Team delete functionality.

2026-02-04 12:47:13 +01:00 · 2023-02-02 11:59:38 -08:00 · 2023-02-02 11:59:38 -08:00 · 0ce2d1fbfc
commit 0ce2d1fbfc
parent 835289a1f8
11 changed files with 128 additions and 56 deletions
--- a/lib/auth.ts
+++ b/lib/auth.ts
@ -1,4 +1,5 @@
 import debug from 'debug';
+import { validate } from 'uuid';
 import cache from 'lib/cache';
 import { PERMISSIONS, ROLE_PERMISSIONS, SHARE_TOKEN_HEADER } from 'lib/constants';
 import { secret } from 'lib/crypto';
@ -60,10 +61,6 @@ export async function canViewWebsite({ user }: Auth, websiteId: string) {
    return user.id === website.userId;
  }

-  if (website.teamId) {
-    return getTeamUser(website.teamId, user.id);
-  }
-
  return false;
 }

@ -86,18 +83,16 @@ export async function canUpdateWebsite({ user }: Auth, websiteId: string) {
    return true;
  }

+  if (!validate(websiteId)) {
+    return false;
+  }
+
  const website = await cache.fetchWebsite(websiteId);

  if (website.userId) {
    return user.id === website.userId;
  }

-  if (website.teamId) {
-    const teamUser = await getTeamUser(website.teamId, user.id);
-
-    return hasPermission(teamUser.role, PERMISSIONS.websiteUpdate);
-  }
-
  return false;
 }

@ -112,12 +107,6 @@ export async function canDeleteWebsite({ user }: Auth, websiteId: string) {
    return user.id === website.userId;
  }

-  if (website.teamId) {
-    const teamUser = await getTeamUser(website.teamId, user.id);
-
-    return hasPermission(teamUser.role, PERMISSIONS.websiteDelete);
-  }
-
  return false;
 }

@ -144,9 +133,13 @@ export async function canUpdateTeam({ user }: Auth, teamId: string) {
    return true;
  }

-  const teamUser = await getTeamUser(teamId, user.id);
+  if (validate(teamId)) {
+    const teamUser = await getTeamUser(teamId, user.id);

-  return hasPermission(teamUser.role, PERMISSIONS.teamUpdate);
+    return hasPermission(teamUser.role, PERMISSIONS.teamUpdate);
+  }
+
+  return false;
 }

 export async function canDeleteTeam({ user }: Auth, teamId: string) {
@ -154,9 +147,13 @@ export async function canDeleteTeam({ user }: Auth, teamId: string) {
    return true;
  }

-  const teamUser = await getTeamUser(teamId, user.id);
+  if (validate(teamId)) {
+    const teamUser = await getTeamUser(teamId, user.id);

-  return hasPermission(teamUser.role, PERMISSIONS.teamDelete);
+    return hasPermission(teamUser.role, PERMISSIONS.teamDelete);
+  }
+
+  return false;
 }

 export async function canCreateUser({ user }: Auth) {
--- a/lib/constants.ts
+++ b/lib/constants.ts
@ -33,7 +33,6 @@ export const ROLES = {
  user: 'user',
  teamOwner: 'team-owner',
  teamMember: 'team-member',
-  teamGuest: 'team-guest',
 } as const;

 export const PERMISSIONS = {
@ -54,19 +53,8 @@ export const ROLE_PERMISSIONS = {
    PERMISSIONS.websiteDelete,
    PERMISSIONS.teamCreate,
  ],
-  [ROLES.teamOwner]: [
-    PERMISSIONS.teamUpdate,
-    PERMISSIONS.teamDelete,
-    PERMISSIONS.websiteCreate,
-    PERMISSIONS.websiteUpdate,
-    PERMISSIONS.websiteDelete,
-  ],
-  [ROLES.teamMember]: [
-    PERMISSIONS.websiteCreate,
-    PERMISSIONS.websiteUpdate,
-    PERMISSIONS.websiteDelete,
-  ],
-  [ROLES.teamGuest]: [],
+  [ROLES.teamOwner]: [PERMISSIONS.teamUpdate, PERMISSIONS.teamDelete],
+  [ROLES.teamMember]: [],
 } as const;

 export const THEME_COLORS = {