From 7e98f6ee4734542e56379e133d62ecc9847d7d2c Mon Sep 17 00:00:00 2001
From: Shaun Warman <shaunwarman1@gmail.com>
Date: Sat, 9 Nov 2024 15:04:09 -0600
Subject: [PATCH] fix: allow admin member of team plan using free plan account
 to use api

---
 app/controllers/api/v1/enforce-paid-plan.js            |  4 ++++
 app/controllers/web/my-account/ensure-upgraded-plan.js |  6 +++++-
 app/controllers/web/my-account/retrieve-aliases.js     |  2 +-
 routes/api/v1/index.js                                 | 10 +++++++++-
 4 files changed, 19 insertions(+), 3 deletions(-)

diff --git a/app/controllers/api/v1/enforce-paid-plan.js b/app/controllers/api/v1/enforce-paid-plan.js
index c23404b2c9..d13c60fd8c 100644
--- a/app/controllers/api/v1/enforce-paid-plan.js
+++ b/app/controllers/api/v1/enforce-paid-plan.js
@@ -9,6 +9,10 @@ async function enforcePaidPlan(ctx, next) {
   if (!ctx.isAuthenticated())
     return ctx.throw(Boom.unauthorized(ctx.translateError('LOGIN_REQUIRED')));
 
+  // if the user is a member of a team plan and in the admin group, continue
+  if (ctx.state?.domain?.group === 'admin' && ctx.state?.domain?.plan === 'team')
+    return next();
+
   if (ctx.state.user.plan === 'free')
     return ctx.throw(
       Boom.paymentRequired(
diff --git a/app/controllers/web/my-account/ensure-upgraded-plan.js b/app/controllers/web/my-account/ensure-upgraded-plan.js
index 8276706377..43413359fb 100644
--- a/app/controllers/web/my-account/ensure-upgraded-plan.js
+++ b/app/controllers/web/my-account/ensure-upgraded-plan.js
@@ -15,7 +15,11 @@ function ensureUpgradedPlan(ctx, next) {
   )
     return next();
 
-  if (!ctx.state.domain && ctx.state.user.plan !== 'free') return next();
+  if (
+    (!ctx.state.domain && ctx.state.user.plan !== 'free') ||
+    ctx.state?.domain?.plan === 'team'
+  )
+    return next();
 
   const redirectTo = ctx.state.domain
     ? ctx.state.l(
diff --git a/app/controllers/web/my-account/retrieve-aliases.js b/app/controllers/web/my-account/retrieve-aliases.js
index 4b73b404c1..092351fcf3 100644
--- a/app/controllers/web/my-account/retrieve-aliases.js
+++ b/app/controllers/web/my-account/retrieve-aliases.js
@@ -162,7 +162,7 @@ async function retrieveAliases(ctx, next) {
         ? // eslint-disable-next-line unicorn/no-array-callback-reference
           Aliases.find(query)
             .limit(ctx.query.limit)
-            .skip(ctx.paginate.skip)
+            .skip(ctx.paginate?.skip)
             .sort(isSANB(ctx.query.sort) ? ctx.query.sort : 'created_at')
             .populate(
               'user',
diff --git a/routes/api/v1/index.js b/routes/api/v1/index.js
index b575089349..1e4e7e0b58 100644
--- a/routes/api/v1/index.js
+++ b/routes/api/v1/index.js
@@ -168,7 +168,6 @@ router
     policies.ensureApiToken,
     policies.checkVerifiedEmail,
     web.myAccount.ensureNotBanned,
-    api.v1.enforcePaidPlan,
     web.myAccount.ensurePaidToDate,
     (ctx, next) => {
       //
@@ -200,23 +199,27 @@ router
     '/domains',
     web.myAccount.validateDomain,
     rateLimit(50, 'create domain'),
+    api.v1.enforcePaidPlan,
     web.myAccount.createDomain,
     api.v1.domains.retrieve
   )
   .get(
     '/domains/:domain_id',
     web.myAccount.retrieveDomain,
+    api.v1.enforcePaidPlan,
     api.v1.domains.retrieve
   )
   .get(
     '/domains/:domain_id/verify-records',
     web.myAccount.retrieveDomain,
+    api.v1.enforcePaidPlan,
     web.myAccount.verifyRecords
   )
   .put(
     '/domains/:domain_id',
     web.myAccount.retrieveDomain,
     web.myAccount.ensureDomainAdmin,
+    api.v1.enforcePaidPlan,
     web.myAccount.ensureUpgradedPlan,
     web.myAccount.updateDomain,
     web.myAccount.retrieveDomains,
@@ -226,6 +229,7 @@ router
     '/domains/:domain_id',
     web.myAccount.retrieveDomain,
     web.myAccount.ensureDomainAdmin,
+    api.v1.enforcePaidPlan,
     web.myAccount.removeDomain,
     web.myAccount.retrieveDomains,
     api.v1.domains.retrieve
@@ -238,6 +242,7 @@ router
     web.myAccount.retrieveDomain,
     web.myAccount.ensureDomainAdmin,
     web.myAccount.ensureTeamPlan,
+    api.v1.enforcePaidPlan,
     web.myAccount.ensureUpgradedPlan,
     rateLimit(10, 'create invite'),
     web.myAccount.createInvite,
@@ -250,6 +255,7 @@ router
     web.myAccount.retrieveDomain,
     web.myAccount.ensureDomainAdmin,
     web.myAccount.ensureTeamPlan,
+    api.v1.enforcePaidPlan,
     web.myAccount.ensureUpgradedPlan,
     web.myAccount.removeInvite,
     web.myAccount.retrieveDomains,
@@ -264,6 +270,7 @@ router
     web.myAccount.ensureDomainAdmin,
     web.myAccount.ensureTeamPlan,
     web.myAccount.ensureUpgradedPlan,
+    api.v1.enforcePaidPlan,
     web.myAccount.retrieveAliases,
     web.myAccount.updateMember,
     web.myAccount.retrieveDomains,
@@ -276,6 +283,7 @@ router
     web.myAccount.ensureDomainAdmin,
     web.myAccount.ensureTeamPlan,
     web.myAccount.ensureUpgradedPlan,
+    api.v1.enforcePaidPlan,
     web.myAccount.retrieveAliases,
     web.myAccount.removeMember,
     web.myAccount.retrieveDomains,