From 3ec2d9dd6bb0525117654b541dd0f94524a31872 Mon Sep 17 00:00:00 2001
From: Kalil Smith-Nuevelle <kalilsn@gmail.com>
Date: Wed, 26 Feb 2025 18:26:32 -0600
Subject: [PATCH] Allow community editors to invite users

---
 core/lib/server/user.ts                       | 34 ++++++++++++++++++-
 .../migration.sql                             |  8 +++++
 2 files changed, 41 insertions(+), 1 deletion(-)
 create mode 100644 core/prisma/migrations/20250227001152_let_community_editors_invite_users/migration.sql

diff --git a/core/lib/server/user.ts b/core/lib/server/user.ts
index a66dfa395..c0ac53a90 100644
--- a/core/lib/server/user.ts
+++ b/core/lib/server/user.ts
@@ -237,13 +237,45 @@ export const createUserWithMembership = async (data: {
 			};
 		}
 
-		if (!user?.isSuperAdmin && isSuperAdmin) {
+		if (!user.isSuperAdmin && isSuperAdmin) {
 			return {
 				title: "Failed to add member",
 				error: "You cannot add members as super admins",
 			};
 		}
 
+		// If they're adding a community member, make sure their role is equivalent or higher than
+		// the new member's. If they're adding a different type of membership, the community
+		// membership is always a contributor, so we can skip this check.
+		if (membership.type === MembershipType.community) {
+			const rolesRanking = {
+				[MemberRole.admin]: 2,
+				[MemberRole.editor]: 1,
+				[MemberRole.contributor]: 0,
+			};
+			const highestRole = user.memberships.reduce(
+				(highestRole, m) => {
+					if (m.communityId === community.id) {
+						if (!highestRole || rolesRanking[m.role] > rolesRanking[highestRole]) {
+							return m.role;
+						}
+					}
+					return highestRole;
+				},
+				undefined as MemberRole | undefined
+			);
+
+			const roleIsHighEnough =
+				highestRole && rolesRanking[highestRole] >= rolesRanking[membership.role];
+
+			if (!roleIsHighEnough) {
+				return {
+					title: "Failed to add member",
+					error: "You cannot add members with a higher role than your own",
+				};
+			}
+		}
+
 		let nameQuery: (trx: Transaction<Database>) => Promise<string>;
 		let membershipQuery: (trx: Transaction<Database>, userId: UsersId) => Promise<unknown>;
 		let target: CapabilityTarget;
diff --git a/core/prisma/migrations/20250227001152_let_community_editors_invite_users/migration.sql b/core/prisma/migrations/20250227001152_let_community_editors_invite_users/migration.sql
new file mode 100644
index 000000000..4ee5f39a8
--- /dev/null
+++ b/core/prisma/migrations/20250227001152_let_community_editors_invite_users/migration.sql
@@ -0,0 +1,8 @@
+INSERT INTO
+    "membership_capabilities"
+VALUES
+    (
+        'editor'::"MemberRole",
+        'community'::"MembershipType",
+        'addCommunityMember'::"Capabilities"
+    );
\ No newline at end of file