From 9ce469143f3bcb01aedad012f5159b813a09410d Mon Sep 17 00:00:00 2001
From: Ben White <ben@posthog.com>
Date: Mon, 18 Mar 2024 18:06:06 +0100
Subject: [PATCH] Fixes

---
 ee/api/rbac/access_control.py                 | 15 +---------
 ee/api/rbac/test/test_access_control.py       | 28 +++++++++++++++++--
 .../components/PayGateMini/PayGateMini.tsx    |  8 ++----
 3 files changed, 29 insertions(+), 22 deletions(-)

diff --git a/ee/api/rbac/access_control.py b/ee/api/rbac/access_control.py
index ab22fa6ed34c0..917172a024302 100644
--- a/ee/api/rbac/access_control.py
+++ b/ee/api/rbac/access_control.py
@@ -50,20 +50,7 @@ def validate(self, data):
         if resource == "project" and resource_id:
             # Special check for modifying a specific project's access
             if not access_control.check_access_level_for_object("project", data["resource_id"], "admin"):
-                raise exceptions.PermissionDenied("You do not have the required access to this project.")
-
-        # team: Team = self.context["get_team"]()
-        # if not team.access_control:
-        #     raise exceptions.ValidationError(
-        #         "Explicit members can only be accessed for projects with project-based permissioning enabled."
-        #     )
-        # requesting_user: User = self.context["request"].user
-        # membership_being_accessed = cast(Optional[ExplicitTeamMembership], self.instance)
-        # try:
-        #     requesting_level = self.user_permissions.team(team).effective_membership_level
-        # except OrganizationMembership.DoesNotExist:
-        #     # Requesting user does not belong to the project's organization, so we spoof a 404 for enhanced security
-        #     raise exceptions.NotFound("Project not found.")
+                raise exceptions.PermissionDenied("You must be an admin to modify project permissions.")
 
         # new_level = attrs.get("level")
 
diff --git a/ee/api/rbac/test/test_access_control.py b/ee/api/rbac/test/test_access_control.py
index c942cc903b702..47289c4f5b443 100644
--- a/ee/api/rbac/test/test_access_control.py
+++ b/ee/api/rbac/test/test_access_control.py
@@ -58,7 +58,31 @@ def test_project_change_accepted_if_org_admin(self):
     def test_project_change_if_in_access_control(self):
         self._org_membership(OrganizationMembership.Level.ADMIN)
         # Add ourselves to access
-        res = self._put_access_control({"team": self.team.id})
+        res = self._put_access_control(
+            {"organization_member": str(self.organization_membership.id), "access_level": "admin"}
+        )
         assert res.status_code == status.HTTP_200_OK, res.json()
 
-        # TODO
+        self._org_membership(OrganizationMembership.Level.MEMBER)
+
+        # Now change ourselves to a member
+        res = self._put_access_control(
+            {"organization_member": str(self.organization_membership.id), "access_level": "member"}
+        )
+        assert res.status_code == status.HTTP_200_OK, res.json()
+        assert res.json()["access_level"] == "member"
+
+        # Now try and change our own membership and fail!
+        res = self._put_access_control(
+            {"organization_member": str(self.organization_membership.id), "access_level": "admin"}
+        )
+        assert res.status_code == status.HTTP_403_FORBIDDEN
+        assert res.json()["detail"] == "You must be an admin to modify project permissions."
+
+    def test_project_change_rejected_if_not_in_organization(self):
+        self.organization_membership.delete()
+        # Add ourselves to access
+        res = self._put_access_control(
+            {"organization_member": str(self.organization_membership.id), "access_level": "admin"}
+        )
+        assert res.status_code == status.HTTP_404_NOT_FOUND, res.json()
diff --git a/frontend/src/lib/components/PayGateMini/PayGateMini.tsx b/frontend/src/lib/components/PayGateMini/PayGateMini.tsx
index 5ea5ec55e8d0a..bbd0778243bca 100644
--- a/frontend/src/lib/components/PayGateMini/PayGateMini.tsx
+++ b/frontend/src/lib/components/PayGateMini/PayGateMini.tsx
@@ -22,7 +22,6 @@ export interface PayGateMiniProps {
     currentUsage?: number
     children: React.ReactNode
     overrideShouldShowGate?: boolean
-    className?: string
     background?: boolean
     isGrandfathered?: boolean
 }
@@ -35,7 +34,6 @@ export interface PayGateMiniProps {
 export function PayGateMini({
     feature,
     currentUsage,
-    className,
     children,
     overrideShouldShowGate,
     background = true,
@@ -71,7 +69,6 @@ export function PayGateMini({
         gateVariant && productWithFeature && featureInfo && !overrideShouldShowGate ? (
             <div
                 className={clsx(
-                    className,
                     background && 'bg-side border border-border',
                     'PayGateMini rounded flex flex-col items-center p-4 text-center'
                 )}
@@ -137,12 +134,11 @@ export function PayGateMini({
                 <PayGateMiniButton product={productWithFeature} featureInfo={featureInfo} gateVariant={gateVariant} />
             </div>
         ) : (
-            <div className={className}>{children}</div>
+            <>{children}</>
         )
     ) : gateVariant && productWithFeature && featureInfo && !overrideShouldShowGate ? (
         <div
             className={clsx(
-                className,
                 background && 'bg-side border border-border',
                 'PayGateMini rounded flex flex-col items-center p-4 text-center'
             )}
@@ -234,6 +230,6 @@ export function PayGateMini({
             </LemonButton>
         </div>
     ) : (
-        <div className={className}>{children}</div>
+        <>{children}</>
     )
 }