Org fixes (#850)

* Org fixes

* payouts bug

* Update dockerfile fix test

* Update to bookworm

* clippy

src/models/v3/teams.rs

@@ -10,7 +10,6 @@ use serde::{Deserialize, Serialize};
 #[serde(into = "Base62Id")]
 pub struct TeamId(pub u64);
 
-pub const OWNER_ROLE: &str = "Owner";
 pub const DEFAULT_ROLE: &str = "Member";
 
 /// A team of users who control a project

src/queue/payouts.rs

@@ -675,6 +675,13 @@ pub async fn process_payout(
             all_team_members.push((user_id, payouts_split));
         }
 
+        // if all team members are set to zero, we treat as an equal revenue distribution
+        if all_team_members.iter().all(|x| x.1 == Decimal::ZERO) {
+            all_team_members
+                .iter_mut()
+                .for_each(|x| x.1 = Decimal::from(1));
+        }
+
         projects_map.insert(
             project_id,
             Project {

src/routes/v3/organizations.rs

@@ -145,7 +145,7 @@ pub async fn organization_create(
     let team = team_item::TeamBuilder {
         members: vec![team_item::TeamMemberBuilder {
             user_id: current_user.id.into(),
-            role: crate::models::teams::OWNER_ROLE.to_owned(),
+            role: crate::models::teams::DEFAULT_ROLE.to_owned(),
             is_owner: true,
             permissions: ProjectPermissions::all(),
             organization_permissions: Some(OrganizationPermissions::all()),

src/routes/v3/project_creation.rs

@@ -617,7 +617,7 @@ async fn project_create_inner(
         if project_create_data.organization_id.is_none() {
             members.push(models::team_item::TeamMemberBuilder {
                 user_id: current_user.id.into(),
-                role: crate::models::teams::OWNER_ROLE.to_owned(),
+                role: crate::models::teams::DEFAULT_ROLE.to_owned(),
                 is_owner: true,
                 permissions: ProjectPermissions::all(),
                 organization_permissions: None,

src/routes/v3/teams.rs

@@ -504,9 +504,11 @@ pub async fn add_team_member(
             .as_ref()
             .map(|tm| tm.is_owner)
             .unwrap_or(false)
+            && new_member.permissions != ProjectPermissions::all()
         {
             return Err(ApiError::InvalidInput(
-                "You cannot add the owner of an organization to a project team owned by that organization".to_string(),
+                "You cannot override the owner of an organization's permissions in a project team"
+                    .to_string(),
             ));
         }
 
@@ -634,6 +636,22 @@ pub async fn edit_team_member(
             } else {
                 None
             };
+
+            if organization_team_member
+                .as_ref()
+                .map(|x| x.is_owner)
+                .unwrap_or(false)
+                && edit_member
+                    .permissions
+                    .map(|x| x != ProjectPermissions::all())
+                    .unwrap_or(false)
+            {
+                return Err(ApiError::CustomAuthentication(
+                    "You cannot override the project permissions of the organization owner!"
+                        .to_string(),
+                ));
+            }
+
             let permissions = ProjectPermissions::get_permissions_by_role(
                 &current_user.role,
                 &member.clone(),

src/routes/v3/threads.rs

@@ -71,7 +71,20 @@ pub async fn is_authorized_thread(
                     .await?
                     .exists;
 
-                project_exists.unwrap_or(false)
+                if !project_exists.unwrap_or(false) {
+                    let org_exists = sqlx::query!(
+                        "SELECT EXISTS(SELECT 1 FROM mods m INNER JOIN organizations o ON m.organization_id = o.id INNER JOIN team_members tm ON tm.team_id = o.team_id AND tm.user_id = $2 WHERE m.id = $1)",
+                        project_id as database::models::ids::ProjectId,
+                        user_id as database::models::ids::UserId,
+                    )
+                        .fetch_one(pool)
+                        .await?
+                        .exists;
+
+                    org_exists.unwrap_or(false)
+                } else {
+                    true
+                }
             } else {
                 false
             }
@@ -137,6 +150,42 @@ pub async fn filter_authorized_threads(
             .await?;
         }
 
+        let org_project_thread_ids = check_threads
+            .iter()
+            .filter(|x| x.type_ == ThreadType::Project)
+            .flat_map(|x| x.project_id.map(|x| x.0))
+            .collect::<Vec<_>>();
+
+        if !org_project_thread_ids.is_empty() {
+            sqlx::query!(
+                "
+                SELECT m.id FROM mods m
+                INNER JOIN organizations o ON o.id = m.organization_id
+                INNER JOIN team_members tm ON tm.team_id = o.team_id AND user_id = $2
+                WHERE m.id = ANY($1)
+                ",
+                &*project_thread_ids,
+                user_id as database::models::ids::UserId,
+            )
+            .fetch_many(&***pool)
+            .try_for_each(|e| {
+                if let Some(row) = e.right() {
+                    check_threads.retain(|x| {
+                        let bool = x.project_id.map(|x| x.0) == Some(row.id);
+
+                        if bool {
+                            return_threads.push(x.clone());
+                        }
+
+                        !bool
+                    });
+                }
+
+                futures::future::ready(Ok(()))
+            })
+            .await?;
+        }
+
         let report_thread_ids = check_threads
             .iter()
             .filter(|x| x.type_ == ThreadType::Report)

src/search/indexing/mod.rs

@@ -302,7 +302,7 @@ async fn update_and_add_to_index(
     // Check if any 'additional_fields' are not already in the index
     // Only add if they are not already in the index
     let new_fields = additional_fields
-        .into_iter()
+        .iter()
         .filter(|x| !new_filterable_attributes.contains(x))
         .collect::<Vec<_>>();
     if !new_fields.is_empty() {