[WEB-3600] fix: private project join issue (#6799)

* fix: private project join issue * chore: return network value * fix: refactor * fix: refactor * fix: type * chore: added restricition for private projects * chore: removed extra validations * chore: added value to access enum --------- Co-authored-by: sangeethailango <sangeethailango21@gmail.com> Co-authored-by: NarayanBavisetti <narayan3119@gmail.com>
2025-03-25 20:17:16 +05:30 · 2025-03-25 20:17:16 +05:30 · 41447e566a
commit 41447e566a
parent cebd0b3599
6 changed files with 48 additions and 10 deletions
--- a/apiserver/plane/app/views/project/base.py
+++ b/apiserver/plane/app/views/project/base.py
@ -179,6 +179,7 @@ class ProjectViewSet(BaseViewSet):
            "inbox_view",
            "guest_view_all_features",
            "project_lead",
+            "network",
            "created_at",
            "updated_at",
            "created_by",
--- a/apiserver/plane/app/views/project/invite.py
+++ b/apiserver/plane/app/views/project/invite.py
@ -16,17 +16,17 @@ from rest_framework.permissions import AllowAny
 # Module imports
 from .base import BaseViewSet, BaseAPIView
 from plane.app.serializers import ProjectMemberInviteSerializer
-
 from plane.app.permissions import allow_permission, ROLE
-
 from plane.db.models import (
    ProjectMember,
    Workspace,
    ProjectMemberInvite,
    User,
    WorkspaceMember,
+    Project,
    IssueUserProperty,
 )
+from plane.db.models.project import ProjectNetwork


 class ProjectInvitationsViewset(BaseViewSet):
@ -128,6 +128,7 @@ class UserProjectInvitationsViewset(BaseViewSet):
            .select_related("workspace", "workspace__owner", "project")
        )

+    @allow_permission([ROLE.ADMIN, ROLE.MEMBER], level="WORKSPACE")
    def create(self, request, slug):
        project_ids = request.data.get("project_ids", [])

@ -136,11 +137,20 @@ class UserProjectInvitationsViewset(BaseViewSet):
            member=request.user, workspace__slug=slug, is_active=True
        )

-        if workspace_member.role not in [ROLE.ADMIN.value, ROLE.MEMBER.value]:
-            return Response(
-                {"error": "You do not have permission to join the project"},
-                status=status.HTTP_403_FORBIDDEN,
-            )
+        # Get all the projects
+        projects = Project.objects.filter(
+            id__in=project_ids, workspace__slug=slug
+        ).only("id", "network")
+        # Check if user has permission to join each project
+        for project in projects:
+            if (
+                project.network == ProjectNetwork.SECRET.value
+                and workspace_member.role != ROLE.ADMIN.value
+            ):
+                return Response(
+                    {"error": "Only workspace admins can join private project"},
+                    status=status.HTTP_403_FORBIDDEN,
+                )

        workspace_role = workspace_member.role
        workspace = workspace_member.workspace