Skip to content

Fix for Issue #561 Return empty invites for user without enough permission #570

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 4 commits into from
May 11, 2020
Merged

Fix for Issue #561 Return empty invites for user without enough permission #570

merged 4 commits into from
May 11, 2020

Conversation

gets0ul
Copy link
Contributor

@gets0ul gets0ul commented May 6, 2020

  • use separate scope for invites
  • return project with empty invites if user doesn't have enough permission

@gets0ul
- use separate scope for invites
613beeb 
- return project with empty invites if user doesn't have enough permission
@maxceem maxceem self-requested a review May 8, 2020 05:16
maxceem
maxceem suggested changes May 8, 2020
View reviewed changes
Copy link
Contributor

@maxceem maxceem left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@gets0ul works good.

The only thing we have to find invites by email in a case-insensitive way, but I guess thee lines wouldn't fine invite if user is invited with email in different case than in user profile.

_.filter(fp.invites, invite => invite.userId === currentUserId || invite.email === email);

@gets0ul
Copy link
Contributor Author

gets0ul commented May 8, 2020

@maxceem PR is updated

@maxceem maxceem self-requested a review May 11, 2020 04:53
maxceem
maxceem suggested changes May 11, 2020
View reviewed changes
Copy link
Contributor

@maxceem maxceem left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@gets0ul some lint errors are there, and I guess there is a misuse of email and currentUserEmail

image

@gets0ul
Copy link
Contributor Author

gets0ul commented May 11, 2020

@maxceem fixed.

@maxceem maxceem self-requested a review May 11, 2020 06:41
maxceem
maxceem approved these changes May 11, 2020
View reviewed changes
Copy link
Contributor

@maxceem maxceem left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Works good now @gets0ul.

Actually, we also have to filter invites when we get the from DB in the project list endpoint, not only ES, but it's better to handle it a little bit letter due to other changes we did in develop branch.

@maxceem maxceem changed the base branch from hotfix/post-release-2.4.1 to feature/members-invites-permission-fixes May 11, 2020 09:35
@maxceem maxceem merged commit 3a7f1ad into topcoder-platform:feature/members-invites-permission-fixes May 11, 2020
@maxceem maxceem mentioned this pull request May 11, 2020
Merged
@vikasrohit
Copy link

@maxceem I am pretty much sure that we have taken care of this but just want to be double sure, this change would not cause problem in returning invites for a user is invited to the project.

@maxceem
Copy link
Contributor

maxceem commented May 14, 2020

@maxceem I am pretty much sure that we have taken care of this but just want to be double sure, this change would not cause problem in returning invites for a user is invited to the project.

Yes, we took care of it. And it's already deployed to DEV. So I guess during QA someone would notice if it accidentally got broken somehow. But as it's important functionality I would ask QA team to make regression testing here appirio-tech/connect-app#4019.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@maxceem maxceem maxceem approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@gets0ul @vikasrohit @maxceem