Browse Source

Merge pull request #6351 from nocodb/fix/pr-invite

fix: validate invite role
pull/6352/head
Pranav C 1 year ago committed by GitHub
parent
commit
f233b117cb
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
  1. 21
      packages/nocodb/src/services/project-users/project-users.service.ts

21
packages/nocodb/src/services/project-users/project-users.service.ts

@ -1,6 +1,7 @@
import { Injectable } from '@nestjs/common'; import { Injectable } from '@nestjs/common';
import { import {
AppEvents, AppEvents,
extractRolesObj,
OrgUserRoles, OrgUserRoles,
PluginCategory, PluginCategory,
ProjectRoles, ProjectRoles,
@ -53,6 +54,26 @@ export class ProjectUsersService {
param.projectUser, param.projectUser,
); );
if (
getProjectRolePower({
project_roles: extractRolesObj(param.projectUser.roles),
}) > getProjectRolePower(param.req.user)
) {
NcError.badRequest(`Insufficient privilege to invite with this role`);
}
if (
![
ProjectRoles.CREATOR,
ProjectRoles.EDITOR,
ProjectRoles.COMMENTER,
ProjectRoles.VIEWER,
ProjectRoles.NO_ACCESS,
].includes(param.projectUser.roles as ProjectRoles)
) {
NcError.badRequest('Invalid role');
}
const emails = (param.projectUser.email || '') const emails = (param.projectUser.email || '')
.toLowerCase() .toLowerCase()
.split(/\s*,\s*/) .split(/\s*,\s*/)

Loading…
Cancel
Save