From a60a93b5383302b25a011fcca71875335e7bd515 Mon Sep 17 00:00:00 2001
From: shreddedbacon <b@benjackson.email>
Date: Wed, 24 Apr 2024 16:07:25 +1000
Subject: [PATCH] fix: allow platform admin to add when
 disable-non-organization features are enabled

---
 services/api/src/resources/group/resolvers.ts |  2 +-
 .../src/resources/notification/resolvers.ts   | 24 +++++++++----------
 .../api/src/resources/project/resolvers.ts    |  2 +-
 3 files changed, 14 insertions(+), 14 deletions(-)

diff --git a/services/api/src/resources/group/resolvers.ts b/services/api/src/resources/group/resolvers.ts
index c9792f898f..86580acfbb 100644
--- a/services/api/src/resources/group/resolvers.ts
+++ b/services/api/src/resources/group/resolvers.ts
@@ -344,7 +344,7 @@ export const addGroup: ResolverFn = async (
     }
   } else {
     // otherwise fall back
-    if (DISABLE_NON_ORGANIZATION_GROUP_CREATION == "false") {
+    if (DISABLE_NON_ORGANIZATION_GROUP_CREATION == "false" || adminScopes.projectViewAll) {
       await hasPermission('group', 'add');
     } else {
       throw new Error(
diff --git a/services/api/src/resources/notification/resolvers.ts b/services/api/src/resources/notification/resolvers.ts
index f714feac37..85ecbeabf3 100644
--- a/services/api/src/resources/notification/resolvers.ts
+++ b/services/api/src/resources/notification/resolvers.ts
@@ -25,7 +25,7 @@ const addNotificationGeneric = async (sqlClientPool, notificationTable, input) =
   return await query(sqlClientPool, knex(notificationTable).where('id', insertId).toString());
 }
 
-const checkOrgNotificationPermission = async (hasPermission, input) => {
+const checkOrgNotificationPermission = async (hasPermission, input, adminScopes) => {
   if (input.organization != null) {
     const organizationData = await organizationHelpers(sqlClientPool).getOrganizationById(input.organization);
     if (organizationData === undefined) {
@@ -43,7 +43,7 @@ const checkOrgNotificationPermission = async (hasPermission, input) => {
       );
     }
   } else {
-    if (DISABLE_NON_ORGANIZATION_NOTIFICATION_ASSIGNMENT == "false") {
+    if (DISABLE_NON_ORGANIZATION_NOTIFICATION_ASSIGNMENT == "false" || adminScopes.projectViewAll) {
       await hasPermission('notification', 'add');
     } else {
       throw new Error(
@@ -56,41 +56,41 @@ const checkOrgNotificationPermission = async (hasPermission, input) => {
 export const addNotificationMicrosoftTeams: ResolverFn = async (
   root,
   { input },
-  { sqlClientPool, hasPermission }
+  { sqlClientPool, hasPermission, adminScopes}
 ) => {
-  await checkOrgNotificationPermission(hasPermission, input)
+  await checkOrgNotificationPermission(hasPermission, input, adminScopes)
   return R.path([0], await addNotificationGeneric(sqlClientPool, 'notification_microsoftteams', input));
 };
 
 export const addNotificationEmail: ResolverFn = async (
   root,
   { input },
-  { sqlClientPool, hasPermission }
+  { sqlClientPool, hasPermission, adminScopes}
 ) => {
-  await checkOrgNotificationPermission(hasPermission, input)
+  await checkOrgNotificationPermission(hasPermission, input, adminScopes)
   return R.path([0], await addNotificationGeneric(sqlClientPool, 'notification_email', input));
 };
 
 export const addNotificationRocketChat: ResolverFn = async (
   root,
   { input },
-  { sqlClientPool, hasPermission }
+  { sqlClientPool, hasPermission, adminScopes }
 ) => {
-  await checkOrgNotificationPermission(hasPermission, input)
+  await checkOrgNotificationPermission(hasPermission, input, adminScopes)
   return R.path([0], await addNotificationGeneric(sqlClientPool, 'notification_rocketchat', input));
 };
 
 export const addNotificationSlack: ResolverFn = async (
   root,
   { input },
-  { sqlClientPool, hasPermission }
+  { sqlClientPool, hasPermission, adminScopes}
 ) => {
-  await checkOrgNotificationPermission(hasPermission, input)
+  await checkOrgNotificationPermission(hasPermission, input, adminScopes)
   return R.path([0], await addNotificationGeneric(sqlClientPool, 'notification_slack', input));
 };
 
-export const addNotificationWebhook: ResolverFn = async (root, { input }, { sqlClientPool, hasPermission }) => {
-  await checkOrgNotificationPermission(hasPermission, input)
+export const addNotificationWebhook: ResolverFn = async (root, { input }, { sqlClientPool, hasPermission, adminScopes}) => {
+  await checkOrgNotificationPermission(hasPermission, input, adminScopes)
   return R.path([0], await addNotificationGeneric(sqlClientPool, 'notification_webhook', input));
 };
 
diff --git a/services/api/src/resources/project/resolvers.ts b/services/api/src/resources/project/resolvers.ts
index b3a77d8f1e..d823bc1640 100644
--- a/services/api/src/resources/project/resolvers.ts
+++ b/services/api/src/resources/project/resolvers.ts
@@ -268,7 +268,7 @@ export const addProject = async (
       }
     }
   } else {
-    if (DISABLE_NON_ORGANIZATION_PROJECT_CREATION == "false") {
+    if (DISABLE_NON_ORGANIZATION_PROJECT_CREATION == "false" || adminScopes.projectViewAll) {
       await hasPermission('project', 'add');
     } else {
       throw new Error(