Archives/gristlabs_grist-core
1
0
Fork 0
mirror of https://github.com/gristlabs/grist-core.git synced 2026-03-02 04:09:24 +00:00
Code Issues Projects Releases Wiki Activity

(core) Allowing installation admins to manage billing.

Browse Source 
Summary:
Permissions for admin billing endpoints were changed

- Support user can't use admin subscription endpoints
- Installation admin (as support user) can see billing details on any site
- Installation admin (unlike support user) can replace subscription (or attach payment) on any site, regardless permissions

Installation admin is any user that belongs to a special `admin` org. If `admin` org is not defined, it defaults to
support user. In that case, with this diff, the support user receives admin's permissions, and now can replace subscription on
any site (without being billing manager).

Test Plan: Added new test

Reviewers: dsagal, paulfitz

Reviewed By: dsagal, paulfitz

Subscribers: dsagal

Differential Revision: https://phab.getgrist.com/D4338
This commit is contained in:
Jarosław Sadziński
2024-09-11 22:25:32 +02:00
parent 1d2cf3de49
commit 14718120bd
5 changed files with 31 additions and 18 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
app/server/lib/InstallAdmin.ts
View File

@@ -18,7 +18,7 @@ export abstract class InstallAdmin {
// the Grist installation. This should not fail, only return true or false.
public async isAdminReq(req: express.Request): Promise<boolean> {
const user = (req as RequestWithLogin).user;
return user ? this.isAdminUser(user) : false;
return user ? (await this.isAdminUser(user)) : false;
}
// Returns middleware that fails unless the request includes an authenticated user and this user