api/src/resources/project/resolvers.ts
@@ -242,12 +242,18 @@ export const addProject = async (
     await hasPermission('organization', 'addProject', {
       organization: input.organization
     });
+    // check the project quota before adding the project
+    const organization = await organizationHelpers(sqlClientPool).getOrganizationById(input.organization);
+    if (!organization) {
+      // org doesn't exist, unauth
+      throw new Error(
+        `Unauthorized: You don't have permission to "addProject" on "organization"`
+      );
+    }
     // if the project is created without the addOrgOwner boolean set to true, then do not add the user to the project as its owner
     if (!input.addOrgOwner) {
       userAlreadyHasAccess = true
     }
-    // check the project quota before adding the project
-    const organization = await organizationHelpers(sqlClientPool).getOrganizationById(input.organization);
     const projects = await organizationHelpers(sqlClientPool).getProjectsByOrganizationId(input.organization);
     if (projects.length >= organization.quotaProject && organization.quotaProject != -1) {
       throw new Error(