🐛 Set proper permission check on retrieving team users.

2025-01-24 15:39:50 -05:00 · 2021-01-19 12:53:31 +01:00 · 2021-01-19 12:53:31 +01:00 · 15edabc977
commit 15edabc977
parent 4fbd2e6caa
2 changed files with 3 additions and 4 deletions
--- a/backend/src/app/rpc/queries/teams.clj
+++ b/backend/src/app/rpc/queries/teams.clj
@ -147,10 +147,10 @@
  (with-open [conn (db/open pool)]
    (if team-id
      (do
-        (check-edition-permissions! conn profile-id team-id)
+        (check-read-permissions! conn profile-id team-id)
        (retrieve-users conn team-id))
      (let [{team-id :id} (retrieve-team-for-file conn file-id)]
-        (check-edition-permissions! conn profile-id team-id)
+        (check-read-permissions! conn profile-id team-id)
        (retrieve-users conn team-id)))))

 ;; This is a similar query to team members but can contain more data
--- a/frontend/src/app/main/ui.cljs
+++ b/frontend/src/app/main/ui.cljs
@ -239,10 +239,9 @@

 (defmethod ptk/handle-error :authorization
  [error]
-  (st/emit! (rt/nav :login))
  (ts/schedule
   (st/emitf (dm/show {:content "Not authorized to see this content."
-                       :timeout 3000
+                       :timeout 2000
                       :type :error}))))

 (defmethod ptk/handle-error :assertion