feat(team): Update logic for determine team role for nested teams

Previously assigning a role on a child team could downgrade a users access assigned on the parent team. Now we check all roles in the ancestor tree and take the highest role.
bluehalo · Aug 23, 2024 · e89a88b · e89a88b
1 parent 837565c
commit e89a88b
Showing 1 changed file with 19 additions and 14 deletions.
diff --git a/src/app/core/teams/teams.service.ts b/src/app/core/teams/teams.service.ts
@@ -194,24 +194,29 @@ class TeamsService {
 	}
 
 	/**
-	 * Gets the role of this user in this team.
+	 * Gets the role of this user in this team.  If the team is nested, it will check the user's
+	 * role on all ancestor teams and grant the highest assigned role.
 	 *
 	 * @returns Returns the role of the user in the team or null if user doesn't belong to team.
 	 */
-	getTeamRole(user: UserDocument, team: TeamDocument) {
-		const ndx = _.findIndex(user.teams, (t) => t._id.equals(team._id));
-
-		if (-1 !== ndx) {
-			return user.teams[ndx].role;
-		}
-
-		if (config.get<boolean>('teams.nestedTeams')) {
-			for (const ancestor of team.ancestors || []) {
-				const role = this.getTeamRole(user, new this.model({ _id: ancestor }));
-				if (role) {
-					return role;
-				}
+	getTeamRole(
+		user: UserDocument,
+		team: Pick<TeamDocument, '_id'> & Partial<Pick<TeamDocument, 'ancestors'>>
+	): string | null {
+		if (team.ancestors && config.get<boolean>('teams.nestedTeams')) {
+			const roles = [...team.ancestors, team._id]
+				.map((_id) => this.getTeamRole(user, { _id }))
+				.filter((role) => role);
+
+			if (roles.length > 0) {
+				return roles.reduce((prevHighestRole, role) => {
+					return TeamRolePriorities[role] > TeamRolePriorities[prevHighestRole]
+						? role
+						: prevHighestRole;
+				}, TeamRoles.Blocked);
 			}
+		} else {
+			return user.teams.find((t) => t._id.equals(team._id))?.role;
 		}
 		return null;
 	}