From d7c5645948679cbc186cec9d7d63197b63cd2c66 Mon Sep 17 00:00:00 2001
From: Ketan Sharma <sharma01ketan@gmail.com>
Date: Thu, 24 Oct 2024 14:46:10 +0530
Subject: [PATCH] [WEB-2606] fix: project members shouldn't be able to change
 others roles (#5802)

* [WEB-2606] fix: project members should not be able to change other project member's roles

* add better logic
---
 web/core/components/project/settings/member-columns.tsx | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/web/core/components/project/settings/member-columns.tsx b/web/core/components/project/settings/member-columns.tsx
index 43f22c632..ce24098d5 100644
--- a/web/core/components/project/settings/member-columns.tsx
+++ b/web/core/components/project/settings/member-columns.tsx
@@ -100,7 +100,7 @@ export const AccountTypeColumn: React.FC<AccountTypeProps> = observer((props) =>
   } = useForm();
   // store hooks
   const {
-    project: { updateMember },
+    project: { updateMember, getProjectMemberDetails },
     workspace: { getWorkspaceMemberDetails },
   } = useMember();
   const { data: currentUser } = useUser();
@@ -111,7 +111,11 @@ export const AccountTypeColumn: React.FC<AccountTypeProps> = observer((props) =>
   const isWorkspaceMember = [EUserPermissions.MEMBER].includes(
     Number(getWorkspaceMemberDetails(rowData.member.id)?.role) ?? EUserPermissions.GUEST
   );
-  const isRoleNonEditable = isCurrentUser || (isProjectAdminOrGuest && !isWorkspaceMember);
+  const isCurrentUserProjectMember = currentUser
+    ? getProjectMemberDetails(currentUser.id)?.role === EUserPermissions.MEMBER
+    : false;
+  const isRoleNonEditable =
+    isCurrentUser || (isProjectAdminOrGuest && !isWorkspaceMember) || isCurrentUserProjectMember;
 
   const checkCurrentOptionWorkspaceRole = (value: string) => {
     const currentMemberWorkspaceRole = getWorkspaceMemberDetails(value)?.role as EUserPermissions | undefined;