f76f4466cb
https://sonarly.com/issue/26579?type=bug When a user is removed from a workspace via `UserService.removeUserFromWorkspaceAndPotentiallyDeleteWorkspace()` or `UserWorkspaceService.deleteUserWorkspace()`, the `userWorkspaceEntity` entry in `CoreEntityCacheService` is never invalidated. The JWT authentication layer (`JwtAuthStrategy.resolveUserContext`) reads the stale cached record, so middleware hydration succeeds and passes auth guards. However, the `currentUser` resolver performs a fresh DB query with TypeORM (which filters soft-deleted rows), finds no matching `userWorkspace`, and throws `Error: Current user workspace not found`. Fix: Added `coreEntityCacheService.invalidate('userWorkspaceEntity', userWorkspaceId)` at the end of `UserWorkspaceService.deleteUserWorkspace()`, after the DB deletion completes. This is the centralized low-level deletion method called by both: - `UserService.removeUserFromWorkspaceAndPotentiallyDeleteWorkspace()` (user-leaves-workspace path) - `WorkspaceService.handleRemoveWorkspaceMember()` (admin-removes-member path) Previously, only `handleRemoveWorkspaceMember` invalidated the cache (at its own call site in workspace.service.ts:637). By moving invalidation into `deleteUserWorkspace()` itself, ALL deletion paths now correctly invalidate the `userWorkspaceEntity` cache entry. This prevents the bug where: 1. A userWorkspace record is deleted from the DB 2. `JwtAuthStrategy` reads a stale cached record and allows the request through 3. The `currentUser` resolver queries the DB fresh, finds no matching userWorkspace, and throws "Current user workspace not found" The existing invalidation in `WorkspaceService.handleRemoveWorkspaceMember()` (line 637-640) becomes redundant but harmless — double-invalidation is a no-op. Removing it would be a separate cleanup concern. |
||
|---|---|---|
| .claude-pr | ||
| .cursor | ||
| .github | ||
| .vscode | ||
| .yarn | ||
| packages | ||
| .dockerignore | ||
| .gitattributes | ||
| .gitignore | ||
| .mcp.json | ||
| .nvmrc | ||
| .yarnrc.yml | ||
| CLAUDE.md | ||
| jest.preset.js | ||
| LICENSE | ||
| nx.json | ||
| package.json | ||
| README.md | ||
| tsconfig.base.json | ||
| yarn.config.cjs | ||
| yarn.lock | ||
The #1 Open-Source CRM
🌐 Website · 📚 Documentation · 
Roadmap · 
Discord · 
Figma
Installation
See: 🚀 Self-hosting 🖥️ Local Setup
Why Twenty
We built Twenty for three reasons:
CRMs are too expensive, and users are trapped. Companies use locked-in customer data to hike prices. It shouldn't be that way.
A fresh start is required to build a better experience. We can learn from past mistakes and craft a cohesive experience inspired by new UX patterns from tools like Notion, Airtable or Linear.
We believe in open-source and community. Hundreds of developers are already building Twenty together. Once we have plugin capabilities, a whole ecosystem will grow around it.
What You Can Do With Twenty
Please feel free to flag any specific needs you have by creating an issue.
Below are a few features we have implemented to date:
- Personalize layouts with filters, sort, group by, kanban and table views
- Customize your objects and fields
- Create and manage permissions with custom roles
- Automate workflow with triggers and actions
- Emails, calendar events, files, and more
Personalize layouts with filters, sort, group by, kanban and table views
Customize your objects and fields
Create and manage permissions with custom roles
Automate workflow with triggers and actions
Emails, calendar events, files, and more
Stack
- TypeScript
- Nx
- NestJS, with BullMQ, PostgreSQL, Redis
- React, with Jotai, Linaria and Lingui
Thanks
Thanks to these amazing services that we use and recommend for UI testing (Chromatic), code review (Greptile), catching bugs (Sentry) and translating (Crowdin).
Join the Community
- Star the repo
- Subscribe to releases (watch -> custom -> releases)
- Follow us on Twitter or LinkedIn
- Join our Discord
- Improve translations on Crowdin
- Contributions are, of course, most welcome!