From c881829e04d9d67afb9a667d3d304fa5da9f8001 Mon Sep 17 00:00:00 2001
From: Jakob Ackermann <jakob.ackermann@overleaf.com>
Date: Thu, 31 Mar 2022 11:35:51 +0100
Subject: [PATCH] Merge pull request #6729 from
 overleaf/jpa-cleanup-staff-access

[web] admin privilege does not imply staffAccess

GitOrigin-RevId: 89760c7a9a8f0b0c82ebee40ca3236e9894ab9fa
---
 services/web/app/src/Features/Helpers/AuthorizationHelper.js  | 4 ----
 .../Features/UserMembership/UserMembershipAuthorization.js    | 4 ----
 .../web/test/unit/src/HelperFiles/AuthorizationHelperTests.js | 2 +-
 3 files changed, 1 insertion(+), 9 deletions(-)

diff --git a/services/web/app/src/Features/Helpers/AuthorizationHelper.js b/services/web/app/src/Features/Helpers/AuthorizationHelper.js
index 3eb8cd11fd..8369f2d321 100644
--- a/services/web/app/src/Features/Helpers/AuthorizationHelper.js
+++ b/services/web/app/src/Features/Helpers/AuthorizationHelper.js
@@ -1,14 +1,10 @@
 const { UserSchema } = require('../../models/User')
-const { hasAdminAccess } = require('./AdminAuthorizationHelper')
 
 module.exports = {
   hasAnyStaffAccess,
 }
 
 function hasAnyStaffAccess(user) {
-  if (hasAdminAccess(user)) {
-    return true
-  }
   if (!user.staffAccess) {
     return false
   }
diff --git a/services/web/app/src/Features/UserMembership/UserMembershipAuthorization.js b/services/web/app/src/Features/UserMembership/UserMembershipAuthorization.js
index a5c2f8fa48..e7cd9caccf 100644
--- a/services/web/app/src/Features/UserMembership/UserMembershipAuthorization.js
+++ b/services/web/app/src/Features/UserMembership/UserMembershipAuthorization.js
@@ -1,13 +1,9 @@
-const { hasAdminAccess } = require('../Helpers/AdminAuthorizationHelper')
 const UserMembershipAuthorization = {
   hasStaffAccess(requiredStaffAccess) {
     return req => {
       if (!req.user) {
         return false
       }
-      if (hasAdminAccess(req.user)) {
-        return true
-      }
       return (
         requiredStaffAccess &&
         req.user.staffAccess &&
diff --git a/services/web/test/unit/src/HelperFiles/AuthorizationHelperTests.js b/services/web/test/unit/src/HelperFiles/AuthorizationHelperTests.js
index ac0e84ee71..7a887e2beb 100644
--- a/services/web/test/unit/src/HelperFiles/AuthorizationHelperTests.js
+++ b/services/web/test/unit/src/HelperFiles/AuthorizationHelperTests.js
@@ -43,7 +43,7 @@ describe('AuthorizationHelper', function () {
     it('with admin user', function () {
       const user = { isAdmin: true }
       this.AdminAuthorizationHelper.hasAdminAccess.returns(true)
-      expect(this.AuthorizationHelper.hasAnyStaffAccess(user)).to.be.true
+      expect(this.AuthorizationHelper.hasAnyStaffAccess(user)).to.be.false
     })
 
     it('with staff user', function () {