🐛 Fix allow change team image for editor role users

backend/src/app/rpc/commands/teams.clj

@@ -62,12 +62,18 @@
         :can-edit (or is-owner is-admin can-edit)
         :can-read true})))
 
+(def has-admin-permissions?
+  (perms/make-admin-predicate-fn get-permissions))
+
 (def has-edit-permissions?
   (perms/make-edition-predicate-fn get-permissions))
 
 (def has-read-permissions?
   (perms/make-read-predicate-fn get-permissions))
 
+(def check-admin-permissions!
+  (perms/make-check-fn has-admin-permissions?))
+
 (def check-edition-permissions!
   (perms/make-check-fn has-edit-permissions?))
 
@@ -593,18 +599,19 @@
                   (retrieve-team pool profile-id team-id))
           photo (profile/upload-photo cfg params)]
 
-    ;; Mark object as touched for make it ellegible for tentative
-    ;; garbage collection.
-    (when-let [id (:photo-id team)]
-      (sto/touch-object! storage id))
+    (db/with-atomic [conn pool]
+      (check-admin-permissions! conn profile-id team-id)
+      ;; Mark object as touched for make it ellegible for tentative
+      ;; garbage collection.
+      (when-let [id (:photo-id team)]
+        (sto/touch-object! storage id))
 
-    ;; Save new photo
-    (db/update! pool :team
-                {:photo-id (:id photo)}
-                {:id team-id})
-
-    (assoc team :photo-id (:id photo))))
+      ;; Save new photo
+      (db/update! pool :team
+        {:photo-id (:id photo)}
+        {:id team-id})
 
+      (assoc team :photo-id (:id photo)))))
 
 ;; --- Mutation: Create Team Invitation
 

backend/src/app/rpc/permissions.clj

@@ -37,6 +37,14 @@
            :is-admin false
            :can-edit false)))
 
+(defn make-admin-predicate-fn
+  "A simple factory for admin permission predicate functions."
+  [qfn]
+  (us/assert fn? qfn)
+  (fn check
+    ([perms] (:is-admin perms))
+    ([conn & args] (check (apply qfn conn args)))))
+
 (defn make-edition-predicate-fn
   "A simple factory for edition permission predicate functions."
   [qfn]