scinote-eln/scinote-web
1
1
Fork 0
mirror of https://github.com/scinote-eln/scinote-web.git synced 2025-10-05 11:24:42 +08:00
Code Issues Projects Releases Packages Wiki Activity

Fix project users management through the API for team owners [SCI-9483] (#6442)

Browse source
This commit is contained in:
Alex Kriuchykhin 2023-10-17 12:52:25 +02:00 committed by GitHub
parent 4cd59b6a0d
commit 82077001b5
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 6 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
app/controllers/api/v1/project_user_assignments_controller.rb
View file

@ -130,8 +130,13 @@ module Api
message_items: message_items)
end
# Override, in order to handle special case for team owners
def load_project
@project = @team.projects.find(params.require(:project_id))
end
def check_read_permissions
# team admins can always manage users, so they should also be able to read them
# team owners can always manage users, so they should also be able to read them
unless can_read_project_users?(@project) || can_manage_project_users?(@project)
raise PermissionError.new(Project, :read_users)
end