🐛 Set proper permission check on retrieving team users.

2025-05-19 22:06:10 +02:00 · 2021-01-19 12:53:31 +01:00 · 2021-01-19 12:53:31 +01:00 · 15edabc977
commit 15edabc977
parent 4fbd2e6caa
2 changed files with 3 additions and 4 deletions
--- a/backend/src/app/rpc/queries/teams.clj
+++ b/backend/src/app/rpc/queries/teams.clj
@ -147,10 +147,10 @@
  (with-open [conn (db/open pool)]
    (if team-id
      (do
-        (check-edition-permissions! conn profile-id team-id)
+        (check-read-permissions! conn profile-id team-id)
        (retrieve-users conn team-id))
      (let [{team-id :id} (retrieve-team-for-file conn file-id)]
-        (check-edition-permissions! conn profile-id team-id)
+        (check-read-permissions! conn profile-id team-id)
        (retrieve-users conn team-id)))))

 ;; This is a similar query to team members but can contain more data