Skip to content

Commit

Permalink
fix adding members to public board by editor (#3954) (#3956)
Browse files Browse the repository at this point in the history
* fix adding members to public board by editor

* remove log line

* fix unit tests

* lint fix

* update test

(cherry picked from commit ee2f07c)
  • Loading branch information
sbishel authored Oct 6, 2022
1 parent 524308d commit 83045ce
Show file tree
Hide file tree
Showing 3 changed files with 6 additions and 5 deletions.
3 changes: 2 additions & 1 deletion server/api/members.go
Original file line number Diff line number Diff line change
Expand Up @@ -133,7 +133,8 @@ func (a *API) handleAddMember(w http.ResponseWriter, r *http.Request) {
return
}

if !a.permissions.HasPermissionToBoard(userID, boardID, model.PermissionManageBoardRoles) {
if !a.permissions.HasPermissionToBoard(userID, boardID, model.PermissionManageBoardRoles) &&
!(board.Type == model.BoardTypeOpen && a.permissions.HasPermissionToBoard(userID, boardID, model.PermissionManageBoardProperties)) {
a.errorResponse(w, r.URL.Path, http.StatusForbidden, "", PermissionError{"access denied to modify board members"})
return
}
Expand Down
4 changes: 2 additions & 2 deletions server/integrationtests/board_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -1393,8 +1393,8 @@ func TestAddMember(t *testing.T) {
require.Equal(t, th.GetUser2().ID, member.UserID)

member, resp = th.Client2.AddMemberToBoard(newMember)
th.CheckForbidden(resp)
require.Nil(t, member)
th.CheckOK(resp)
require.NotNil(t, member)

members, resp = th.Client2.GetMembersForBoard(board.ID)
th.CheckOK(resp)
Expand Down
4 changes: 2 additions & 2 deletions server/integrationtests/permissions_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -1697,7 +1697,7 @@ func TestPermissionsCreateBoardMembers(t *testing.T) {
{"/boards/{PUBLIC_BOARD_ID}/members", methodPost, boardMemberJSON(testData.publicBoard.ID), userTeamMember, http.StatusForbidden, 0},
{"/boards/{PUBLIC_BOARD_ID}/members", methodPost, boardMemberJSON(testData.publicBoard.ID), userViewer, http.StatusForbidden, 0},
{"/boards/{PUBLIC_BOARD_ID}/members", methodPost, boardMemberJSON(testData.publicBoard.ID), userCommenter, http.StatusForbidden, 0},
{"/boards/{PUBLIC_BOARD_ID}/members", methodPost, boardMemberJSON(testData.publicBoard.ID), userEditor, http.StatusForbidden, 0},
{"/boards/{PUBLIC_BOARD_ID}/members", methodPost, boardMemberJSON(testData.publicBoard.ID), userEditor, http.StatusOK, 1},
{"/boards/{PUBLIC_BOARD_ID}/members", methodPost, boardMemberJSON(testData.publicBoard.ID), userAdmin, http.StatusOK, 1},
{"/boards/{PUBLIC_BOARD_ID}/members", methodPost, boardMemberJSON(testData.publicBoard.ID), userGuest, http.StatusForbidden, 0},

Expand All @@ -1715,7 +1715,7 @@ func TestPermissionsCreateBoardMembers(t *testing.T) {
{"/boards/{PUBLIC_TEMPLATE_ID}/members", methodPost, boardMemberJSON(testData.publicTemplate.ID), userTeamMember, http.StatusForbidden, 0},
{"/boards/{PUBLIC_TEMPLATE_ID}/members", methodPost, boardMemberJSON(testData.publicTemplate.ID), userViewer, http.StatusForbidden, 0},
{"/boards/{PUBLIC_TEMPLATE_ID}/members", methodPost, boardMemberJSON(testData.publicTemplate.ID), userCommenter, http.StatusForbidden, 0},
{"/boards/{PUBLIC_TEMPLATE_ID}/members", methodPost, boardMemberJSON(testData.publicTemplate.ID), userEditor, http.StatusForbidden, 0},
{"/boards/{PUBLIC_TEMPLATE_ID}/members", methodPost, boardMemberJSON(testData.publicTemplate.ID), userEditor, http.StatusOK, 1},
{"/boards/{PUBLIC_TEMPLATE_ID}/members", methodPost, boardMemberJSON(testData.publicTemplate.ID), userAdmin, http.StatusOK, 1},
{"/boards/{PUBLIC_TEMPLATE_ID}/members", methodPost, boardMemberJSON(testData.publicTemplate.ID), userGuest, http.StatusForbidden, 0},
}
Expand Down

0 comments on commit 83045ce

Please sign in to comment.