From 7bb71a53e0ce0480393b9fbdb401f92290058a92 Mon Sep 17 00:00:00 2001
From: Anuj-Gupta4 <anujgupta.4388@gmail.com>
Date: Wed, 30 Oct 2024 14:15:42 +0545
Subject: [PATCH] fixes: Remove auth bypass in  for HOTOSM org #1785

---
 src/backend/app/auth/roles.py | 15 ---------------
 1 file changed, 15 deletions(-)

diff --git a/src/backend/app/auth/roles.py b/src/backend/app/auth/roles.py
index b05e90a438..ccf418f7c6 100644
--- a/src/backend/app/auth/roles.py
+++ b/src/backend/app/auth/roles.py
@@ -65,7 +65,6 @@ async def check_access(
     Access is determined based on the user's role and permissions:
     - If the user has an 'ADMIN' role, access is granted.
     - If the user has a 'READ_ONLY' role, access is denied.
-    - If the organisation is HOTOSM, then grant access.
     - For other roles, access is granted if the user is an organisation manager
       for the specified organisation (org_id) or has the specified role
       in the specified project (project_id).
@@ -91,20 +90,6 @@ async def check_access(
                 CASE
                     WHEN role = 'ADMIN' THEN true
                     WHEN role = 'READ_ONLY' THEN false
-                    WHEN EXISTS (
-                        SELECT 1
-                        FROM organisations
-                        WHERE (organisations.id = :org_id
-                            AND organisations.slug = 'hotosm')
-                        OR EXISTS (
-                            SELECT 1
-                            FROM projects
-                            JOIN organisations AS org
-                                ON projects.organisation_id = org.id
-                            WHERE org.slug = 'hotosm'
-                                AND projects.id = :project_id
-                        )
-                    ) THEN true
                     ELSE
                         EXISTS (
                             SELECT 1