From 959c1fda819fe2f5b688c4238d6ea5a1f8f6968d Mon Sep 17 00:00:00 2001
From: Zach Wasserman <zach@fleetdm.com>
Date: Mon, 28 Jun 2021 16:57:56 -0700
Subject: [PATCH] Allow global maintainer to transfer hosts between Teams
 (#1243)

Reclassify these operations as "host write" to apply the appropriate permissions.

Fixes #1237
---
 server/service/service_hosts.go | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/server/service/service_hosts.go b/server/service/service_hosts.go
index 1bd23f30e6..db03762174 100644
--- a/server/service/service_hosts.go
+++ b/server/service/service_hosts.go
@@ -130,7 +130,7 @@ func (svc Service) AddHostsToTeam(ctx context.Context, teamID *uint, hostIDs []u
 	// besides global admins permissions to modify team hosts, we will need to
 	// check that the user has permissions for both the source and destination
 	// teams.
-	if err := svc.authz.Authorize(ctx, &fleet.Team{}, fleet.ActionWrite); err != nil {
+	if err := svc.authz.Authorize(ctx, &fleet.Host{}, fleet.ActionWrite); err != nil {
 		return err
 	}
 
@@ -142,7 +142,7 @@ func (svc Service) AddHostsToTeamByFilter(ctx context.Context, teamID *uint, opt
 	// besides global admins permissions to modify team hosts, we will need to
 	// check that the user has permissions for both the source and destination
 	// teams.
-	if err := svc.authz.Authorize(ctx, &fleet.Team{}, fleet.ActionWrite); err != nil {
+	if err := svc.authz.Authorize(ctx, &fleet.Host{}, fleet.ActionWrite); err != nil {
 		return err
 	}
 	vc, ok := viewer.FromContext(ctx)