Resolved an issue where the API required users to be organization owners when accessing the members page (#4534)

2024-11-21 12:05:42 +01:00 · 2024-07-19 10:24:48 -04:00 · 2024-07-19 10:24:48 -04:00 · 9b9f202f79
commit 9b9f202f79
parent 81477303e3
4 changed files with 10 additions and 4 deletions
--- a/src/Api/Billing/Controllers/OrganizationBillingController.cs
+++ b/src/Api/Billing/Controllers/OrganizationBillingController.cs
@ -20,7 +20,7 @@ public class OrganizationBillingController(
    [HttpGet("metadata")]
    public async Task<IResult> GetMetadataAsync([FromRoute] Guid organizationId)
    {
-        if (!await currentContext.ViewBillingHistory(organizationId))
+        if (!await currentContext.AccessMembersTab(organizationId))
        {
            return TypedResults.Unauthorized();
        }
--- a/src/Core/Context/CurrentContext.cs
+++ b/src/Core/Context/CurrentContext.cs
@ -383,6 +383,11 @@ public class CurrentContext : ICurrentContext
        return await EditSubscription(orgId);
    }

+    public async Task<bool> AccessMembersTab(Guid orgId)
+    {
+        return await OrganizationAdmin(orgId) || await ManageUsers(orgId) || await ManageResetPassword(orgId);
+    }
+
    public bool ProviderProviderAdmin(Guid providerId)
    {
        return Providers?.Any(o => o.Id == providerId && o.Type == ProviderUserType.ProviderAdmin) ?? false;
--- a/src/Core/Context/ICurrentContext.cs
+++ b/src/Core/Context/ICurrentContext.cs
@ -48,6 +48,7 @@ public interface ICurrentContext
    Task<bool> ManagePolicies(Guid orgId);
    Task<bool> ManageSso(Guid orgId);
    Task<bool> ManageUsers(Guid orgId);
+    Task<bool> AccessMembersTab(Guid orgId);
    Task<bool> ManageScim(Guid orgId);
    Task<bool> ManageResetPassword(Guid orgId);
    Task<bool> ViewSubscription(Guid orgId);
--- a/test/Api.Test/Billing/Controllers/OrganizationBillingControllerTests.cs
+++ b/test/Api.Test/Billing/Controllers/OrganizationBillingControllerTests.cs
@ -23,7 +23,7 @@ public class OrganizationBillingControllerTests
        Guid organizationId,
        SutProvider<OrganizationBillingController> sutProvider)
    {
-        sutProvider.GetDependency<ICurrentContext>().ViewBillingHistory(organizationId).Returns(false);
+        sutProvider.GetDependency<ICurrentContext>().AccessMembersTab(organizationId).Returns(false);

        var result = await sutProvider.Sut.GetMetadataAsync(organizationId);

@ -35,7 +35,7 @@ public class OrganizationBillingControllerTests
        Guid organizationId,
        SutProvider<OrganizationBillingController> sutProvider)
    {
-        sutProvider.GetDependency<ICurrentContext>().ViewBillingHistory(organizationId).Returns(true);
+        sutProvider.GetDependency<ICurrentContext>().AccessMembersTab(organizationId).Returns(true);
        sutProvider.GetDependency<IOrganizationBillingService>().GetMetadata(organizationId).Returns((OrganizationMetadataDTO)null);

        var result = await sutProvider.Sut.GetMetadataAsync(organizationId);
@ -48,7 +48,7 @@ public class OrganizationBillingControllerTests
        Guid organizationId,
        SutProvider<OrganizationBillingController> sutProvider)
    {
-        sutProvider.GetDependency<ICurrentContext>().ViewBillingHistory(organizationId).Returns(true);
+        sutProvider.GetDependency<ICurrentContext>().AccessMembersTab(organizationId).Returns(true);
        sutProvider.GetDependency<IOrganizationBillingService>().GetMetadata(organizationId)
            .Returns(new OrganizationMetadataDTO(true));