Merge pull request #16040 from overleaf/jel-require-group-access

[web] Add access check for group membership GitOrigin-RevId: c7605ebb956556d9d9480cd5f3d1d6b60d99bc7c
2026-06-01 13:21:37 +02:00 · 2023-12-04 08:24:35 -06:00
parent 788ebd2bce
commit a439f8b490
2 changed files with 25 additions and 0 deletions
--- a/services/web/app/src/Features/UserMembership/UserMembershipEntityConfigs.js
+++ b/services/web/app/src/Features/UserMembership/UserMembershipEntityConfigs.js
@@ -43,6 +43,23 @@ module.exports = {
    },
  },

+  groupMember: {
+    modelName: 'Subscription',
+    readOnly: true,
+    hasMembersLimit: true,
+    fields: {
+      primaryKey: '_id',
+      read: ['member_ids'],
+      write: null,
+      access: 'member_ids',
+      membership: 'member_ids',
+      name: 'teamName',
+    },
+    baseQuery: {
+      groupPlan: true,
+    },
+  },
+
  groupAdmin: {
    modelName: 'Subscription',
    fields: {
--- a/services/web/app/src/Features/UserMembership/UserMembershipMiddleware.js
+++ b/services/web/app/src/Features/UserMembership/UserMembershipMiddleware.js
@@ -31,6 +31,14 @@ const UserMembershipMiddleware = {
    requireEntity(),
  ],

+  requireGroupMemberAccess: [
+    AuthenticationController.requireLogin(),
+    fetchEntityConfig('groupMember'),
+    fetchEntity(),
+    requireEntity(),
+    allowAccessIfAny([UserMembershipAuthorization.hasEntityAccess()]),
+  ],
+
  requireGroupManagementAccess: [
    AuthenticationController.requireLogin(),
    fetchEntityConfig('group'),