Merge branch 'main' into kalilsn/sorting

pubpub · Mar 3, 2025 · 61d5372 · 61d5372
2 parents 4e486f7 + 843aeb3
commit 61d5372
Show file tree

Hide file tree

Showing 2 changed files with 41 additions and 1 deletion.
diff --git a/core/lib/server/user.ts b/core/lib/server/user.ts
@@ -237,13 +237,45 @@ export const createUserWithMembership = async (data: {
 			};
 		}
 
-		if (!user?.isSuperAdmin && isSuperAdmin) {
+		if (!user.isSuperAdmin && isSuperAdmin) {
 			return {
 				title: "Failed to add member",
 				error: "You cannot add members as super admins",
 			};
 		}
 
+		// If they're adding a community member, make sure their role is equivalent or higher than
+		// the new member's. If they're adding a different type of membership, the community
+		// membership is always a contributor, so we can skip this check.
+		if (membership.type === MembershipType.community) {
+			const rolesRanking = {
+				[MemberRole.admin]: 2,
+				[MemberRole.editor]: 1,
+				[MemberRole.contributor]: 0,
+			};
+			const highestRole = user.memberships.reduce(
+				(highestRole, m) => {
+					if (m.communityId === community.id) {
+						if (!highestRole || rolesRanking[m.role] > rolesRanking[highestRole]) {
+							return m.role;
+						}
+					}
+					return highestRole;
+				},
+				undefined as MemberRole | undefined
+			);
+
+			const roleIsHighEnough =
+				highestRole && rolesRanking[highestRole] >= rolesRanking[membership.role];
+
+			if (!roleIsHighEnough) {
+				return {
+					title: "Failed to add member",
+					error: "You cannot add members with a higher role than your own",
+				};
+			}
+		}
+
 		let nameQuery: (trx: Transaction<Database>) => Promise<string>;
 		let membershipQuery: (trx: Transaction<Database>, userId: UsersId) => Promise<unknown>;
 		let target: CapabilityTarget;

diff --git a/core/prisma/migrations/20250227001152_let_community_editors_invite_users/migration.sql b/core/prisma/migrations/20250227001152_let_community_editors_invite_users/migration.sql
@@ -0,0 +1,8 @@
+INSERT INTO
+    "membership_capabilities"
+VALUES
+    (
+        'editor'::"MemberRole",
+        'community'::"MembershipType",
+        'addCommunityMember'::"Capabilities"
+    );