From 95633b412221446301c74ebfc50cf0768ce4fe89 Mon Sep 17 00:00:00 2001
From: Mauricio Siu <siumauricio@icloud.com>
Date: Tue, 2 Jun 2026 02:00:42 -0600
Subject: [PATCH] fix: refine permission check for privileged static roles in
 permission service

Updated the permission check logic to specifically identify "owner" and "admin" roles as privileged static roles, enhancing clarity and accuracy in permission validation. This change ensures that only users with these roles are granted access to enterprise-only resources.
---
 packages/server/src/services/permission.ts | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/packages/server/src/services/permission.ts b/packages/server/src/services/permission.ts
index e32f3dae4..3ce61f6ed 100644
--- a/packages/server/src/services/permission.ts
+++ b/packages/server/src/services/permission.ts
@@ -80,9 +80,10 @@ export const checkPermission = async (
 	const { id: userId } = ctx.user;
 	const { activeOrganizationId: organizationId } = ctx.session;
 	const memberRecord = await findMemberByUserId(userId, organizationId);
-	const isStaticRole = memberRecord.role in staticRoles;
 
-	if (isStaticRole) {
+	const isPrivilegedStaticRole =
+		memberRecord.role === "owner" || memberRecord.role === "admin";
+	if (isPrivilegedStaticRole) {
 		const allEnterprise = Object.keys(permissions).every((r) =>
 			enterpriseOnlyResources.has(r),
 		);