@@ 412,7 412,7 @@ func (r *mutationResolver) AddMember(ctx context.Context, input *model.MemberInp
return nil, nil
}
org := orgs[0]
- if org.OwnerID != int(currentUser.ID) {
+ if !org.CanAdminWrite(ctx, currentUser) {
validator.Error(lt.Translate("This user is not allowed to perform this action")).
WithCode(valid.ErrNotFoundCode)
return nil, nil
@@ 676,20 676,11 @@ func (r *mutationResolver) UpdateLink(ctx context.Context, input *model.UpdateLi
}
orgLink := orgLinks[0]
- orgs, err := user.GetOrgs(ctx, models.OrgUserPermissionWrite)
+ org, err := user.GetOrgsID(ctx, models.OrgUserPermissionWrite, orgLink.OrgID)
if err != nil {
return nil, err
}
-
- var canEdit bool
- var org *models.Organization
- for _, o := range orgs {
- if o.ID == orgLink.OrgID {
- canEdit = true
- org = o
- }
- }
- if !canEdit {
+ if org == nil {
validator.Error(lt.Translate("Element Not Found")).
WithCode(valid.ErrNotFoundCode)
return nil, nil
@@ 1457,19 1448,11 @@ func (r *mutationResolver) UpdateOrganization(ctx context.Context, input *model.
return nil, nil
}
- opts := &database.FilterOptions{
- Filter: sq.And{
- sq.Eq{"o.slug": input.CurrentSlug},
- sq.Eq{"o.owner_id": user.ID},
- },
- Limit: 1,
- }
- orgs, err := models.GetOrganizations(ctx, opts)
+ org, err := user.GetOrgsSlug(ctx, models.OrgUserPermissionAdminWrite, input.CurrentSlug)
if err != nil {
return nil, err
}
-
- if len(orgs) == 0 {
+ if org == nil {
validator.Error(
lt.Translate("Organization Not Found")).
WithField("name").
@@ 1477,13 1460,18 @@ func (r *mutationResolver) UpdateOrganization(ctx context.Context, input *model.
return nil, nil
}
- org := orgs[0]
-
// If the org name changed, validate it
+ var (
+ opts *database.FilterOptions
+ orgs []*models.Organization
+ )
if input.Name != org.Name {
opts = &database.FilterOptions{
- Filter: sq.Eq{"o.name": input.Name},
- Limit: 1,
+ Filter: sq.And{
+ sq.Eq{"o.name": input.Name},
+ sq.Eq{"o.owner_id": user.ID},
+ },
+ Limit: 1,
}
orgs, err = models.GetOrganizations(ctx, opts)
if err != nil {
@@ 1688,7 1676,7 @@ func (r *mutationResolver) AddDomain(ctx context.Context, input model.DomainInpu
return nil, nil
}
- org, err := user.GetOrgsSlug(ctx, models.OrgUserPermissionWrite, input.OrgSlug)
+ org, err := user.GetOrgsSlug(ctx, models.OrgUserPermissionAdminWrite, input.OrgSlug)
if err != nil {
return nil, err
}
@@ 2202,7 2190,7 @@ func (r *mutationResolver) DeleteDomain(ctx context.Context, id int) (*model.Del
return nil, nil
}
- org, err := user.GetOrgsID(ctx, models.OrgUserPermissionWrite, int(domain.OrgID.Int64))
+ org, err := user.GetOrgsID(ctx, models.OrgUserPermissionAdminWrite, int(domain.OrgID.Int64))
if err != nil {
return nil, err
}
@@ 226,11 226,16 @@ func (o *Organization) CanRead(ctx context.Context, user *User) bool {
return o.permCheck(ctx, user, OrgUserPermissionRead)
}
-// CanWrite checks if provided user has read access to organization
+// CanWrite checks if provided user has write access to organization
func (o *Organization) CanWrite(ctx context.Context, user *User) bool {
return o.permCheck(ctx, user, OrgUserPermissionWrite)
}
+// CanAdminWrite checks if provided user has admin write access to organization
+func (o *Organization) CanAdminWrite(ctx context.Context, user *User) bool {
+ return o.permCheck(ctx, user, OrgUserPermissionAdminWrite)
+}
+
func (o *Organization) IsRestricted(restrictedStatus []int) bool {
status := o.Settings.Billing.Status
for _, i := range restrictedStatus {