CodeMirror/appwrite
1
0
Fork 0
mirror of synced 2024-06-29 11:40:45 +12:00
Code Issues Projects Releases Wiki Activity

Apply suggestions from code review

Browse source 
Co-authored-by: Eldad A. Fux <eldad.fux@gmail.com>
This commit is contained in:
Christy Jacob 2021-05-13 19:31:52 +05:30 committed by GitHub
parent df3f2d73e3
commit 3b74a92ab3
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 1 additions and 15 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

16
app/controllers/api/teams.php
View file

@ -508,24 +508,10 @@ App::patch('/v1/teams/:teamId/memberships/:membershipId')
throw new Exception('Membership not found', 404);
}
$memberships = $projectDB->getCollection([
'limit' => 2000,
'offset' => 0,
'filters' => [
'$collection='.Database::SYSTEM_COLLECTION_MEMBERSHIPS,
'teamId='.$team->getId(),
],
]);
$isPrivilegedUser = Auth::isPrivilegedUser(Authorization::$roles);
$isAppUser = Auth::isAppUser(Authorization::$roles);
$isOwner = false;
foreach ($memberships as $member) {
if ($member->getAttribute('userId') == $user->getId() && \in_array('owner', $member->getAttribute('roles', []))) {
$isOwner = true;
}
}
$isOwner = Authorization::isRole('team:'.$team->getId().'/owner');;
if (!$isOwner && !$isPrivilegedUser && !$isAppUser) { // Not owner, not admin, not app (server)
throw new Exception('User is not allowed to modify roles', 401);