🐛 Allowed for inviting contributors when staff is limited

refs: https://github.com/TryGhost/Team/issues/510 refs: e30b9735fa - In the case that there is a staff user limit, and the limit is maxed out, it is no longer possible to invite new staff users - However, Contributors are not considered staff users and therefore it should always be possible to invite new Contributors
2025-01-20 22:42:53 -05:00 · 2021-03-15 11:40:00 +00:00 · 2021-03-15 11:40:00 +00:00 · 0e87a1c045
commit 0e87a1c045
parent 19d5448101
1 changed files with 7 additions and 7 deletions
--- a/core/server/models/invite.js
+++ b/core/server/models/invite.js
@ -47,12 +47,6 @@ Invite = ghostBookshelf.Model.extend({
    async permissible(inviteModel, action, context, unsafeAttrs, loadedPermissions, hasUserPermission, hasApiKeyPermission) {
        const isAdd = (action === 'add');

-        if (isAdd && limitService.isLimited('staff')) {
-            // CASE: if your site is limited to a certain number of staff users
-            // Inviting a new user requires we check we won't go over the limit
-            await limitService.errorIfWouldGoOverLimit('staff');
-        }
-
        if (!isAdd) {
            if (hasUserPermission && hasApiKeyPermission) {
                return Promise.resolve();
@ -66,7 +60,7 @@ Invite = ghostBookshelf.Model.extend({
        // CASE: make sure user is allowed to add a user with this role
        return ghostBookshelf.model('Role')
            .findOne({id: unsafeAttrs.role_id})
-            .then((roleToInvite) => {
+            .then(async (roleToInvite) => {
                if (!roleToInvite) {
                    return Promise.reject(new errors.NotFoundError({
                        message: i18n.t('errors.api.invites.roleNotFound')
@ -79,6 +73,12 @@ Invite = ghostBookshelf.Model.extend({
                    }));
                }

+                if (isAdd && limitService.isLimited('staff') && roleToInvite.get('name') !== 'Contributor') {
+                    // CASE: if your site is limited to a certain number of staff users
+                    // Inviting a new user requires we check we won't go over the limit
+                    await limitService.errorIfWouldGoOverLimit('staff');
+                }
+
                let allowed = [];

                if (_.some(loadedPermissions.user.roles, {name: 'Owner'}) ||