Hide members of confidential projects

Only the following people can see the list of members if a project is confidential: the manager(s) of the project, site admins, and the org admin(s) of the org(s) the project belongs to, if any. Everyone else, including people who are themselves members of the project, cannot see its membership.
sillsdev · Aug 23, 2024 · d555fa6 · d555fa6
1 parent 578963e
commit d555fa6
Show file tree

Hide file tree

Showing 3 changed files with 14 additions and 2 deletions.
diff --git a/backend/LexBoxApi/Auth/Requirements/AccessProjectUsersRequirementHandler.cs b/backend/LexBoxApi/Auth/Requirements/AccessProjectUsersRequirementHandler.cs
@@ -20,10 +20,11 @@ protected override async Task HandleRequirementAsync(AuthorizationHandlerContext
         {
             projectId = middlewareContext.Parent<Project>().Id;
         }
-        if (projectId != Guid.Empty && await permissions.CanSyncProjectAsync(projectId))
+        if (projectId != Guid.Empty && await permissions.CanViewProjectMembers(projectId))
         {
             context.Succeed(requirement);
-        } else
+        }
+        else
         {
             if (projectId == Guid.Empty)
             {

diff --git a/backend/LexBoxApi/Services/PermissionService.cs b/backend/LexBoxApi/Services/PermissionService.cs
@@ -94,6 +94,16 @@ public async ValueTask AssertCanViewProject(string projectCode)
         if (!await CanViewProject(projectCode)) throw new UnauthorizedAccessException();
     }
 
+    public async ValueTask<bool> CanViewProjectMembers(Guid projectId)
+    {
+        if (User is not null && User.Role == UserRole.admin) return true;
+        // Project managers can view members of their own projects, even confidential ones
+        if (await CanManageProject(projectId)) return true;
+        var isConfidential = await projectService.LookupProjectConfidentiality(projectId);
+        if (isConfidential is null) return false; // Private by default
+        return isConfidential == false; // Explicitly set to public
+    }
+
     public async ValueTask<bool> CanManageProject(Guid projectId)
     {
         if (User is null) return false;

diff --git a/backend/LexCore/ServiceInterfaces/IPermissionService.cs b/backend/LexCore/ServiceInterfaces/IPermissionService.cs
@@ -20,6 +20,7 @@ public interface IPermissionService
     ValueTask AssertCanViewProject(Guid projectId);
     ValueTask<bool> CanViewProject(string projectCode);
     ValueTask AssertCanViewProject(string projectCode);
+    ValueTask<bool> CanViewProjectMembers(Guid projectId);
     ValueTask<bool> CanManageProject(Guid projectId);
     ValueTask<bool> CanManageProject(string projectCode);
     ValueTask AssertCanManageProject(Guid projectId);