From a439f8b4909bbce2a4e3add0fd94c31d03707863 Mon Sep 17 00:00:00 2001 From: Jessica Lawshe <5312836+lawshe@users.noreply.github.com> Date: Mon, 4 Dec 2023 08:24:35 -0600 Subject: [PATCH] Merge pull request #16040 from overleaf/jel-require-group-access [web] Add access check for group membership GitOrigin-RevId: c7605ebb956556d9d9480cd5f3d1d6b60d99bc7c --- .../UserMembershipEntityConfigs.js | 17 +++++++++++++++++ .../UserMembership/UserMembershipMiddleware.js | 8 ++++++++ 2 files changed, 25 insertions(+) diff --git a/services/web/app/src/Features/UserMembership/UserMembershipEntityConfigs.js b/services/web/app/src/Features/UserMembership/UserMembershipEntityConfigs.js index 8c69032bab..c65f38e952 100644 --- a/services/web/app/src/Features/UserMembership/UserMembershipEntityConfigs.js +++ b/services/web/app/src/Features/UserMembership/UserMembershipEntityConfigs.js @@ -43,6 +43,23 @@ module.exports = { }, }, + groupMember: { + modelName: 'Subscription', + readOnly: true, + hasMembersLimit: true, + fields: { + primaryKey: '_id', + read: ['member_ids'], + write: null, + access: 'member_ids', + membership: 'member_ids', + name: 'teamName', + }, + baseQuery: { + groupPlan: true, + }, + }, + groupAdmin: { modelName: 'Subscription', fields: { diff --git a/services/web/app/src/Features/UserMembership/UserMembershipMiddleware.js b/services/web/app/src/Features/UserMembership/UserMembershipMiddleware.js index f2d062a721..f125496874 100644 --- a/services/web/app/src/Features/UserMembership/UserMembershipMiddleware.js +++ b/services/web/app/src/Features/UserMembership/UserMembershipMiddleware.js @@ -31,6 +31,14 @@ const UserMembershipMiddleware = { requireEntity(), ], + requireGroupMemberAccess: [ + AuthenticationController.requireLogin(), + fetchEntityConfig('groupMember'), + fetchEntity(), + requireEntity(), + allowAccessIfAny([UserMembershipAuthorization.hasEntityAccess()]), + ], + requireGroupManagementAccess: [ AuthenticationController.requireLogin(), fetchEntityConfig('group'),