Merge remote-tracking branch 'origin/fix-check-for-admin-permission-in-group-access-assignment' into pick-all-roles

2025-09-05 17:53:12 +02:00 · 2024-06-18 15:03:24 +02:00 · 2024-06-18 15:03:24 +02:00 · cdfa4eb7fe
commit cdfa4eb7fe
parent 3d4dd30cb9 dc33f3a7fc
2 changed files with 19 additions and 10 deletions
--- a/frontend/src/component/project/ProjectAccess/ProjectAccessAssign/ProjectAccessAssign.tsx
+++ b/frontend/src/component/project/ProjectAccess/ProjectAccessAssign/ProjectAccessAssign.tsx
@ -38,6 +38,8 @@ import { caseInsensitiveSearch } from 'utils/search';
 import type { IServiceAccount } from 'interfaces/service-account';
 import { MultipleRoleSelect } from 'component/common/MultipleRoleSelect/MultipleRoleSelect';
 import type { IUserProjectRole } from '../../../../interfaces/userProjectRoles';
 import { useCheckProjectPermissions } from 'hooks/useHasAccess';
 import { ADMIN } from 'component/providers/AccessProvider/permissions';
 const StyledForm = styled('form')(() => ({
    display: 'flex',
@ -119,6 +121,8 @@ export const ProjectAccessAssign = ({
        useProjectApi();
    const edit = Boolean(selected);
    const checkPermissions = useCheckProjectPermissions(projectId);
    const { setToastData, setToastApiError } = useToast();
    const navigate = useNavigate();
@ -323,11 +327,10 @@ export const ProjectAccessAssign = ({
    const isValid = selectedOptions.length > 0 && selectedRoles.length > 0;
    const displayAllRoles =
        checkPermissions(ADMIN) ||
        userRoles.length === 0 ||
-        userRoles.some(
+        userRoles.some((userRole) => userRole.name === 'Owner');
-            (userRole) =>
+
                userRole.name === 'Admin' || userRole.name === 'Owner',
        );
    let filteredRoles: IRole[];
    if (displayAllRoles) {
        filteredRoles = roles;
--- a/src/lib/features/project/project-service.ts
+++ b/src/lib/features/project/project-service.ts
@ -52,6 +52,7 @@ import {
    SYSTEM_USER_ID,
    type ProjectCreated,
    type IProjectOwnersReadModel,
    ADMIN,
 } from '../../types';
 import type {
    IProjectAccessModel,
@ -838,16 +839,21 @@ export default class ProjectService {
    }
    private async isAllowedToAddAccess(
-        userAddingAccess: number,
+        userAddingAccess: IAuditUser,
        projectId: string,
        rolesBeingAdded: number[],
    ): Promise<boolean> {
        const userPermissions =
            await this.accessService.getPermissionsForUser(userAddingAccess);
        if (userPermissions.some(({ permission }) => permission === ADMIN)) {
            return true;
        }
        const userRoles = await this.accessService.getAllProjectRolesForUser(
-            userAddingAccess,
+            userAddingAccess.id,
            projectId,
        );
        if (
-            this.isAdmin(userAddingAccess, userRoles) ||
+            this.isAdmin(userAddingAccess.id, userRoles) ||
            this.isProjectOwner(userRoles, projectId)
        ) {
            return true;
@ -864,7 +870,7 @@ export default class ProjectService {
        users: number[],
        auditUser: IAuditUser,
    ): Promise<void> {
-        if (await this.isAllowedToAddAccess(auditUser.id, projectId, roles)) {
+        if (await this.isAllowedToAddAccess(auditUser, projectId, roles)) {
            await this.accessService.addAccessToProject(
                roles,
                groups,
@ -924,7 +930,7 @@ export default class ProjectService {
            await this.validateAtLeastOneOwner(projectId, ownerRole);
        }
        const isAllowedToAssignRoles = await this.isAllowedToAddAccess(
-            auditUser.id,
+            auditUser,
            projectId,
            newRoles,
        );
@ -975,7 +981,7 @@ export default class ProjectService {
            await this.validateAtLeastOneOwner(projectId, ownerRole);
        }
        const isAllowedToAssignRoles = await this.isAllowedToAddAccess(
-            auditUser.id,
+            auditUser,
            projectId,
            newRoles,
        );