fix for change ownership of app (#10791)

2026-05-23 08:58:26 +00:00 · 2024-09-20 13:22:07 +05:30 · 2024-09-20 13:22:07 +05:30 · b38971cb01
commit b38971cb01
parent e38eb34470
5 changed files with 41 additions and 22 deletions
--- a/server/src/controllers/group_permissions.controller.v2.ts
+++ b/server/src/controllers/group_permissions.controller.v2.ts
@ -145,8 +145,9 @@ export class GroupPermissionsControllerV2 {
  @CheckPolicies((ability: AppAbility) => ability.can(ORGANIZATION_RESOURCE_ACTIONS.ACCESS_PERMISSIONS, UserEntity))
  @Put('user-role/edit')
  async updateUserRole(@User() user, @Body() editRoleDto: EditUserRoleDto) {
-    const { organizationId } = user;
-    return await this.userRoleService.editDefaultGroupUserRole(editRoleDto, organizationId);
+    await this.userRoleService.editDefaultGroupUserRole(editRoleDto, user.organizationId, null, {
+      updatedAdmin: user.id,
+    });
  }

  @UseGuards(JwtAuthGuard, PoliciesGuard)
--- a/server/src/controllers/organization_users.controller.ts
+++ b/server/src/controllers/organization_users.controller.ts
@ -63,8 +63,8 @@ export class OrganizationUsersController {
  @UseGuards(JwtAuthGuard, PoliciesGuard)
  @CheckPolicies((ability: AppAbility) => ability.can(ORGANIZATION_RESOURCE_ACTIONS.UPDATE_USERS, UserEntity))
  @Put(':id')
-  async updateUser(@Param('id') id: string, @Body() updateUserDto) {
-    await this.organizationUsersService.updateOrgUser(id, updateUserDto);
+  async updateUser(@Param('id') id: string, @Body() updateUserDto, @User() user) {
+    await this.organizationUsersService.updateOrgUser(id, updateUserDto, user.id);
    return;
  }

--- a/server/src/services/organization_users.service.ts
+++ b/server/src/services/organization_users.service.ts
@ -114,13 +114,14 @@ export class OrganizationUsersService {
    });
  }

-  async updateOrgUser(organizationUserId: string, updateUserDto) {
+  async updateOrgUser(organizationUserId: string, updateUserDto, adminId: string) {
    const organizationUser = await this.organizationUsersRepository.findOne({ where: { id: organizationUserId } });
-    return await this.usersService.update(
+    await this.usersService.update(
      organizationUser.userId,
      updateUserDto,
      null,
-      organizationUser.organizationId
+      organizationUser.organizationId,
+      adminId
    );
  }

--- a/server/src/services/user-role.service.ts
+++ b/server/src/services/user-role.service.ts
@ -79,7 +79,8 @@ export class UserRoleService {
  async editDefaultGroupUserRole(
    editRoleDto: EditUserRoleDto,
    organizationId: string,
-    manager?: EntityManager
+    manager?: EntityManager,
+    options?: { updatedAdmin?: string }
  ): Promise<void> {
    const { newRole, userId } = editRoleDto;
    return await dbTransactionWrap(async (manager: EntityManager) => {
@ -115,18 +116,30 @@ export class UserRoleService {
          },
        });
        if (userCreatedApps.length > 0) {
-          const user = await manager.findOne(User, {
-            where: {
-              id: userGroup.userId,
-            },
-          });
-          throw new BadRequestException({
-            message: {
-              error: ERROR_HANDLER.USER_IS_OWNER_OF_APPS(user.email),
-              data: userCreatedApps.map((app) => app.name),
-              title: 'Can not change user role',
-            },
-          });
+          if (options?.updatedAdmin) {
+            // Transfer the ownership
+            await manager.update(
+              App,
+              {
+                userId: userId,
+                organizationId: organizationId,
+              },
+              { userId: options?.updatedAdmin }
+            );
+          } else {
+            const user = await manager.findOne(User, {
+              where: {
+                id: userGroup.userId,
+              },
+            });
+            throw new BadRequestException({
+              message: {
+                error: ERROR_HANDLER.USER_IS_OWNER_OF_APPS(user.email),
+                data: userCreatedApps.map((app) => app.name),
+                title: 'Can not change user role',
+              },
+            });
+          }
        }
      }
      await this.groupPermissionsService.deleteGroupUser(userGroup.id, manager);
--- a/server/src/services/users.service.ts
+++ b/server/src/services/users.service.ts
@ -160,7 +160,7 @@ export class UsersService {
    }, manager);
  }

-  async update(userId: string, params: any, manager?: EntityManager, organizationId?: string) {
+  async update(userId: string, params: any, manager?: EntityManager, organizationId?: string, adminId?: string) {
    const { forgotPasswordToken, password, firstName, lastName, addGroups, removeGroups, source, role } = params;
    const hashedPassword = password ? bcrypt.hashSync(password, 10) : undefined;

@ -180,7 +180,11 @@ export class UsersService {
      const user = await manager.findOne(User, { where: { id: userId } });

      await this.removeUserGroupPermissionsIfExists(manager, user, removeGroups, organizationId);
-      if (role) await this.userRoleService.editDefaultGroupUserRole({ userId, newRole: role }, organizationId, manager);
+      if (role) {
+        await this.userRoleService.editDefaultGroupUserRole({ userId, newRole: role }, organizationId, manager, {
+          updatedAdmin: adminId,
+        });
+      }
      await this.attachUserGroup(addGroups, organizationId, userId, manager);
      return user;
    }, manager);