From 53183e008b8a4fcd2d03e5df7a67ba122bc0d274 Mon Sep 17 00:00:00 2001
From: NarayanBavisetti <narayan3119@gmail.com>
Date: Thu, 21 Nov 2024 19:41:48 +0530
Subject: [PATCH 1/4] chore: private project join restriction

---
 apiserver/plane/app/views/project/base.py | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/apiserver/plane/app/views/project/base.py b/apiserver/plane/app/views/project/base.py
index 7b027df9886..879d3ed3c9e 100644
--- a/apiserver/plane/app/views/project/base.py
+++ b/apiserver/plane/app/views/project/base.py
@@ -176,6 +176,10 @@ def list(self, request, slug):
     def retrieve(self, request, slug, pk):
         project = (
             self.get_queryset()
+            .filter(
+                project_projectmember__member=self.request.user,
+                project_projectmember__is_active=True,
+            )
             .filter(archived_at__isnull=True)
             .filter(pk=pk)
             .annotate(

From 64f22d5c4099ecce206e995ef44b42ea87d3acd9 Mon Sep 17 00:00:00 2001
From: Aaryan Khandelwal <aaryankhandu123@gmail.com>
Date: Thu, 21 Nov 2024 19:43:07 +0530
Subject: [PATCH 2/4] chore: update project not found container layout

---
 web/core/layouts/auth-layout/project-wrapper.tsx | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/web/core/layouts/auth-layout/project-wrapper.tsx b/web/core/layouts/auth-layout/project-wrapper.tsx
index c5a812569b7..34df02e06b8 100644
--- a/web/core/layouts/auth-layout/project-wrapper.tsx
+++ b/web/core/layouts/auth-layout/project-wrapper.tsx
@@ -162,7 +162,7 @@ export const ProjectAuthWrapper: FC<IProjectAuthWrapper> = observer((props) => {
   // check if the project info is not found.
   if (!loader && !projectExists && projectId && !!hasPermissionToCurrentProject === false)
     return (
-      <div className="container grid h-screen place-items-center bg-custom-background-100">
+      <div className="grid h-screen place-items-center bg-custom-background-100">
         <EmptyState
           title="No such project exists"
           description="Try creating a new project"

From bf0d925029313290d085665515c0f3cdf5e1deed Mon Sep 17 00:00:00 2001
From: NarayanBavisetti <narayan3119@gmail.com>
Date: Thu, 21 Nov 2024 19:54:49 +0530
Subject: [PATCH 3/4] chore: restrict other users to join private project

---
 apiserver/plane/app/views/project/invite.py | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/apiserver/plane/app/views/project/invite.py b/apiserver/plane/app/views/project/invite.py
index af8c6084bd2..dca0f73f598 100644
--- a/apiserver/plane/app/views/project/invite.py
+++ b/apiserver/plane/app/views/project/invite.py
@@ -136,6 +136,12 @@ def create(self, request, slug):
             member=request.user, workspace__slug=slug, is_active=True
         )
 
+        if workspace_member.role != 20:
+            return Response(
+                {"error": "You do not have permission to join the project"},
+                status=status.HTTP_403_FORBIDDEN,
+            )
+
         workspace_role = workspace_member.role
         workspace = workspace_member.workspace
 

From 3aee8fb89f630dc8d550cdcf1c71a63455f5948b Mon Sep 17 00:00:00 2001
From: Aaryan Khandelwal <aaryankhandu123@gmail.com>
Date: Thu, 21 Nov 2024 20:00:25 +0530
Subject: [PATCH 4/4] chore: add check condition using enum

---
 apiserver/plane/app/views/project/invite.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/apiserver/plane/app/views/project/invite.py b/apiserver/plane/app/views/project/invite.py
index dca0f73f598..d36036b98fb 100644
--- a/apiserver/plane/app/views/project/invite.py
+++ b/apiserver/plane/app/views/project/invite.py
@@ -136,7 +136,7 @@ def create(self, request, slug):
             member=request.user, workspace__slug=slug, is_active=True
         )
 
-        if workspace_member.role != 20:
+        if workspace_member.role != ROLE.ADMIN:
             return Response(
                 {"error": "You do not have permission to join the project"},
                 status=status.HTTP_403_FORBIDDEN,