Merge pull request #1560 from Northeastern-Electric-Racing/1517-leads-of-teams-should-be-able-to-add-members

RChandler234 · web-flow · commit 2599ad62e04d · 2023-12-18T20:54:10.000-05:00
#1517 updated teamsRouter to check if user is lead of team before edi…
diff --git a/src/backend/src/services/teams.services.ts b/src/backend/src/services/teams.services.ts
@@ -47,7 +47,7 @@ export default class TeamsService {
    * @param teamId a id of team to be updated
    * @param userIds a array of user Ids that replaces team's old members
    * @returns a updated team
-   * @throws if the team is not found, the submitter has no priviledge, or any user from the given userIds does not exist
+   * @throws if the team is not found, the submitter has no privilege, or any user from the given userIds does not exist
    */
   static async setTeamMembers(submitter: User, teamId: string, userIds: number[]): Promise<Team> {
     // find and verify the given teamId exist
@@ -56,9 +56,14 @@ export default class TeamsService {
       ...teamQueryArgs
     });
 
-    if (!team) throw new NotFoundException('Team', teamId);
-    if (!isAdmin(submitter.role) && submitter.userId !== team.headId)
-      throw new AccessDeniedException('you must be an admin or the team head to update the members!');
+    if (!team) {
+      throw new NotFoundException('Team', teamId);
+    }
+
+    const isTeamLead = team.leads.some((lead) => lead.userId === submitter.userId);
+
+    if (!isAdmin(submitter.role) && submitter.userId !== team.headId && !isTeamLead)
+      throw new AccessDeniedException('you must be an admin, the team head, or a team lead to update the members!');
 
     // this throws if any of the users aren't found
     const users = await getUsers(userIds);
diff --git a/src/frontend/src/pages/TeamsPage/TeamMembersPageBlock.tsx b/src/frontend/src/pages/TeamsPage/TeamMembersPageBlock.tsx
@@ -43,6 +43,7 @@ const TeamMembersPageBlock: React.FC<TeamMembersPageBlockProps> = ({ team }) =>
     return <LoadingIndicator />;
 
   const hasPerms = isAdmin(user.role) || user.userId === team.head.userId;
+  const editMembersPerms = hasPerms || team.leads.map((lead) => lead.userId).includes(user.userId);
 
   const memberOptions = users
     .filter((user) => user.userId !== team.head.userId && !team.leads.map((lead) => lead.userId).includes(user.userId))
@@ -205,7 +206,7 @@ const TeamMembersPageBlock: React.FC<TeamMembersPageBlockProps> = ({ team }) =>
         <DetailDisplay label="Members" content={team.members.map((member) => fullNamePipe(member)).join(', ')} />
       </Grid>
       <Grid item xs={1} mt={-1} display={'flex'} justifyContent={'flex-end'}>
-        {hasPerms && <IconButton children={<Edit />} onClick={() => setIsEditingMembers(true)} />}
+        {editMembersPerms && <IconButton children={<Edit />} onClick={() => setIsEditingMembers(true)} />}
       </Grid>
     </Grid>
   );
