From 1b2bf11d8752ce81a375817de2f941a448ebb09a Mon Sep 17 00:00:00 2001
From: Ben White <ben@posthog.com>
Date: Wed, 18 Dec 2024 17:01:36 +0100
Subject: [PATCH 1/2] Fix impersonation suggestion

---
 posthog/middleware.py | 11 ++++-------
 1 file changed, 4 insertions(+), 7 deletions(-)

diff --git a/posthog/middleware.py b/posthog/middleware.py
index af7b6768d9c54..3bba0124f8ecd 100644
--- a/posthog/middleware.py
+++ b/posthog/middleware.py
@@ -278,13 +278,10 @@ def can_switch_to_team(self, new_team: Team, request: HttpRequest):
 
         # :KLUDGE: This is more inefficient than needed, doing several expensive lookups
         #   However this should be a rare operation!
-        if not user_access_control.check_access_level_for_object(new_team, "member"):
-            # Do something to indicate that they don't have access to the team...
-            return False
-
-        # :KLUDGE: This is more inefficient than needed, doing several expensive lookups
-        #   However this should be a rare operation!
-        if user_permissions.team(new_team).effective_membership_level is None:
+        if (
+            not user_access_control.check_access_level_for_object(new_team, "member")
+            and user_permissions.team(new_team).effective_membership_level is None
+        ):
             if user.is_staff:
                 # Staff users get a popup with suggested users to log in as, facilating support
                 request.suggested_users_with_access = UserBasicSerializer(  # type: ignore

From 881a7bf7def67f65d91e583aa4ada08d0be1adee Mon Sep 17 00:00:00 2001
From: Ben White <ben@posthog.com>
Date: Thu, 19 Dec 2024 09:01:45 +0100
Subject: [PATCH 2/2] Fixes

---
 posthog/test/test_middleware.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/posthog/test/test_middleware.py b/posthog/test/test_middleware.py
index 2d987bc2795e1..a66d26b8332bf 100644
--- a/posthog/test/test_middleware.py
+++ b/posthog/test/test_middleware.py
@@ -164,7 +164,7 @@ def setUp(self):
     def test_project_switched_when_accessing_dashboard_of_another_accessible_team(self):
         dashboard = Dashboard.objects.create(team=self.second_team)
 
-        with self.assertNumQueries(self.base_app_num_queries + 7):  # AutoProjectMiddleware adds 4 queries
+        with self.assertNumQueries(self.base_app_num_queries + 6):  # AutoProjectMiddleware adds 4 queries
             response_app = self.client.get(f"/dashboard/{dashboard.id}")
         response_users_api = self.client.get(f"/api/users/@me/")
         response_users_api_data = response_users_api.json()
@@ -282,7 +282,7 @@ def test_project_switched_when_accessing_cohort_of_another_accessible_team(self)
     def test_project_switched_when_accessing_feature_flag_of_another_accessible_team(self):
         feature_flag = FeatureFlag.objects.create(team=self.second_team, created_by=self.user)
 
-        with self.assertNumQueries(self.base_app_num_queries + 7):
+        with self.assertNumQueries(self.base_app_num_queries + 6):
             response_app = self.client.get(f"/feature_flags/{feature_flag.id}")
         response_users_api = self.client.get(f"/api/users/@me/")
         response_users_api_data = response_users_api.json()