diff --git a/frontend/src/component/project/ProjectAccess/ProjectAccessAssign/ProjectAccessAssign.tsx b/frontend/src/component/project/ProjectAccess/ProjectAccessAssign/ProjectAccessAssign.tsx index ce7f408d39..2fb5d03b14 100644 --- a/frontend/src/component/project/ProjectAccess/ProjectAccessAssign/ProjectAccessAssign.tsx +++ b/frontend/src/component/project/ProjectAccess/ProjectAccessAssign/ProjectAccessAssign.tsx @@ -38,6 +38,8 @@ import { caseInsensitiveSearch } from 'utils/search'; import type { IServiceAccount } from 'interfaces/service-account'; import { MultipleRoleSelect } from 'component/common/MultipleRoleSelect/MultipleRoleSelect'; import type { IUserProjectRole } from '../../../../interfaces/userProjectRoles'; +import { useCheckProjectPermissions } from 'hooks/useHasAccess'; +import { ADMIN } from 'component/providers/AccessProvider/permissions'; const StyledForm = styled('form')(() => ({ display: 'flex', @@ -119,6 +121,8 @@ export const ProjectAccessAssign = ({ useProjectApi(); const edit = Boolean(selected); + const checkPermissions = useCheckProjectPermissions(projectId); + const { setToastData, setToastApiError } = useToast(); const navigate = useNavigate(); @@ -323,11 +327,10 @@ export const ProjectAccessAssign = ({ const isValid = selectedOptions.length > 0 && selectedRoles.length > 0; const displayAllRoles = + checkPermissions(ADMIN) || userRoles.length === 0 || - userRoles.some( - (userRole) => - userRole.name === 'Admin' || userRole.name === 'Owner', - ); + userRoles.some((userRole) => userRole.name === 'Owner'); + let filteredRoles: IRole[]; if (displayAllRoles) { filteredRoles = roles; diff --git a/src/lib/features/project/project-service.ts b/src/lib/features/project/project-service.ts index 289a6a88df..aaab2f951c 100644 --- a/src/lib/features/project/project-service.ts +++ b/src/lib/features/project/project-service.ts @@ -52,6 +52,7 @@ import { SYSTEM_USER_ID, type ProjectCreated, type IProjectOwnersReadModel, + ADMIN, } from '../../types'; import type { IProjectAccessModel, @@ -838,16 +839,21 @@ export default class ProjectService { } private async isAllowedToAddAccess( - userAddingAccess: number, + userAddingAccess: IAuditUser, projectId: string, rolesBeingAdded: number[], ): Promise { + const userPermissions = + await this.accessService.getPermissionsForUser(userAddingAccess); + if (userPermissions.some(({ permission }) => permission === ADMIN)) { + return true; + } const userRoles = await this.accessService.getAllProjectRolesForUser( - userAddingAccess, + userAddingAccess.id, projectId, ); if ( - this.isAdmin(userAddingAccess, userRoles) || + this.isAdmin(userAddingAccess.id, userRoles) || this.isProjectOwner(userRoles, projectId) ) { return true; @@ -864,7 +870,7 @@ export default class ProjectService { users: number[], auditUser: IAuditUser, ): Promise { - if (await this.isAllowedToAddAccess(auditUser.id, projectId, roles)) { + if (await this.isAllowedToAddAccess(auditUser, projectId, roles)) { await this.accessService.addAccessToProject( roles, groups, @@ -924,7 +930,7 @@ export default class ProjectService { await this.validateAtLeastOneOwner(projectId, ownerRole); } const isAllowedToAssignRoles = await this.isAllowedToAddAccess( - auditUser.id, + auditUser, projectId, newRoles, ); @@ -975,7 +981,7 @@ export default class ProjectService { await this.validateAtLeastOneOwner(projectId, ownerRole); } const isAllowedToAssignRoles = await this.isAllowedToAddAccess( - auditUser.id, + auditUser, projectId, newRoles, );