mirror/formbricks-formbricks
1
0
Fork 0
mirror of https://github.com/formbricks/formbricks.git synced 2026-01-05 21:32:02 -06:00
Code Issues Packages Projects Releases 100 Wiki Activity

refactor: used isOwner in delete team

Browse Source
This commit is contained in:
Piyush Gupta
2023-08-06 15:30:54 +05:30
committed by Johannes
parent a2f6677b54
commit 4a09253234
1 changed files with 4 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
apps/web/pages/api/v1/environments/[environmentId]/team/index.ts
View File

@@ -1,4 +1,4 @@
import { getSessionUser, hasEnvironmentAccess } from "@/lib/api/apiHelper";
import { getSessionUser, hasEnvironmentAccess, hasTeamAccess, isOwner } from "@/lib/api/apiHelper";
import { prisma } from "@formbricks/database";
import type { NextApiRequest, NextApiResponse } from "next";
@@ -70,6 +70,7 @@ export default async function handle(req: NextApiRequest, res: NextApiResponse)
if (environment === null) {
return res.status(404).json({ message: "This environment doesn't exist" });
}
const team = await prisma.team.findUnique({
where: {
id: environment.product.teamId,
@@ -81,21 +82,12 @@ export default async function handle(req: NextApiRequest, res: NextApiResponse)
plan: true,
},
});
if (team === null) {
return res.status(404).json({ message: "This team doesn't exist" });
}
const membership = await prisma.membership.findUnique({
where: {
userId_teamId: {
userId: currentUser.id,
teamId: team.id,
},
},
});
if (membership?.role !== "owner") {
const hasOwnership = isOwner(currentUser, team.id);
if (!hasOwnership) {
return res.status(403).json({ message: "You are not allowed to delete this team" });
}