Skip to content

[FIX] Permission view-all-teams is not checked in the teams.info endpoint#25841

Merged
kodiakhq[bot] merged 25 commits intodevelopfrom
fix/view-teams-info-permission
Aug 17, 2022
Merged

[FIX] Permission view-all-teams is not checked in the teams.info endpoint#25841
kodiakhq[bot] merged 25 commits intodevelopfrom
fix/view-teams-info-permission

Conversation

@LucianoPierdona
Copy link
Contributor

@LucianoPierdona LucianoPierdona commented Jun 13, 2022
edited by matheusbsilva137
Loading

Proposed changes (including videos or screenshots)

Previously any authenticated user was able to access the teams.info endpoint, this PR updates this so only users with the view-all-teams permission or team members can access it.

Issue(s)

Steps to test or reproduce

User 1

  • Create a private team with only User 1 added to it.

User 2

  • Access the above team through curl
curl  -H "X-Auth-Token: {authToken}" \
      -H "X-User-Id: {userId}" \
      -H "Content-type: application/json" \
      http://localhost:3000/api/v1/teams.info?teamName=Team1

Expected result

  • If User 2 doesn't have the view-all-teams permission, the response must be unauthorized;
  • If User 2 has the view-all-teams permission, the response must be succesful;
  • For User 1, the response must be succesful;
  • If the team is changed to public, the response must be succesful for User 1 and User 2 regardless of the view-all-teams permission.

Further comments

@LucianoPierdona LucianoPierdona changed the title Fix/view teams info permission [FIX] view teams info permission Jun 13, 2022
@LucianoPierdona LucianoPierdona self-assigned this Jun 13, 2022
@LucianoPierdona LucianoPierdona requested a review from a team June 13, 2022 12:43
KevLehman
KevLehman reviewed Jun 13, 2022
View reviewed changes
@LucianoPierdona LucianoPierdona changed the title [FIX] view teams info permission [FIX][BREAK] view teams info permission Jun 13, 2022
@LucianoPierdona LucianoPierdona changed the title [FIX][BREAK] view teams info permission [BREAK] view teams info permission Jun 13, 2022
@LucianoPierdona LucianoPierdona marked this pull request as ready for review June 22, 2022 16:44
@ggazzo ggazzo changed the title [BREAK] view teams info permission [FIX] View teams info permission Jun 27, 2022
@ggazzo ggazzo added this to the 5.0.0 milestone Jun 27, 2022
ggazzo
ggazzo previously approved these changes Jun 29, 2022
View reviewed changes
@casalsgh casalsgh removed this from the 5.0.0 milestone Jun 30, 2022
matheusbsilva137
matheusbsilva137 suggested changes Aug 12, 2022
View reviewed changes
@LucianoPierdona LucianoPierdona requested a review from a team as a code owner August 15, 2022 13:52
matheusbsilva137
matheusbsilva137 suggested changes Aug 15, 2022
View reviewed changes
matheusbsilva137
matheusbsilva137 suggested changes Aug 16, 2022
View reviewed changes
LucianoPierdona and others added 2 commits August 16, 2022 12:34
@LucianoPierdona @matheusbsilva137
Update apps/meteor/tests/end-to-end/api/25-teams.js
4a081ca 
Co-authored-by: Matheus Barbosa Silva <36537004+matheusbsilva137@users.noreply.github.com>
@matheusbsilva137
Merge branch 'develop' into fix/view-teams-info-permission
f6496e7
@matheusbsilva137 matheusbsilva137 changed the title [FIX] View teams info permission [FIX] Permission view-all-teams is not checked in the teams.info endpoint Aug 16, 2022
matheusbsilva137
matheusbsilva137 approved these changes Aug 16, 2022
View reviewed changes
Copy link
Contributor

@matheusbsilva137 matheusbsilva137 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM. We just need a review from the chat-engine team for the new tests.

@LucianoPierdona LucianoPierdona requested a review from ggazzo August 16, 2022 17:19
@ggazzo ggazzo added stat: ready to merge PR tested and approved waiting for merge and removed stat: needs QA labels Aug 17, 2022
@kodiakhq kodiakhq bot merged commit 22f209d into develop Aug 17, 2022
@kodiakhq kodiakhq bot deleted the fix/view-teams-info-permission branch August 17, 2022 18:05
csuadev pushed a commit that referenced this pull request Aug 26, 2022
@LucianoPierdona @matheusbsilva137
[FIX] Permission view-all-teams is not checked in the teams.info
733d847 
…endpoint (#25841)

Co-authored-by: Matheus Barbosa Silva <36537004+matheusbsilva137@users.noreply.github.com>
@murtaza98 murtaza98 mentioned this pull request Sep 2, 2022
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@ggazzo ggazzo ggazzo approved these changes

@KevLehman KevLehman Awaiting requested review from KevLehman

+1 more reviewer

@matheusbsilva137 matheusbsilva137 matheusbsilva137 approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

@LucianoPierdona LucianoPierdona

Labels

stat: ready to merge PR tested and approved waiting for merge

Projects

None yet

Milestone

5.1.0

Development

Successfully merging this pull request may close these issues.

6 participants

@LucianoPierdona @ggazzo @KevLehman @matheusbsilva137 @gabriellsh @casalsgh