Project api auth update (#1572)

2019-03-29 14:13:37 +02:00 · 2019-03-29 14:13:37 +02:00 · 0ce6d4ab81
commit 0ce6d4ab81
parent ddce5a4bf8
2 changed files with 10 additions and 6 deletions
--- a/satellite/console/consoleweb/consoleql/mail.go
+++ b/satellite/console/consoleweb/consoleql/mail.go
@ -49,5 +49,5 @@ func (*ProjectInvitationEmail) Template() string { return "Invite" }
 // Subject gets email subject
 func (email *ProjectInvitationEmail) Subject() string {
-	return "You were invited you to join the Project " + email.ProjectName
+	return "You were invited to join the Project " + email.ProjectName
 }
--- a/satellite/console/service.go
+++ b/satellite/console/service.go
@ -342,28 +342,32 @@ func (s *Service) CreateProject(ctx context.Context, projectInfo ProjectInfo) (p
 // DeleteProject is a method for deleting project by id
 func (s *Service) DeleteProject(ctx context.Context, projectID uuid.UUID) (err error) {
 	defer mon.Task()(&ctx)(&err)
-	_, err = GetAuth(ctx)
+	auth, err := GetAuth(ctx)
 	if err != nil {
 		return err
 	}
-	// TODO: before deletion we should check if user is a project member
+	if _, err = s.isProjectMember(ctx, auth.User.ID, projectID); err != nil {
 		return ErrUnauthorized.Wrap(err)
 	}
 	return s.store.Projects().Delete(ctx, projectID)
 }
 // UpdateProject is a method for updating project description by id
 func (s *Service) UpdateProject(ctx context.Context, projectID uuid.UUID, description string) (p *Project, err error) {
 	defer mon.Task()(&ctx)(&err)
-	_, err = GetAuth(ctx)
+	auth, err := GetAuth(ctx)
 	if err != nil {
 		return nil, err
 	}
-	project, err := s.store.Projects().Get(ctx, projectID)
+	isMember, err := s.isProjectMember(ctx, auth.User.ID, projectID)
 	if err != nil {
-		return nil, errs.New("Project doesn't exist!")
+		return nil, ErrUnauthorized.Wrap(err)
 	}
 	project := isMember.project
 	project.Description = description
 	err = s.store.Projects().Update(ctx, project)