Elgato_dark/appwrite
1
0
Fork 0
mirror of https://github.com/appwrite/appwrite synced 2026-05-23 00:49:02 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

Merge pull request #9938 from appwrite/fix-deletion-logic

Browse source 
Fix deletion logic
This commit is contained in:
Jake Barnby 2025-05-30 12:56:23 +00:00 committed by GitHub
commit 7e4a3bb018
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
2 changed files with 7 additions and 8 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
app/controllers/api/teams.php
View file

@ -1359,10 +1359,12 @@ App::delete('/v1/teams/:teamId/memberships/:membershipId')
max: 2
);
// Is the deletion being requested by the user on their own membership?
$isCurrentUserAnOwner = $user->getInternalId() === $membership->getAttribute('userInternalId');
// Is the deletion being requested by the user on their own membership and they are also the owner?
$isSelfOwner =
in_array('owner', $membership->getAttribute('roles')) &&
$membership->getAttribute('userInternalId') === $user->getInternalId();
if ($ownersCount === 1 && $isCurrentUserAnOwner) {
if ($ownersCount === 1 && $isSelfOwner) {
/* Prevent removal if the user is the only owner. */
throw new Exception(Exception::MEMBERSHIP_DELETION_PROHIBITED, 'There must be at least one owner in the organization.');
}

7
tests/e2e/Services/Teams/TeamsConsoleClientTest.php
View file

@ -212,9 +212,6 @@ class TeamsConsoleClientTest extends Scope
$this->assertEquals(401, $response['headers']['status-code']);
$this->assertEquals('The current user is not authorized to perform the requested action.', $response['body']['message']);
/**
* Test for when a user other than the owner tries to delete their membership
*/
$response = $this->client->call(Client::METHOD_DELETE, '/teams/' . $teamUid . '/memberships/' . $membershipUid, [
'origin' => 'http://localhost',
'content-type' => 'application/json',
@ -222,7 +219,7 @@ class TeamsConsoleClientTest extends Scope
'cookie' => 'a_session_' . $this->getProject()['$id'] . '=' . $session,
]);
$this->assertEquals(400, $response['headers']['status-code']);
$this->assertEquals(204, $response['headers']['status-code']);
$response = $this->client->call(Client::METHOD_GET, '/teams/' . $teamUid . '/memberships', array_merge([
'content-type' => 'application/json',
@ -230,7 +227,7 @@ class TeamsConsoleClientTest extends Scope
], $this->getHeaders()));
$this->assertEquals(200, $response['headers']['status-code']);
$this->assertEquals(3, $response['body']['total']);
$this->assertEquals(2, $response['body']['total']);
/**
* Test for when the owner tries to delete their membership