Cleanup

fisx · fisx · commit 279146c5ad0f · 2019-01-18T10:53:52.000+01:00
diff --git a/libs/galley-types/src/Galley/Types/Teams.hs b/libs/galley-types/src/Galley/Types/Teams.hs
@@ -58,7 +58,7 @@ module Galley.Types.Teams
     , noPermissions
     , serviceWhitelistPermissions
     , hasPermission
-    , hasCopyPermission
+    , mayGrantPermission
     , isTeamOwner
     , self
     , copy
@@ -395,8 +395,8 @@ serviceWhitelistPermissions = Set.fromList
 hasPermission :: TeamMember -> Perm -> Bool
 hasPermission tm p = p `Set.member` (tm^.permissions.self)
 
-hasCopyPermission :: TeamMember -> Perm -> Bool
-hasCopyPermission tm p = p `Set.member` (tm^.permissions.copy)
+mayGrantPermission :: TeamMember -> Perm -> Bool
+mayGrantPermission tm p = p `Set.member` (tm^.permissions.copy)
 
 -- Note [team roles]
 -- ~~~~~~~~~~~~
diff --git a/services/brig/src/Brig/Team/Util.hs b/services/brig/src/Brig/Team/Util.hs
@@ -37,14 +37,17 @@ ensurePermissions u t perms = do
     check (Just m) = and $ hasPermission m <$> perms
     check Nothing  = False
 
--- | (Some code duplication with 'Galley.API.Teams.ensureNotElevated'.)
+-- | Privilege escalation detection (make sure no `RoleMember` user creates a `RoleOwner`).
+--
+-- There is some code duplication with 'Galley.API.Teams.ensureNotElevated'.
 ensurePermissionToAddUser :: UserId -> TeamId -> Permissions -> ExceptT Error AppIO ()
 ensurePermissionToAddUser u t inviteePerms = do
-    m <- lift $ Intra.getTeamMember u t
-    unless (check m) $
+    minviter <- lift $ Intra.getTeamMember u t
+    unless (check minviter) $
         throwStd insufficientTeamPermissions
   where
     check :: Maybe TeamMember -> Bool
-    check (Just m) = hasPermission m AddTeamMember &&
-                     and (hasCopyPermission m <$> (Set.toList $ inviteePerms ^. self))
+    check (Just inviter) =
+        hasPermission inviter AddTeamMember &&
+        and (mayGrantPermision inviter <$> Set.toList (inviteePerms ^. self))
     check Nothing  = False
