Merge pull request #6729 from overleaf/jpa-cleanup-staff-access

[web] admin privilege does not imply staffAccess

GitOrigin-RevId: 89760c7a9a8f0b0c82ebee40ca3236e9894ab9fa

services/web/app/src/Features/Helpers/AuthorizationHelper.js

@@ -1,14 +1,10 @@
 const { UserSchema } = require('../../models/User')
-const { hasAdminAccess } = require('./AdminAuthorizationHelper')
 
 module.exports = {
   hasAnyStaffAccess,
 }
 
 function hasAnyStaffAccess(user) {
-  if (hasAdminAccess(user)) {
-    return true
-  }
   if (!user.staffAccess) {
     return false
   }

services/web/app/src/Features/UserMembership/UserMembershipAuthorization.js

@@ -1,13 +1,9 @@
-const { hasAdminAccess } = require('../Helpers/AdminAuthorizationHelper')
 const UserMembershipAuthorization = {
   hasStaffAccess(requiredStaffAccess) {
     return req => {
       if (!req.user) {
         return false
       }
-      if (hasAdminAccess(req.user)) {
-        return true
-      }
       return (
         requiredStaffAccess &&
         req.user.staffAccess &&

services/web/test/unit/src/HelperFiles/AuthorizationHelperTests.js

@@ -43,7 +43,7 @@ describe('AuthorizationHelper', function () {
     it('with admin user', function () {
       const user = { isAdmin: true }
       this.AdminAuthorizationHelper.hasAdminAccess.returns(true)
-      expect(this.AuthorizationHelper.hasAnyStaffAccess(user)).to.be.true
+      expect(this.AuthorizationHelper.hasAnyStaffAccess(user)).to.be.false
     })
 
     it('with staff user', function () {