From f05f5273366bb60413bc00d6d886e9930f3afdc7 Mon Sep 17 00:00:00 2001 From: Alejandro Alonso Date: Wed, 29 Mar 2023 11:42:31 +0200 Subject: [PATCH] :bug: Fix allow change team image for editor role users --- backend/src/app/rpc/commands/teams.clj | 27 ++++++++++++-------- backend/src/app/rpc/permissions.clj | 8 ++++++ frontend/src/app/main/ui/dashboard/team.cljs | 16 ++++++++---- 3 files changed, 36 insertions(+), 15 deletions(-) diff --git a/backend/src/app/rpc/commands/teams.clj b/backend/src/app/rpc/commands/teams.clj index 483f94266..a06d77220 100644 --- a/backend/src/app/rpc/commands/teams.clj +++ b/backend/src/app/rpc/commands/teams.clj @@ -62,12 +62,18 @@ :can-edit (or is-owner is-admin can-edit) :can-read true}))) +(def has-admin-permissions? + (perms/make-admin-predicate-fn get-permissions)) + (def has-edit-permissions? (perms/make-edition-predicate-fn get-permissions)) (def has-read-permissions? (perms/make-read-predicate-fn get-permissions)) +(def check-admin-permissions! + (perms/make-check-fn has-admin-permissions?)) + (def check-edition-permissions! (perms/make-check-fn has-edit-permissions?)) @@ -593,18 +599,19 @@ (retrieve-team pool profile-id team-id)) photo (profile/upload-photo cfg params)] - ;; Mark object as touched for make it ellegible for tentative - ;; garbage collection. - (when-let [id (:photo-id team)] - (sto/touch-object! storage id)) + (db/with-atomic [conn pool] + (check-admin-permissions! conn profile-id team-id) + ;; Mark object as touched for make it ellegible for tentative + ;; garbage collection. + (when-let [id (:photo-id team)] + (sto/touch-object! storage id)) - ;; Save new photo - (db/update! pool :team - {:photo-id (:id photo)} - {:id team-id}) - - (assoc team :photo-id (:id photo)))) + ;; Save new photo + (db/update! pool :team + {:photo-id (:id photo)} + {:id team-id}) + (assoc team :photo-id (:id photo))))) ;; --- Mutation: Create Team Invitation diff --git a/backend/src/app/rpc/permissions.clj b/backend/src/app/rpc/permissions.clj index 809e6640f..7cca62d0f 100644 --- a/backend/src/app/rpc/permissions.clj +++ b/backend/src/app/rpc/permissions.clj @@ -37,6 +37,14 @@ :is-admin false :can-edit false))) +(defn make-admin-predicate-fn + "A simple factory for admin permission predicate functions." + [qfn] + (us/assert fn? qfn) + (fn check + ([perms] (:is-admin perms)) + ([conn & args] (check (apply qfn conn args))))) + (defn make-edition-predicate-fn "A simple factory for edition permission predicate functions." [qfn] diff --git a/frontend/src/app/main/ui/dashboard/team.cljs b/frontend/src/app/main/ui/dashboard/team.cljs index 1df6d70ee..9ab16f6fa 100644 --- a/frontend/src/app/main/ui/dashboard/team.cljs +++ b/frontend/src/app/main/ui/dashboard/team.cljs @@ -900,6 +900,10 @@ stats (mf/deref refs/dashboard-team-stats) + you-owner? (get-in team [:permissions :is-owner]) + you-admin? (get-in team [:permissions :is-admin]) + can-edit? (or you-owner? you-admin?) + on-image-click (mf/use-callback #(dom/click (mf/ref-val finput))) @@ -931,12 +935,14 @@ [:div.label (tr "dashboard.team-info")] [:div.name (:name team)] [:div.icon - [:span.update-overlay {:on-click on-image-click} i/image] + (when can-edit? + [:span.update-overlay {:on-click on-image-click} i/image]) [:img {:src (cfg/resolve-team-photo-url team)}] - [:& file-uploader {:accept "image/jpeg,image/png" - :multi false - :ref finput - :on-selected on-file-selected}]]] + (when can-edit? + [:& file-uploader {:accept "image/jpeg,image/png" + :multi false + :ref finput + :on-selected on-file-selected}])]] [:div.block.owner-block [:div.label (tr "dashboard.team-members")]