Add new permission

kamicut · kamicut · commit bfdb84cfe3c6 · 2022-11-09T16:10:15.000+02:00
diff --git a/app/lib/organization.js b/app/lib/organization.js
@@ -265,6 +265,20 @@ async function isMemberOrStaff (organizationId, osmId) {
   return result.length > 0
 }
 
+/**
+ * Checks if an osmId is a moderator of any team inside the org
+ * @param {int} organizationId - organization id
+ * @param {int} osmId - id of member we are testing
+ */
+async function isOrgTeamModerator (organizationId, osmId) {
+  if (!organizationId) throw new PropertyRequiredError('organization id')
+  if (!osmId) throw new PropertyRequiredError('osm id')
+  const conn = await db()
+  const subquery = conn('organization_team').select('team_id').where('organization_id', organizationId)
+  const isModeratorOfAny = await conn('moderator').whereIn('team_id', subquery).debug()
+  return isModeratorOfAny.length > 0
+}
+
 /**
  * Checks if the osm user is an owner of a team
  * @param {int} organizationId - organization id
@@ -350,6 +364,7 @@ module.exports = {
   isOwner,
   isManager,
   isMember,
+  isOrgTeamModerator,
   createOrgTeam,
   listMyOrganizations,
   getOrgStaff,
diff --git a/app/manage/index.js b/app/manage/index.js
@@ -221,7 +221,7 @@ function manageRouter (nextApp) {
   router.get('/api/profiles/keys/organizations/:id', can('organization:edit'), getProfileKeys('org', 'org'))
   router.post('/api/profiles/keys/organizations/:id', can('organization:edit'), createProfileKeys('org', 'org'))
 
-  router.get('/api/profiles/keys/organizations/:id/teams', can('organization:edit'), getProfileKeys('org', 'team'))
+  router.get('/api/profiles/keys/organizations/:id/teams', can('organization:view-team-keys'), getProfileKeys('org', 'team'))
   router.post('/api/profiles/keys/organizations/:id/teams', can('organization:edit'), createProfileKeys('org', 'team'))
 
   router.get('/api/profiles/keys/organizations/:id/users', can('organization:member'), getProfileKeys('org', 'user'))
diff --git a/app/manage/permissions/index.js b/app/manage/permissions/index.js
@@ -26,7 +26,8 @@ const organizationPermissions = {
   'organization:edit': require('./edit-org'),
   'organization:create-team': require('./create-org-team'),
   'organization:member': require('./member-org'),
-  'organization:view-members': require('./view-org-members')
+  'organization:view-members': require('./view-org-members'),
+  'organization:view-team-keys': require('./view-org-team-keys')
 }
 
 const clientPermissions = {

Original file line number	Diff line number	Diff line change
`@@ -26,7 +26,8 @@ const organizationPermissions = {`
`26`	`26`	`'organization:edit': require('./edit-org'),`
`27`	`27`	`'organization:create-team': require('./create-org-team'),`
`28`	`28`	`'organization:member': require('./member-org'),`
`29`		`- 'organization:view-members': require('./view-org-members')`
	`29`	`+ 'organization:view-members': require('./view-org-members'),`
	`30`	`+ 'organization:view-team-keys': require('./view-org-team-keys')`
`30`	`31`	`}`
`31`	`32`
`32`	`33`	`const clientPermissions = {`