fix(team): do not allow leaving exernal teams

This commit is contained in:
kolaente 2025-03-20 17:13:51 +01:00
parent b010e3851c
commit e287364b78
No known key found for this signature in database
GPG Key ID: F40E70337AB24C9B
5 changed files with 33 additions and 3 deletions

View File

@ -9,7 +9,7 @@ export interface ITeam extends IAbstract {
description: string
members: ITeamMember[]
right: Right
oidcId: string
externalId: string
isPublic: boolean
createdBy: IUser

View File

@ -13,7 +13,7 @@ export default class TeamModel extends AbstractModel<ITeam> implements ITeam {
description = ''
members: ITeamMember[] = []
right: Right = RIGHTS.READ
oidcId = ''
externalId = ''
isPublic: boolean = false
createdBy: IUser = {} // FIXME: seems wrong

View File

@ -194,7 +194,7 @@
</Card>
<x-button
v-if="team && !team.oidcId"
v-if="team && !team.externalId"
class="is-fullwidth is-danger"
@click="showLeaveModal = true"
>

View File

@ -1366,6 +1366,26 @@ func (err ErrOIDCTeamsDoNotExistForUser) HTTPError() web.HTTPError {
}
}
// ErrCannotRemoveUserFromExternalTeam represents an error where an oidcTeam does not exist for the user
type ErrCannotRemoveUserFromExternalTeam struct {
TeamID int64
}
func (err ErrCannotRemoveUserFromExternalTeam) Error() string {
return fmt.Sprintf("Users cannot be removed from an external team [Team ID: %d]", err.TeamID)
}
const ErrCodeCannotLeaveExternalTeam = 6010
// HTTPError holds the http error description
func (err ErrCannotRemoveUserFromExternalTeam) HTTPError() web.HTTPError {
return web.HTTPError{
HTTPCode: http.StatusPreconditionFailed,
Code: ErrCodeCannotLeaveExternalTeam,
Message: "Users cannot be removed from an external team.",
}
}
// ====================
// User <-> Project errors
// ====================

View File

@ -20,6 +20,7 @@ import (
"code.vikunja.io/api/pkg/events"
user2 "code.vikunja.io/api/pkg/user"
"code.vikunja.io/api/pkg/web"
"xorm.io/xorm"
)
@ -89,6 +90,15 @@ func (tm *TeamMember) Create(s *xorm.Session, a web.Auth) (err error) {
// @Router /teams/{id}/members/{username} [delete]
func (tm *TeamMember) Delete(s *xorm.Session, _ web.Auth) (err error) {
t, err := GetTeamByID(s, tm.TeamID)
if err != nil {
return err
}
if t.ExternalID != "" {
return ErrCannotRemoveUserFromExternalTeam{tm.TeamID}
}
total, err := s.Where("team_id = ?", tm.TeamID).Count(&TeamMember{})
if err != nil {
return