From 64315607ef790debc8d21ef79c260d32db68e7d0 Mon Sep 17 00:00:00 2001
From: David Whittaker <dwhittaker@netflix.com>
Date: Wed, 15 Jan 2025 16:24:45 -0800
Subject: [PATCH 1/2] fix(organization): disallow creation of org with existing
 slug

---
 src/dispatch/organization/views.py | 15 +++++++++++++--
 1 file changed, 13 insertions(+), 2 deletions(-)

diff --git a/src/dispatch/organization/views.py b/src/dispatch/organization/views.py
index d6e5c6115756..d99f63b2b3ed 100644
--- a/src/dispatch/organization/views.py
+++ b/src/dispatch/organization/views.py
@@ -1,4 +1,5 @@
 from fastapi import APIRouter, Depends, HTTPException, status
+from slugify import slugify
 from pydantic.error_wrappers import ErrorWrapper, ValidationError
 
 from sqlalchemy.exc import IntegrityError
@@ -23,7 +24,7 @@
     OrganizationUpdate,
     OrganizationPagination,
 )
-from .service import create, get, get_by_name, update, add_user
+from .service import create, get, get_by_name, get_by_slug, update, add_user
 
 
 router = APIRouter()
@@ -45,6 +46,11 @@ def create_organization(
     current_user: CurrentUser,
 ):
     """Create a new organization."""
+    if not organization_in.name:
+        raise HTTPException(
+            status_code=status.HTTP_400_BAD_REQUEST,
+            detail=[{"msg": "An organization name is required."}],
+        )
     organization = get_by_name(db_session=db_session, name=organization_in.name)
     if organization:
         raise HTTPException(
@@ -56,7 +62,12 @@ def create_organization(
             status_code=status.HTTP_409_CONFLICT,
             detail=[{"msg": "An organization with this id already exists."}],
         )
-
+    slug = slugify(organization_in.name, separator="_")
+    if get_by_slug(db_session=db_session, slug=slug):
+        raise HTTPException(
+            status_code=status.HTTP_409_CONFLICT,
+            detail=[{"msg": "An organization with this slug already exists."}],
+        )
     # we create the organization
     organization = create(db_session=db_session, organization_in=organization_in)
 

From 671c1772c761fcbadcfd8aa8ef5a4bf28317a91b Mon Sep 17 00:00:00 2001
From: David Whittaker <dwhittaker@netflix.com>
Date: Wed, 15 Jan 2025 16:53:47 -0800
Subject: [PATCH 2/2] ensure organization id matches slug

---
 src/dispatch/auth/permissions.py | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/src/dispatch/auth/permissions.py b/src/dispatch/auth/permissions.py
index bee086be8f31..51342ef91ab3 100644
--- a/src/dispatch/auth/permissions.py
+++ b/src/dispatch/auth/permissions.py
@@ -86,6 +86,13 @@ def __init__(self, request: Request):
         if not organization:
             raise HTTPException(status_code=self.org_error_code, detail=self.org_error_msg)
 
+        org_check = organization_service.get_by_slug(
+            db_session=request.state.db, slug=organization.slug
+        )
+
+        if not org_check or org_check.id != organization.id:
+            raise HTTPException(status_code=self.org_error_code, detail=self.org_error_msg)
+
         user = get_current_user(request=request)
         if not user:
             raise HTTPException(status_code=self.user_error_code, detail=self.user_error_msg)