diff --git a/services/web/app/src/Features/Authorization/PermissionsController.js b/services/web/app/src/Features/Authorization/PermissionsController.js index db7d55dc25..eba0486326 100644 --- a/services/web/app/src/Features/Authorization/PermissionsController.js +++ b/services/web/app/src/Features/Authorization/PermissionsController.js @@ -70,10 +70,10 @@ function requirePermission(...requiredCapabilities) { } try { // get the group policy applying to the user - const { groupPolicy } = + const { groupPolicy, managedUsersEnabled } = await ManagedUsersHandler.promises.getEnrollmentForUser(req.user) - // if there is no group policy, the user is not managed - if (!groupPolicy) { + + if (!managedUsersEnabled) { return next() } // check that the user has all the required capabilities diff --git a/services/web/app/src/Features/Subscription/ManagedUsersHandler.js b/services/web/app/src/Features/Subscription/ManagedUsersHandler.js index e07fd7f769..b6015858d5 100644 --- a/services/web/app/src/Features/Subscription/ManagedUsersHandler.js +++ b/services/web/app/src/Features/Subscription/ManagedUsersHandler.js @@ -32,12 +32,14 @@ const logger = require('@overleaf/logger') */ async function enableManagedUsers(subscriptionId) { const subscription = await Subscription.findById(subscriptionId).exec() + // create a new Group policy with the default settings for managed users const policy = ManagedUsersPolicy.getDefaultPolicy() const groupPolicy = new GroupPolicy(policy) await groupPolicy.save() // update the subscription to use the new policy subscription.groupPolicy = groupPolicy._id + subscription.managedUsersEnabled = true await subscription.save() await _sendEmailToGroupMembers(subscriptionId) @@ -55,7 +57,6 @@ async function enableManagedUsers(subscriptionId) { */ async function disableManagedUsers(subscriptionId) { const subscription = await Subscription.findById(subscriptionId).exec() - for (const userId of subscription.member_ids || []) { const user = await UserGetter.promises.getUser(userId, { enrollment: 1 }) if ( @@ -68,6 +69,7 @@ async function disableManagedUsers(subscriptionId) { } subscription.groupPolicy = undefined + subscription.managedUsersEnabled = false await subscription.save() } @@ -110,6 +112,7 @@ async function getEnrollmentForUser(requestedUser) { return { groupPolicy, + managedUsersEnabled: subscription.managedUsersEnabled, managedBy: user.enrollment.managedBy, isManagedGroupAdmin, } diff --git a/services/web/app/src/Features/Subscription/SubscriptionUpdater.js b/services/web/app/src/Features/Subscription/SubscriptionUpdater.js index 639f2bbd14..13d72044a2 100644 --- a/services/web/app/src/Features/Subscription/SubscriptionUpdater.js +++ b/services/web/app/src/Features/Subscription/SubscriptionUpdater.js @@ -230,7 +230,7 @@ async function updateSubscriptionFromRecurly( ) { if (recurlySubscription.state === 'expired') { const hasManagedUsersFeature = - Features.hasFeature('saas') && subscription?.groupPolicy != null + Features.hasFeature('saas') && subscription?.managedUsersEnabled if (hasManagedUsersFeature) { // If a payment lapses and if the group is managed, as a temporary measure we need to // make sure that the group continues as-is and no destructive actions are taken. diff --git a/services/web/app/src/Features/Subscription/TeamInvitesHandler.js b/services/web/app/src/Features/Subscription/TeamInvitesHandler.js index 078919db5e..ab6c620ea2 100644 --- a/services/web/app/src/Features/Subscription/TeamInvitesHandler.js +++ b/services/web/app/src/Features/Subscription/TeamInvitesHandler.js @@ -71,7 +71,7 @@ async function acceptInvite(token, userId) { await SubscriptionUpdater.promises.addUserToGroup(subscription._id, userId) - if (subscription.groupPolicy) { + if (subscription.managedUsersEnabled) { await ManagedUsersHandler.promises.enrollInSubscription( userId, subscription @@ -164,12 +164,11 @@ async function _createInvite(subscription, email, inviter) { } try { - const managedUsersEnabled = Boolean(subscription.groupPolicy) await _sendNotificationToExistingUser( subscription, email, invite, - managedUsersEnabled + subscription.managedUsersEnabled ) } catch (err) { logger.error( @@ -180,7 +179,7 @@ async function _createInvite(subscription, email, inviter) { await subscription.save() - if (subscription.groupPolicy) { + if (subscription.managedUsersEnabled) { let admin = {} try { admin = await SubscriptionLocator.promises.getAdminEmailAndName( diff --git a/services/web/app/src/Features/UserMembership/UserMembershipController.js b/services/web/app/src/Features/UserMembership/UserMembershipController.js index 4c00a66723..b0fa97838f 100644 --- a/services/web/app/src/Features/UserMembership/UserMembershipController.js +++ b/services/web/app/src/Features/UserMembership/UserMembershipController.js @@ -46,7 +46,7 @@ async function manageGroupMembers(req, res, next) { groupId: entityPrimaryKey, users, groupSize: entity.membersLimit, - managedUsersActive: entity.groupPolicy != null, + managedUsersActive: entity.managedUsersEnabled, groupSSOActive: ssoConfig?.enabled, }) } diff --git a/services/web/app/src/models/Subscription.js b/services/web/app/src/models/Subscription.js index 510df031d7..51e73ac2a7 100644 --- a/services/web/app/src/models/Subscription.js +++ b/services/web/app/src/models/Subscription.js @@ -29,6 +29,7 @@ const SubscriptionSchema = new Schema( teamNotice: { type: String }, planCode: { type: String }, groupPlan: { type: Boolean, default: false }, + managedUsersEnabled: { type: Boolean, default: false }, membersLimit: { type: Number, default: 0 }, customAccount: Boolean, features: { diff --git a/services/web/test/unit/src/Subscription/SubscriptionUpdaterTests.js b/services/web/test/unit/src/Subscription/SubscriptionUpdaterTests.js index 2c7d40ba32..d689857fbc 100644 --- a/services/web/test/unit/src/Subscription/SubscriptionUpdaterTests.js +++ b/services/web/test/unit/src/Subscription/SubscriptionUpdaterTests.js @@ -279,7 +279,7 @@ describe('SubscriptionUpdater', function () { it('should not remove the subscription when expired if it has "managedUsers" feature', async function () { this.Features.hasFeature.withArgs('saas').returns(true) - this.subscription.groupPolicy = { policy: true } + this.subscription.managedUsersEnabled = true this.recurlySubscription.state = 'expired' await this.SubscriptionUpdater.promises.updateSubscriptionFromRecurly( diff --git a/services/web/test/unit/src/UserMembership/UserMembershipControllerTests.js b/services/web/test/unit/src/UserMembership/UserMembershipControllerTests.js index 69840dc262..87425e0237 100644 --- a/services/web/test/unit/src/UserMembership/UserMembershipControllerTests.js +++ b/services/web/test/unit/src/UserMembership/UserMembershipControllerTests.js @@ -121,6 +121,7 @@ describe('UserMembershipController', function () { }) it('render group view', async function () { + this.subscription.managedUsersEnabled = false return await this.UserMembershipController.manageGroupMembers(this.req, { render: (viewPath, viewParams) => { expect(viewPath).to.equal('user_membership/group-members-react') @@ -132,7 +133,7 @@ describe('UserMembershipController', function () { }) it('render group view with managed users', async function () { - this.req.entity.groupPolicy = { somePolicy: true } + this.subscription.managedUsersEnabled = true return await this.UserMembershipController.manageGroupMembers(this.req, { render: (viewPath, viewParams) => { expect(viewPath).to.equal('user_membership/group-members-react') diff --git a/services/web/types/admin/subscription.ts b/services/web/types/admin/subscription.ts index 9730a99b7b..4d39d92c5a 100644 --- a/services/web/types/admin/subscription.ts +++ b/services/web/types/admin/subscription.ts @@ -9,4 +9,5 @@ export type Subscription = { groupPlan: boolean customAccount: boolean ssoConfig: object + managedUsersEnabled: boolean }