From 6c6a920bcf162a4fe3c3db3f0c4ee6bcc511669c Mon Sep 17 00:00:00 2001
From: Taha Yassine Kraiem <tahayk2@gmail.com>
Date: Fri, 14 Jan 2022 11:36:35 +0100
Subject: [PATCH] feat(api): EE create project restriction

---
 ee/api/chalicelib/core/projects.py | 2 ++
 ee/api/chalicelib/core/users.py    | 1 +
 2 files changed, 3 insertions(+)

diff --git a/ee/api/chalicelib/core/projects.py b/ee/api/chalicelib/core/projects.py
index 4fce9d9e6..2728e5077 100644
--- a/ee/api/chalicelib/core/projects.py
+++ b/ee/api/chalicelib/core/projects.py
@@ -169,6 +169,8 @@ def create(tenant_id, user_id, data: schemas.CreateProjectSchema, skip_authoriza
         admin = users.get(user_id=user_id, tenant_id=tenant_id)
         if not admin["admin"] and not admin["superAdmin"]:
             return {"errors": ["unauthorized"]}
+        if admin["roleId"] is not None and not admin["allProjects"]:
+            return {"errors": ["unauthorized: you need allProjects permission to create a new project"]}
     return {"data": __create(tenant_id=tenant_id, name=data.name)}
 
 
diff --git a/ee/api/chalicelib/core/users.py b/ee/api/chalicelib/core/users.py
index b1945ac8d..8f1ef7955 100644
--- a/ee/api/chalicelib/core/users.py
+++ b/ee/api/chalicelib/core/users.py
@@ -274,6 +274,7 @@ def get(user_id, tenant_id):
                         role_id,
                         roles.name AS role_name,
                         roles.permissions,
+                        roles.all_projects,
                         basic_authentication.password IS NOT NULL AS has_password
                     FROM public.users LEFT JOIN public.basic_authentication ON users.user_id=basic_authentication.user_id
                         LEFT JOIN public.roles USING (role_id)