From 4fcb399867b181666532844d9aa79f1d62a8e4b0 Mon Sep 17 00:00:00 2001
From: Damodar Lohani <lohanidamodar@users.noreply.github.com>
Date: Sun, 17 Mar 2024 14:54:08 +0545
Subject: [PATCH] use team internal id for membership check on update

---
 app/controllers/api/teams.php | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/app/controllers/api/teams.php b/app/controllers/api/teams.php
index aa74a49760..d6a98e5340 100644
--- a/app/controllers/api/teams.php
+++ b/app/controllers/api/teams.php
@@ -894,16 +894,16 @@ App::patch('/v1/teams/:teamId/memberships/:membershipId/status')
             throw new Exception(Exception::MEMBERSHIP_NOT_FOUND);
         }
 
-        if ($membership->getAttribute('teamId') !== $teamId) {
-            throw new Exception(Exception::TEAM_MEMBERSHIP_MISMATCH);
-        }
-
         $team = Authorization::skip(fn() => $dbForProject->getDocument('teams', $teamId));
 
         if ($team->isEmpty()) {
             throw new Exception(Exception::TEAM_NOT_FOUND);
         }
 
+        if ($membership->getAttribute('teamInternalId') !== $team->getInternalId()) {
+            throw new Exception(Exception::TEAM_MEMBERSHIP_MISMATCH);
+        }
+
         if (Auth::hash($secret) !== $membership->getAttribute('secret')) {
             throw new Exception(Exception::TEAM_INVALID_SECRET);
         }