From 6ef62820fa5c64d7aa199be0e5b0d03a5b9920bf Mon Sep 17 00:00:00 2001
From: Bavisetti Narayan <72156168+NarayanBavisetti@users.noreply.github.com>
Date: Fri, 22 Nov 2024 16:00:19 +0530
Subject: [PATCH] [WEB-2778] chore: private project join restriction (#6082)

* chore: private project join restriction

* chore: update project not found container layout

* chore: restrict other users to join private project

* chore: add check condition using enum

---------

Co-authored-by: Aaryan Khandelwal <aaryankhandu123@gmail.com>
---
 apiserver/plane/app/views/project/base.py        | 4 ++++
 apiserver/plane/app/views/project/invite.py      | 6 ++++++
 web/core/layouts/auth-layout/project-wrapper.tsx | 2 +-
 3 files changed, 11 insertions(+), 1 deletion(-)

diff --git a/apiserver/plane/app/views/project/base.py b/apiserver/plane/app/views/project/base.py
index 7b027df98..879d3ed3c 100644
--- a/apiserver/plane/app/views/project/base.py
+++ b/apiserver/plane/app/views/project/base.py
@@ -176,6 +176,10 @@ class ProjectViewSet(BaseViewSet):
     def retrieve(self, request, slug, pk):
         project = (
             self.get_queryset()
+            .filter(
+                project_projectmember__member=self.request.user,
+                project_projectmember__is_active=True,
+            )
             .filter(archived_at__isnull=True)
             .filter(pk=pk)
             .annotate(
diff --git a/apiserver/plane/app/views/project/invite.py b/apiserver/plane/app/views/project/invite.py
index af8c6084b..d36036b98 100644
--- a/apiserver/plane/app/views/project/invite.py
+++ b/apiserver/plane/app/views/project/invite.py
@@ -136,6 +136,12 @@ class UserProjectInvitationsViewset(BaseViewSet):
             member=request.user, workspace__slug=slug, is_active=True
         )
 
+        if workspace_member.role != ROLE.ADMIN:
+            return Response(
+                {"error": "You do not have permission to join the project"},
+                status=status.HTTP_403_FORBIDDEN,
+            )
+
         workspace_role = workspace_member.role
         workspace = workspace_member.workspace
 
diff --git a/web/core/layouts/auth-layout/project-wrapper.tsx b/web/core/layouts/auth-layout/project-wrapper.tsx
index c5a812569..34df02e06 100644
--- a/web/core/layouts/auth-layout/project-wrapper.tsx
+++ b/web/core/layouts/auth-layout/project-wrapper.tsx
@@ -162,7 +162,7 @@ export const ProjectAuthWrapper: FC<IProjectAuthWrapper> = observer((props) => {
   // check if the project info is not found.
   if (!loader && !projectExists && projectId && !!hasPermissionToCurrentProject === false)
     return (
-      <div className="container grid h-screen place-items-center bg-custom-background-100">
+      <div className="grid h-screen place-items-center bg-custom-background-100">
         <EmptyState
           title="No such project exists"
           description="Try creating a new project"