JakeHillion/storj
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

satellite/console: ensure only project members can remove other project members

Browse Source 
Change-Id: I815eb85f37631aaa65b5dc4cafa6851f241ca0f0
This commit is contained in:
Stefan Benten 2020-10-06 12:32:34 +02:00
parent 9deea2ffe2
commit 44bd65795b
1 changed files with 8 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
satellite/console/service.go
View File

@ -1112,11 +1112,18 @@ func (s *Service) AddProjectMembers(ctx context.Context, projectID uuid.UUID, em
// DeleteProjectMembers removes users by email from given project.
func (s *Service) DeleteProjectMembers(ctx context.Context, projectID uuid.UUID, emails []string) (err error) {
defer mon.Task()(&ctx)(&err)
_, err = s.getAuthAndAuditLog(ctx, "delete project members", zap.String("projectID", projectID.String()), zap.Strings("emails", emails))
authInfo, err := s.getAuthAndAuditLog(ctx, "delete project members", zap.String("projectID", projectID.String()), zap.Strings("emails", emails))
if err != nil {
return err
}
if _, err = s.isProjectMember(ctx, authInfo.User.ID, projectID); err != nil {
if ErrUnauthorized.Has(err) {
return ErrUnauthorized.Wrap(err)
}
return Error.Wrap(err)
}
var userIDs []uuid.UUID
var userErr errs.Group