chore: roles demotion (#5612)

makeplane · Sep 16, 2024 · 3ce84f7 · 3ce84f7
1 parent 5ba1eea
commit 3ce84f7
Show file tree

Hide file tree

Showing 2 changed files with 8 additions and 28 deletions.
diff --git a/apiserver/plane/app/views/project/invite.py b/apiserver/plane/app/views/project/invite.py
@@ -164,7 +164,7 @@ def create(self, request, slug):
                 ProjectMember(
                     project_id=project_id,
                     member=request.user,
-                    role=15 if workspace_role >= 15 else 5,
+                    role=workspace_role,
                     workspace=workspace,
                     created_by=request.user,
                 )

diff --git a/apiserver/plane/app/views/workspace/member.py b/apiserver/plane/app/views/workspace/member.py
@@ -14,7 +14,7 @@
     WorkSpaceAdminPermission,
     WorkspaceEntityPermission,
     allow_permission,
-    ROLE
+    ROLE,
 )
 
 # Module imports
@@ -44,7 +44,6 @@ class WorkSpaceMemberViewSet(BaseViewSet):
     serializer_class = WorkspaceMemberAdminSerializer
     model = WorkspaceMember
 
-
     search_fields = [
         "member__display_name",
         "member__first_name",
@@ -96,9 +95,7 @@ def list(self, request, slug):
         user=False,
         multiple=True,
     )
-    @allow_permission(
-        allowed_roles=[ROLE.ADMIN], level="WORKSPACE"
-    )
+    @allow_permission(allowed_roles=[ROLE.ADMIN], level="WORKSPACE")
     def partial_update(self, request, slug, pk):
         workspace_member = WorkspaceMember.objects.get(
             pk=pk,
@@ -112,25 +109,10 @@ def partial_update(self, request, slug, pk):
                 status=status.HTTP_400_BAD_REQUEST,
             )
 
-        # Get the requested user role
-        requested_workspace_member = WorkspaceMember.objects.get(
-            workspace__slug=slug,
-            member=request.user,
-            is_active=True,
-        )
-        # Check if role is being updated
-        # One cannot update role higher than his own role
-        if (
-            "role" in request.data
-            and int(request.data.get("role", workspace_member.role))
-            > requested_workspace_member.role
-        ):
-            return Response(
-                {
-                    "error": "You cannot update a role that is higher than your own role"
-                },
-                status=status.HTTP_400_BAD_REQUEST,
-            )
+        if workspace_member.role > int(request.data.get("role")):
+            _ = ProjectMember.objects.filter(
+                workspace__slug=slug, member_id=workspace_member.member_id
+            ).update(role=int(request.data.get("role")))
 
         serializer = WorkSpaceMemberSerializer(
             workspace_member, data=request.data, partial=True
@@ -151,9 +133,7 @@ def partial_update(self, request, slug, pk):
     @invalidate_cache(
         path="/api/users/me/workspaces/", user=False, multiple=True
     )
-    @allow_permission(
-        allowed_roles=[ROLE.ADMIN], level="WORKSPACE"
-    )
+    @allow_permission(allowed_roles=[ROLE.ADMIN], level="WORKSPACE")
     def destroy(self, request, slug, pk):
         # Check the user role who is deleting the user
         workspace_member = WorkspaceMember.objects.get(