From e2bdedf129ab0d358b8b39bcc922febbc1dd411f Mon Sep 17 00:00:00 2001
From: Matt Sywulak <51167140+msywulak@users.noreply.github.com>
Date: Thu, 9 Jan 2025 23:40:28 -0500
Subject: [PATCH] fix: validate org membership to get organization details

* feat: validate org membership using ID or slug

* fix: remove setActiveOrg from original feature
---
 .../src/plugins/organization/routes/crud-org.ts          | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/packages/better-auth/src/plugins/organization/routes/crud-org.ts b/packages/better-auth/src/plugins/organization/routes/crud-org.ts
index b486dffc0b..62b3ea6318 100644
--- a/packages/better-auth/src/plugins/organization/routes/crud-org.ts
+++ b/packages/better-auth/src/plugins/organization/routes/crud-org.ts
@@ -392,6 +392,15 @@ export const getFullOrganization = createAuthEndpoint(
 			organizationId,
 			isSlug: !!ctx.query?.organizationSlug,
 		});
+		const isMember = organization?.members.find(
+			(member) => member.userId === session.user.id,
+		);
+		if (!isMember) {
+			throw new APIError("FORBIDDEN", {
+				message:
+					ORGANIZATION_ERROR_CODES.USER_IS_NOT_A_MEMBER_OF_THE_ORGANIZATION,
+			});
+		}
 		if (!organization) {
 			throw new APIError("BAD_REQUEST", {
 				message: ORGANIZATION_ERROR_CODES.ORGANIZATION_NOT_FOUND,