From b38971cb01cbd83564599ab3937d39feea4aca6b Mon Sep 17 00:00:00 2001 From: Midhun G S Date: Fri, 20 Sep 2024 13:22:07 +0530 Subject: [PATCH] fix for change ownership of app (#10791) --- .../group_permissions.controller.v2.ts | 5 ++- .../organization_users.controller.ts | 4 +- .../services/organization_users.service.ts | 7 ++-- server/src/services/user-role.service.ts | 39 ++++++++++++------- server/src/services/users.service.ts | 8 +++- 5 files changed, 41 insertions(+), 22 deletions(-) diff --git a/server/src/controllers/group_permissions.controller.v2.ts b/server/src/controllers/group_permissions.controller.v2.ts index e141005bcc..a3a4caf28c 100644 --- a/server/src/controllers/group_permissions.controller.v2.ts +++ b/server/src/controllers/group_permissions.controller.v2.ts @@ -145,8 +145,9 @@ export class GroupPermissionsControllerV2 { @CheckPolicies((ability: AppAbility) => ability.can(ORGANIZATION_RESOURCE_ACTIONS.ACCESS_PERMISSIONS, UserEntity)) @Put('user-role/edit') async updateUserRole(@User() user, @Body() editRoleDto: EditUserRoleDto) { - const { organizationId } = user; - return await this.userRoleService.editDefaultGroupUserRole(editRoleDto, organizationId); + await this.userRoleService.editDefaultGroupUserRole(editRoleDto, user.organizationId, null, { + updatedAdmin: user.id, + }); } @UseGuards(JwtAuthGuard, PoliciesGuard) diff --git a/server/src/controllers/organization_users.controller.ts b/server/src/controllers/organization_users.controller.ts index 42f0da05ea..9ecd9d954a 100644 --- a/server/src/controllers/organization_users.controller.ts +++ b/server/src/controllers/organization_users.controller.ts @@ -63,8 +63,8 @@ export class OrganizationUsersController { @UseGuards(JwtAuthGuard, PoliciesGuard) @CheckPolicies((ability: AppAbility) => ability.can(ORGANIZATION_RESOURCE_ACTIONS.UPDATE_USERS, UserEntity)) @Put(':id') - async updateUser(@Param('id') id: string, @Body() updateUserDto) { - await this.organizationUsersService.updateOrgUser(id, updateUserDto); + async updateUser(@Param('id') id: string, @Body() updateUserDto, @User() user) { + await this.organizationUsersService.updateOrgUser(id, updateUserDto, user.id); return; } diff --git a/server/src/services/organization_users.service.ts b/server/src/services/organization_users.service.ts index 0560a80e91..db4e5180b5 100644 --- a/server/src/services/organization_users.service.ts +++ b/server/src/services/organization_users.service.ts @@ -114,13 +114,14 @@ export class OrganizationUsersService { }); } - async updateOrgUser(organizationUserId: string, updateUserDto) { + async updateOrgUser(organizationUserId: string, updateUserDto, adminId: string) { const organizationUser = await this.organizationUsersRepository.findOne({ where: { id: organizationUserId } }); - return await this.usersService.update( + await this.usersService.update( organizationUser.userId, updateUserDto, null, - organizationUser.organizationId + organizationUser.organizationId, + adminId ); } diff --git a/server/src/services/user-role.service.ts b/server/src/services/user-role.service.ts index 592d8d3c86..a63a59642d 100644 --- a/server/src/services/user-role.service.ts +++ b/server/src/services/user-role.service.ts @@ -79,7 +79,8 @@ export class UserRoleService { async editDefaultGroupUserRole( editRoleDto: EditUserRoleDto, organizationId: string, - manager?: EntityManager + manager?: EntityManager, + options?: { updatedAdmin?: string } ): Promise { const { newRole, userId } = editRoleDto; return await dbTransactionWrap(async (manager: EntityManager) => { @@ -115,18 +116,30 @@ export class UserRoleService { }, }); if (userCreatedApps.length > 0) { - const user = await manager.findOne(User, { - where: { - id: userGroup.userId, - }, - }); - throw new BadRequestException({ - message: { - error: ERROR_HANDLER.USER_IS_OWNER_OF_APPS(user.email), - data: userCreatedApps.map((app) => app.name), - title: 'Can not change user role', - }, - }); + if (options?.updatedAdmin) { + // Transfer the ownership + await manager.update( + App, + { + userId: userId, + organizationId: organizationId, + }, + { userId: options?.updatedAdmin } + ); + } else { + const user = await manager.findOne(User, { + where: { + id: userGroup.userId, + }, + }); + throw new BadRequestException({ + message: { + error: ERROR_HANDLER.USER_IS_OWNER_OF_APPS(user.email), + data: userCreatedApps.map((app) => app.name), + title: 'Can not change user role', + }, + }); + } } } await this.groupPermissionsService.deleteGroupUser(userGroup.id, manager); diff --git a/server/src/services/users.service.ts b/server/src/services/users.service.ts index 1fbd55ba78..7e9010602d 100644 --- a/server/src/services/users.service.ts +++ b/server/src/services/users.service.ts @@ -160,7 +160,7 @@ export class UsersService { }, manager); } - async update(userId: string, params: any, manager?: EntityManager, organizationId?: string) { + async update(userId: string, params: any, manager?: EntityManager, organizationId?: string, adminId?: string) { const { forgotPasswordToken, password, firstName, lastName, addGroups, removeGroups, source, role } = params; const hashedPassword = password ? bcrypt.hashSync(password, 10) : undefined; @@ -180,7 +180,11 @@ export class UsersService { const user = await manager.findOne(User, { where: { id: userId } }); await this.removeUserGroupPermissionsIfExists(manager, user, removeGroups, organizationId); - if (role) await this.userRoleService.editDefaultGroupUserRole({ userId, newRole: role }, organizationId, manager); + if (role) { + await this.userRoleService.editDefaultGroupUserRole({ userId, newRole: role }, organizationId, manager, { + updatedAdmin: adminId, + }); + } await this.attachUserGroup(addGroups, organizationId, userId, manager); return user; }, manager);