fix(controlplane): bubble up authorization permission (#408)

migmartri · web-flow · commit 01e19020b5c7 · 2023-11-06T09:19:04.000+01:00
Signed-off-by: Miguel Martinez Trivino &lt;miguel@chainloop.dev&gt;
diff --git a/app/controlplane/internal/biz/orginvitation.go b/app/controlplane/internal/biz/orginvitation.go
@@ -86,20 +86,8 @@ func (uc *OrgInvitationUseCase) Create(ctx context.Context, orgID, senderID, rec
 		return nil, NewErrValidationStr("sender and receiver emails cannot be the same")
 	}
 
-	// 3 - The receiver does not exist in the org already
-	memberships, err := uc.mRepo.FindByOrg(ctx, orgUUID)
-	if err != nil {
-		return nil, fmt.Errorf("error finding memberships for user %s: %w", senderUUID.String(), err)
-	}
-
-	for _, m := range memberships {
-		if m.UserEmail == receiverEmail {
-			return nil, NewErrValidationStr("user already exists in the org")
-		}
-	}
-
-	// 4 - Check if the user has permissions to invite to the org
-	memberships, err = uc.mRepo.FindByUser(ctx, senderUUID)
+	// 3 - Check if the user has permissions to invite to the org
+	memberships, err := uc.mRepo.FindByUser(ctx, senderUUID)
 	if err != nil {
 		return nil, fmt.Errorf("error finding memberships for user %s: %w", senderUUID.String(), err)
 	}
@@ -117,6 +105,18 @@ func (uc *OrgInvitationUseCase) Create(ctx context.Context, orgID, senderID, rec
 		return nil, NewErrNotFound("user does not have permission to invite to this org")
 	}
 
+	// 4 - The receiver does not exist in the org already
+	memberships, err = uc.mRepo.FindByOrg(ctx, orgUUID)
+	if err != nil {
+		return nil, fmt.Errorf("error finding memberships for user %s: %w", senderUUID.String(), err)
+	}
+
+	for _, m := range memberships {
+		if m.UserEmail == receiverEmail {
+			return nil, NewErrValidationStr("user already exists in the org")
+		}
+	}
+
 	// 5 - Check if there is already an invitation for this user for this org
 	m, err := uc.repo.PendingInvitation(ctx, orgUUID, receiverEmail)
 	if err != nil {
diff --git a/app/controlplane/internal/biz/orginvitation_integration_test.go b/app/controlplane/internal/biz/orginvitation_integration_test.go
@@ -75,9 +75,18 @@ func (s *OrgInvitationIntegrationTestSuite) TestCreate() {
 		s.Nil(invite)
 	})
 
-	s.T().Run("user is not member of that org", func(t *testing.T) {
+	s.T().Run("sender is not member of that org", func(t *testing.T) {
 		invite, err := s.OrgInvitation.Create(context.Background(), s.org3.ID, s.user.ID, receiverEmail)
 		s.Error(err)
+		s.ErrorContains(err, "user does not have permission to invite to this org")
+		s.True(biz.IsNotFound(err))
+		s.Nil(invite)
+	})
+
+	s.T().Run("sender is not member of that org but receiver is", func(t *testing.T) {
+		invite, err := s.OrgInvitation.Create(context.Background(), s.org3.ID, s.user.ID, s.user2.Email)
+		s.Error(err)
+		s.ErrorContains(err, "user does not have permission to invite to this org")
 		s.True(biz.IsNotFound(err))
 		s.Nil(invite)
 	})
@@ -232,4 +241,6 @@ func (s *OrgInvitationIntegrationTestSuite) SetupTest() {
 	assert.NoError(err)
 	_, err = s.Membership.Create(ctx, s.org1.ID, s.user2.ID, true)
 	assert.NoError(err)
+	_, err = s.Membership.Create(ctx, s.org3.ID, s.user2.ID, true)
+	assert.NoError(err)
 }
