From cd27ee3c8fde6485bbaed82789a73af40a63fb4f Mon Sep 17 00:00:00 2001 From: Alexandre Bourdin Date: Fri, 27 Oct 2023 15:11:43 +0200 Subject: [PATCH] Merge pull request #15446 from overleaf/ab-tie-user-enrollment [web] Prevent a user from becoming managed by another group after linking group SSO GitOrigin-RevId: d8cb763a68ca38b4aaf1518a5f93ac5a61cec28c --- .../Subscription/TeamInvitesController.js | 16 +++++++++++----- 1 file changed, 11 insertions(+), 5 deletions(-) diff --git a/services/web/app/src/Features/Subscription/TeamInvitesController.js b/services/web/app/src/Features/Subscription/TeamInvitesController.js index bda8a8d1c9..ef1b7739f2 100644 --- a/services/web/app/src/Features/Subscription/TeamInvitesController.js +++ b/services/web/app/src/Features/Subscription/TeamInvitesController.js @@ -12,6 +12,7 @@ const HttpErrorHandler = require('../Errors/HttpErrorHandler') const PermissionsManager = require('../Authorization/PermissionsManager') const EmailHandler = require('../Email/EmailHandler') const { RateLimiter } = require('../../infrastructure/RateLimiter') +const Modules = require('../../infrastructure/Modules') const rateLimiters = { resendGroupInvite: new RateLimiter('resend-group-invite', { @@ -90,14 +91,19 @@ async function viewInvite(req, res, next) { const user = await UserGetter.promises.getUser(userId) - if ( - user.enrollment?.managedBy && - user.enrollment?.managedBy.toString() !== subscription._id.toString() - ) { + const isUserEnrolledInDifferentGroup = + ( + await Modules.promises.hooks.fire( + 'isUserEnrolledInDifferentGroup', + user.enrollment, + subscription._id + ) + )?.[0] === true + if (isUserEnrolledInDifferentGroup) { return HttpErrorHandler.forbidden( req, res, - 'User is already managed by a different subscription' + 'User is already enrolled in a different subscription' ) }