From 793c39d93df260a3487f15f0dcb05d4c75ba1c84 Mon Sep 17 00:00:00 2001
From: sharma01ketan <sharma01ketan@gmail.com>
Date: Wed, 9 Oct 2024 14:48:08 +0530
Subject: [PATCH 1/2] [WEB-2606] fix: project members should not be able to
 change other project member's roles

---
 web/core/components/project/settings/member-columns.tsx | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/web/core/components/project/settings/member-columns.tsx b/web/core/components/project/settings/member-columns.tsx
index b5b48d63151..1a3c9a1406e 100644
--- a/web/core/components/project/settings/member-columns.tsx
+++ b/web/core/components/project/settings/member-columns.tsx
@@ -90,7 +90,7 @@ export const AccountTypeColumn: React.FC<AccountTypeProps> = observer((props) =>
   } = useForm();
   // store hooks
   const {
-    project: { updateMember },
+    project: { updateMember, getProjectMemberDetails },
     workspace: { getWorkspaceMemberDetails },
   } = useMember();
   const { data: currentUser } = useUser();
@@ -101,7 +101,9 @@ export const AccountTypeColumn: React.FC<AccountTypeProps> = observer((props) =>
   const isWorkspaceMember = [EUserPermissions.MEMBER].includes(
     Number(getWorkspaceMemberDetails(rowData.member.id)?.role) ?? EUserPermissions.GUEST
   );
-  const isRoleNonEditable = isCurrentUser || (isProjectAdminOrGuest && !isWorkspaceMember);
+  const isCurrentUserProjectMember = getProjectMemberDetails(currentUser?.id ?? "")?.role == EUserPermissions.MEMBER;
+  const isRoleNonEditable =
+    isCurrentUser || (isProjectAdminOrGuest && !isWorkspaceMember) || isCurrentUserProjectMember;
 
   const checkCurrentOptionWorkspaceRole = (value: string) => {
     const currentMemberWorkspaceRole = getWorkspaceMemberDetails(value)?.role as EUserPermissions | undefined;

From 996e5e80622e666117954d79e14dd7f5e9a0688e Mon Sep 17 00:00:00 2001
From: sharma01ketan <sharma01ketan@gmail.com>
Date: Fri, 11 Oct 2024 17:52:17 +0530
Subject: [PATCH 2/2] add better logic

---
 web/core/components/project/settings/member-columns.tsx | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/web/core/components/project/settings/member-columns.tsx b/web/core/components/project/settings/member-columns.tsx
index 1a3c9a1406e..eaa43dd7d18 100644
--- a/web/core/components/project/settings/member-columns.tsx
+++ b/web/core/components/project/settings/member-columns.tsx
@@ -101,7 +101,9 @@ export const AccountTypeColumn: React.FC<AccountTypeProps> = observer((props) =>
   const isWorkspaceMember = [EUserPermissions.MEMBER].includes(
     Number(getWorkspaceMemberDetails(rowData.member.id)?.role) ?? EUserPermissions.GUEST
   );
-  const isCurrentUserProjectMember = getProjectMemberDetails(currentUser?.id ?? "")?.role == EUserPermissions.MEMBER;
+  const isCurrentUserProjectMember = currentUser
+    ? getProjectMemberDetails(currentUser.id)?.role === EUserPermissions.MEMBER
+    : false;
   const isRoleNonEditable =
     isCurrentUser || (isProjectAdminOrGuest && !isWorkspaceMember) || isCurrentUserProjectMember;