From 61937317759cd41518d52a397a204584eb2e5a53 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Dafydd=20Ll=C5=B7r=20Pearson?= <DafyddLlyr@gmail.com>
Date: Wed, 15 May 2024 19:46:46 +0100
Subject: [PATCH] fix: Add route guard for `/:team/members` (#3151)

---
 editor.planx.uk/src/routes/teamMembers.tsx | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/editor.planx.uk/src/routes/teamMembers.tsx b/editor.planx.uk/src/routes/teamMembers.tsx
index 5562c84ee5..634d4f1ae8 100644
--- a/editor.planx.uk/src/routes/teamMembers.tsx
+++ b/editor.planx.uk/src/routes/teamMembers.tsx
@@ -1,7 +1,7 @@
 import { Role, User } from "@opensystemslab/planx-core/types";
 import gql from "graphql-tag";
 import { groupBy } from "lodash";
-import { compose, mount, route, withData } from "navi";
+import { NotFoundError, compose, mount, route, withData } from "navi";
 import {
   TeamMember,
   TeamMembers,
@@ -22,7 +22,13 @@ const teamMembersRoutes = compose(
   })),
 
   mount({
-    "/": route(async () => {
+    "/": route(async (req) => {
+      const isAuthorised = useStore.getState().canUserEditTeam(req.params.team);
+      if (!isAuthorised)
+        throw new NotFoundError(
+          `User does not have access to ${req.originalUrl}`,
+        );
+
       const teamSlug = useStore.getState().teamSlug;
 
       const {