From 15edabc9772160d3fafe7485663999a58b169e3b Mon Sep 17 00:00:00 2001
From: Andrey Antukh <niwi@niwi.nz>
Date: Tue, 19 Jan 2021 12:53:31 +0100
Subject: [PATCH] :bug: Set proper permission check on retrieving team users.

---
 backend/src/app/rpc/queries/teams.clj | 4 ++--
 frontend/src/app/main/ui.cljs         | 3 +--
 2 files changed, 3 insertions(+), 4 deletions(-)

diff --git a/backend/src/app/rpc/queries/teams.clj b/backend/src/app/rpc/queries/teams.clj
index 24f546bc2a..b1a931199b 100644
--- a/backend/src/app/rpc/queries/teams.clj
+++ b/backend/src/app/rpc/queries/teams.clj
@@ -147,10 +147,10 @@
   (with-open [conn (db/open pool)]
     (if team-id
       (do
-        (check-edition-permissions! conn profile-id team-id)
+        (check-read-permissions! conn profile-id team-id)
         (retrieve-users conn team-id))
       (let [{team-id :id} (retrieve-team-for-file conn file-id)]
-        (check-edition-permissions! conn profile-id team-id)
+        (check-read-permissions! conn profile-id team-id)
         (retrieve-users conn team-id)))))
 
 ;; This is a similar query to team members but can contain more data
diff --git a/frontend/src/app/main/ui.cljs b/frontend/src/app/main/ui.cljs
index 8da427f805..301e6b5fd7 100644
--- a/frontend/src/app/main/ui.cljs
+++ b/frontend/src/app/main/ui.cljs
@@ -239,10 +239,9 @@
 
 (defmethod ptk/handle-error :authorization
   [error]
-  (st/emit! (rt/nav :login))
   (ts/schedule
    (st/emitf (dm/show {:content "Not authorized to see this content."
-                       :timeout 3000
+                       :timeout 2000
                        :type :error}))))
 
 (defmethod ptk/handle-error :assertion