Skip to content

Commit

Permalink
fix: allow admin member of team plan using free plan account to use api
Browse files Browse the repository at this point in the history
  • Loading branch information
@shaunwarman
shaunwarman committed Nov 9, 2024
1 parent fbdab84 commit d9bfc57
Show file tree
Hide file tree
Showing 4 changed files with 19 additions and 9 deletions.
4 changes: 4 additions & 0 deletions app/controllers/api/v1/enforce-paid-plan.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,10 @@ async function enforcePaidPlan(ctx, next) {
if (!ctx.isAuthenticated())
return ctx.throw(Boom.unauthorized(ctx.translateError('LOGIN_REQUIRED')));

// if the user is a member of a team plan and in the admin group, continue
if (ctx.state.domain.group === 'admin' && ctx.state.domain.plan === 'team')
return next();

if (ctx.state.user.plan === 'free')
return ctx.throw(
Boom.paymentRequired(
Expand Down
6 changes: 5 additions & 1 deletion app/controllers/web/my-account/ensure-upgraded-plan.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,11 @@ function ensureUpgradedPlan(ctx, next) {
)
return next();

if (!ctx.state.domain && ctx.state.user.plan !== 'free') return next();
if (
(!ctx.state.domain && ctx.state.user.plan !== 'free') ||
ctx.state?.domain?.plan === 'team'
)
return next();

const redirectTo = ctx.state.domain
? ctx.state.l(
Expand Down
2 changes: 1 addition & 1 deletion app/controllers/web/my-account/retrieve-aliases.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -162,7 +162,7 @@ async function retrieveAliases(ctx, next) {
? // eslint-disable-next-line unicorn/no-array-callback-reference
Aliases.find(query)
.limit(ctx.query.limit)
.skip(ctx.paginate.skip)
.skip(ctx.paginate?.skip)
.sort(isSANB(ctx.query.sort) ? ctx.query.sort : 'created_at')
.populate(
'user',
Expand Down
16 changes: 9 additions & 7 deletions routes/api/v1/index.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -168,7 +168,6 @@ router
policies.ensureApiToken,
policies.checkVerifiedEmail,
web.myAccount.ensureNotBanned,
api.v1.enforcePaidPlan,
web.myAccount.ensurePaidToDate,
(ctx, next) => {
//
Expand Down Expand Up @@ -200,34 +199,37 @@ router
'/domains',
web.myAccount.validateDomain,
rateLimit(50, 'create domain'),
api.v1.enforcePaidPlan,
web.myAccount.createDomain,
api.v1.domains.retrieve
)
.get(
'/domains/:domain_id',
web.myAccount.retrieveDomain,
api.v1.enforcePaidPlan,
api.v1.domains.retrieve
)
.get(
'/domains/:domain_id/verify-records',
web.myAccount.retrieveDomain,
api.v1.enforcePaidPlan,
web.myAccount.verifyRecords
)
.put(
'/domains/:domain_id',
web.myAccount.retrieveDomain,
web.myAccount.ensureDomainAdmin,
api.v1.enforcePaidPlan,
web.myAccount.ensureUpgradedPlan,
web.myAccount.updateDomain,
web.myAccount.retrieveDomains,
api.v1.domains.retrieve
)
.delete(
'/domains/:domain_id',
web.myAccount.retrieveDomain,
web.myAccount.ensureDomainAdmin,
api.v1.enforcePaidPlan,
web.myAccount.removeDomain,
web.myAccount.retrieveDomains,
api.v1.domains.retrieve
)

Expand All @@ -238,10 +240,10 @@ router
web.myAccount.retrieveDomain,
web.myAccount.ensureDomainAdmin,
web.myAccount.ensureTeamPlan,
api.v1.enforcePaidPlan,
web.myAccount.ensureUpgradedPlan,
rateLimit(10, 'create invite'),
web.myAccount.createInvite,
web.myAccount.retrieveDomains,
web.myAccount.retrieveDomain,
api.v1.domains.retrieve
)
Expand All @@ -250,9 +252,9 @@ router
web.myAccount.retrieveDomain,
web.myAccount.ensureDomainAdmin,
web.myAccount.ensureTeamPlan,
api.v1.enforcePaidPlan,
web.myAccount.ensureUpgradedPlan,
web.myAccount.removeInvite,
web.myAccount.retrieveDomains,
web.myAccount.retrieveDomain,
api.v1.domains.retrieve
)
Expand All @@ -264,9 +266,9 @@ router
web.myAccount.ensureDomainAdmin,
web.myAccount.ensureTeamPlan,
web.myAccount.ensureUpgradedPlan,
api.v1.enforcePaidPlan,
web.myAccount.retrieveAliases,
web.myAccount.updateMember,
web.myAccount.retrieveDomains,
web.myAccount.retrieveDomain,
api.v1.domains.retrieve
)
Expand All @@ -276,9 +278,9 @@ router
web.myAccount.ensureDomainAdmin,
web.myAccount.ensureTeamPlan,
web.myAccount.ensureUpgradedPlan,
api.v1.enforcePaidPlan,
web.myAccount.retrieveAliases,
web.myAccount.removeMember,
web.myAccount.retrieveDomains,
web.myAccount.retrieveDomain,
api.v1.domains.retrieve
);
Expand Down

0 comments on commit d9bfc57

Please sign in to comment.