daostack · alexander2001i · May 7, 2021 · Apr 22, 2021
diff --git a/packages/firebase/functions/src/common/business/updateCommon.ts b/packages/firebase/functions/src/common/business/updateCommon.ts
@@ -4,12 +4,13 @@ import { ICommonUpdate } from '@common/types';
 import { IUpdatableCommonEntity } from '../database/updateCommon';
 import { commonDb } from '../database';
 import { createCommonHistory } from '../../commonEditHistory/business';
-import { CommonError } from '../../util/errors';
+import { UnauthorizedError } from '../../util/errors';
 import { createEvent } from '../../util/db/eventDbService';
 import { EVENT_TYPES } from '../../event/event';
 import { commonRuleValidationSchema } from '../../util/schemas';
 import { validate } from '../../util/validate';
 import { urlRegex } from '../../util/regex';
+import { hasPermission } from '../../core/domain/users/business';
 
 
 const updateCommonDataValidationScheme = yup.object({
@@ -48,10 +49,11 @@ export const updateCommon = async (payload: UpdateCommonPayload): Promise<IUpdat
 
   await validate<UpdateCommonPayload>(payload, updateCommonDataValidationScheme);
   const currCommon = await commonDb.get(payload.commonId);
-  // TODO check if user has permission to edit this common when permissions pr is merged
 
-  if (currCommon.metadata.founderId !== payload.userId) {
-    throw new CommonError('Try again when you created the common');
+  const canEditCommon = await hasPermission(payload.userId, payload.commonId);
+
+  if (!canEditCommon) {
+    throw new UnauthorizedError();
   }
 
   // the doc that was saved in the commonEditHistory collection

diff --git a/packages/firebase/functions/src/moderation/business/hideContent.ts b/packages/firebase/functions/src/moderation/business/hideContent.ts
@@ -36,7 +36,8 @@ export const hideContent = async (hideContentPayload: HideContentPayload): Promi
 
 	//Only users with permissions can hide content
   const { itemId, commonId, userId, type } = hideContentPayload;
-  if (!hasPermission(userId, commonId)) {
+  const isModerator = await hasPermission(userId, commonId);
+  if (!isModerator) {
     throw new UnauthorizedError();
   }
 

diff --git a/packages/firebase/functions/src/moderation/business/showContent.ts b/packages/firebase/functions/src/moderation/business/showContent.ts
@@ -34,7 +34,8 @@ export const showContent = async (showContentPayload: ShowContentPayload): Promi
 
   //Only users with permissions can make content visible
   const { itemId, commonId, userId, type } = showContentPayload;
-  if (!hasPermission(userId, commonId)) {
+  const isModerator = await hasPermission(userId, commonId);
+  if (!isModerator) {
     throw new UnauthorizedError();
   }