From 049f8af6806205c51342053c60024e444599b1fe Mon Sep 17 00:00:00 2001
From: Alf Eaton <alf.eaton@overleaf.com>
Date: Wed, 7 Aug 2024 08:57:37 +0100
Subject: [PATCH] Merge pull request #19684 from overleaf/ae-members-list

Allow all collaborators to access the project `members` endpoint

GitOrigin-RevId: 2e5911146c61f368f85e6b57a9c5f12a35e7b294
---
 .../web/app/src/Features/Collaborators/CollaboratorsRouter.js  | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/services/web/app/src/Features/Collaborators/CollaboratorsRouter.js b/services/web/app/src/Features/Collaborators/CollaboratorsRouter.js
index e639580aca..da0b9677b3 100644
--- a/services/web/app/src/Features/Collaborators/CollaboratorsRouter.js
+++ b/services/web/app/src/Features/Collaborators/CollaboratorsRouter.js
@@ -68,7 +68,8 @@ module.exports = {
     webRouter.get(
       '/project/:Project_id/members',
       AuthenticationController.requireLogin(),
-      AuthorizationMiddleware.ensureUserCanAdminProject,
+      AuthorizationMiddleware.blockRestrictedUserFromProject,
+      AuthorizationMiddleware.ensureUserCanReadProject,
       CollaboratorsController.getAllMembers
     )