QT/bigcapital
1
0
Fork 0
mirror of https://github.com/bigcapitalhq/bigcapital.git synced 2026-02-15 20:30:33 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix(server): prevent deleting last user in the tenant

Browse Source
This commit is contained in:
a.bouhuolia
2023-04-14 03:41:11 +02:00
parent cc863f774a
commit 8de3717587
7 changed files with 55 additions and 38 deletions
Download Patch File Download Diff File Expand all files Collapse all files

32
packages/server/src/services/Users/UsersService.ts
View File

@@ -14,12 +14,11 @@ import RolesService from '@/services/Roles/RolesService';
import HasTenancyService from '@/services/Tenancy/TenancyService';
import { ERRORS } from './constants';
import { EventPublisher } from '@/lib/EventPublisher/EventPublisher';
import { TransformerInjectable } from '@/lib/Transformer/TransformerInjectable';
import { UserTransformer } from './UserTransformer';
@Service()
export default class UsersService {
@Inject('repositories')
private repositories: any;
@Inject()
private rolesService: RolesService;
@@ -29,6 +28,9 @@ export default class UsersService {
@Inject()
private eventPublisher: EventPublisher;
@Inject()
private transformer: TransformerInjectable;
/**
* Creates a new user.
* @param {number} tenantId - Tenant id.
@@ -91,9 +93,10 @@ export default class UsersService {
// Retrieve user details or throw not found service error.
const tenantUser = await this.getTenantUserOrThrowError(tenantId, userId);
// Validate the delete user should not be the last user.
await this.validateNotLastUserDelete(tenantId);
// Validate the delete user should not be the last active user.
if (tenantUser.isInviteAccepted) {
await this.validateNotLastUserDelete(tenantId);
}
// Delete user from the storage.
await User.query().findById(userId).delete();
@@ -183,7 +186,7 @@ export default class UsersService {
const users = await User.query().withGraphFetched('role');
return users;
return this.transformer.transform(tenantId, users, new UserTransformer());
}
/**
@@ -223,11 +226,13 @@ export default class UsersService {
* @param {number} tenantId
*/
private async validateNotLastUserDelete(tenantId: number) {
const { systemUserRepository } = this.repositories;
const { User } = this.tenancy.models(tenantId);
const usersFound = await systemUserRepository.find({ tenantId });
const inviteAcceptedUsers = await User.query()
.select(['id'])
.whereNotNull('invite_accepted_at');
if (usersFound.length === 1) {
if (inviteAcceptedUsers.length === 1) {
throw new ServiceError(ERRORS.CANNOT_DELETE_LAST_USER);
}
}
@@ -291,9 +296,9 @@ export default class UsersService {
/**
* Validate the authorized user cannot mutate its role.
* @param {ITenantUser} oldTenantUser
* @param {IEditUserDTO} editUserDTO
* @param {ISystemUser} authorizedUser
* @param {ITenantUser} oldTenantUser
* @param {IEditUserDTO} editUserDTO
* @param {ISystemUser} authorizedUser
*/
validateMutateRoleNotAuthorizedUser(
oldTenantUser: ITenantUser,
@@ -307,5 +312,4 @@ export default class UsersService {
throw new ServiceError(ERRORS.CANNOT_AUTHORIZED_USER_MUTATE_ROLE);
}
}
}