From e1235299f52123a01cb50f3d185836c6fcec4bf4 Mon Sep 17 00:00:00 2001
From: Dehami Koswatte <dehami.deshan@gmail.com>
Date: Fri, 1 Oct 2021 18:41:18 +0530
Subject: [PATCH 1/2] Fix parameter order at create-team-membership method

---
 app/controllers/api/teams.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app/controllers/api/teams.php b/app/controllers/api/teams.php
index f7f7e2cb7e..645d08f57b 100644
--- a/app/controllers/api/teams.php
+++ b/app/controllers/api/teams.php
@@ -262,9 +262,9 @@ App::post('/v1/teams/:teamId/memberships')
     ->label('abuse-limit', 10)
     ->param('teamId', '', new UID(), 'Team unique ID.')
     ->param('email', '', new Email(), 'New team member email.')
-    ->param('name', '', new Text(128), 'New team member name. Max length: 128 chars.', true)
     ->param('roles', [], new ArrayList(new Key()), 'Array of strings. Use this param to set the user roles in the team. A role can be any string. Learn more about [roles and permissions](/docs/permissions). Max length for each role is 32 chars.')
     ->param('url', '', function ($clients) { return new Host($clients); }, 'URL to redirect the user back to your app from the invitation email.  Only URLs from hostnames in your project platform list are allowed. This requirement helps to prevent an [open redirect](https://cheatsheetseries.owasp.org/cheatsheets/Unvalidated_Redirects_and_Forwards_Cheat_Sheet.html) attack against your project API.', false, ['clients']) // TODO add our own built-in confirm page
+    ->param('name', '', new Text(128), 'New team member name. Max length: 128 chars.', true)
     ->inject('response')
     ->inject('project')
     ->inject('user')

From f31fc0735ed1b0a858eac185e7a3ec19f90c7dac Mon Sep 17 00:00:00 2001
From: Dehami Koswatte <dehami.deshan@gmail.com>
Date: Fri, 1 Oct 2021 21:06:57 +0530
Subject: [PATCH 2/2] Add code review fixes

---
 app/controllers/api/teams.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app/controllers/api/teams.php b/app/controllers/api/teams.php
index 645d08f57b..128a03c2eb 100644
--- a/app/controllers/api/teams.php
+++ b/app/controllers/api/teams.php
@@ -272,7 +272,7 @@ App::post('/v1/teams/:teamId/memberships')
     ->inject('locale')
     ->inject('audits')
     ->inject('mails')
-    ->action(function ($teamId, $email, $name, $roles, $url, $response, $project, $user, $projectDB, $locale, $audits, $mails) {
+    ->action(function ($teamId, $email, $roles, $url, $name, $response, $project, $user, $projectDB, $locale, $audits, $mails) {
         /** @var Appwrite\Utopia\Response $response */
         /** @var Appwrite\Database\Document $project */
         /** @var Appwrite\Database\Document $user */