From 3ce84f78f1836caf3aeb6bde16c12535c692ec81 Mon Sep 17 00:00:00 2001
From: Bavisetti Narayan <72156168+NarayanBavisetti@users.noreply.github.com>
Date: Mon, 16 Sep 2024 14:25:27 +0530
Subject: [PATCH] chore: roles demotion (#5612)

---
 apiserver/plane/app/views/project/invite.py   |  2 +-
 apiserver/plane/app/views/workspace/member.py | 34 ++++---------------
 2 files changed, 8 insertions(+), 28 deletions(-)

diff --git a/apiserver/plane/app/views/project/invite.py b/apiserver/plane/app/views/project/invite.py
index 7e31a332580..b48602cecb9 100644
--- a/apiserver/plane/app/views/project/invite.py
+++ b/apiserver/plane/app/views/project/invite.py
@@ -164,7 +164,7 @@ def create(self, request, slug):
                 ProjectMember(
                     project_id=project_id,
                     member=request.user,
-                    role=15 if workspace_role >= 15 else 5,
+                    role=workspace_role,
                     workspace=workspace,
                     created_by=request.user,
                 )
diff --git a/apiserver/plane/app/views/workspace/member.py b/apiserver/plane/app/views/workspace/member.py
index 146b48b286d..ce77f70e0b6 100644
--- a/apiserver/plane/app/views/workspace/member.py
+++ b/apiserver/plane/app/views/workspace/member.py
@@ -14,7 +14,7 @@
     WorkSpaceAdminPermission,
     WorkspaceEntityPermission,
     allow_permission,
-    ROLE
+    ROLE,
 )
 
 # Module imports
@@ -44,7 +44,6 @@ class WorkSpaceMemberViewSet(BaseViewSet):
     serializer_class = WorkspaceMemberAdminSerializer
     model = WorkspaceMember
 
-
     search_fields = [
         "member__display_name",
         "member__first_name",
@@ -96,9 +95,7 @@ def list(self, request, slug):
         user=False,
         multiple=True,
     )
-    @allow_permission(
-        allowed_roles=[ROLE.ADMIN], level="WORKSPACE"
-    )
+    @allow_permission(allowed_roles=[ROLE.ADMIN], level="WORKSPACE")
     def partial_update(self, request, slug, pk):
         workspace_member = WorkspaceMember.objects.get(
             pk=pk,
@@ -112,25 +109,10 @@ def partial_update(self, request, slug, pk):
                 status=status.HTTP_400_BAD_REQUEST,
             )
 
-        # Get the requested user role
-        requested_workspace_member = WorkspaceMember.objects.get(
-            workspace__slug=slug,
-            member=request.user,
-            is_active=True,
-        )
-        # Check if role is being updated
-        # One cannot update role higher than his own role
-        if (
-            "role" in request.data
-            and int(request.data.get("role", workspace_member.role))
-            > requested_workspace_member.role
-        ):
-            return Response(
-                {
-                    "error": "You cannot update a role that is higher than your own role"
-                },
-                status=status.HTTP_400_BAD_REQUEST,
-            )
+        if workspace_member.role > int(request.data.get("role")):
+            _ = ProjectMember.objects.filter(
+                workspace__slug=slug, member_id=workspace_member.member_id
+            ).update(role=int(request.data.get("role")))
 
         serializer = WorkSpaceMemberSerializer(
             workspace_member, data=request.data, partial=True
@@ -151,9 +133,7 @@ def partial_update(self, request, slug, pk):
     @invalidate_cache(
         path="/api/users/me/workspaces/", user=False, multiple=True
     )
-    @allow_permission(
-        allowed_roles=[ROLE.ADMIN], level="WORKSPACE"
-    )
+    @allow_permission(allowed_roles=[ROLE.ADMIN], level="WORKSPACE")
     def destroy(self, request, slug, pk):
         # Check the user role who is deleting the user
         workspace_member = WorkspaceMember.objects.get(