mirror of
https://github.com/documenso/documenso.git
synced 2025-11-14 08:42:12 +10:00
95 lines
2.5 KiB
TypeScript
95 lines
2.5 KiB
TypeScript
import type { TeamMemberRole } from '@prisma/client';
|
|
|
|
import { TEAM_MEMBER_ROLE_PERMISSIONS_MAP } from '@documenso/lib/constants/teams';
|
|
import { AppError, AppErrorCode } from '@documenso/lib/errors/app-error';
|
|
import { isTeamRoleWithinUserHierarchy } from '@documenso/lib/utils/teams';
|
|
import { prisma } from '@documenso/prisma';
|
|
|
|
export type UpdateTeamMemberOptions = {
|
|
userId: number;
|
|
teamId: number;
|
|
teamMemberId: number;
|
|
data: {
|
|
role: TeamMemberRole;
|
|
};
|
|
};
|
|
|
|
export const updateTeamMember = async ({
|
|
userId,
|
|
teamId,
|
|
teamMemberId,
|
|
data,
|
|
}: UpdateTeamMemberOptions): Promise<void> => {
|
|
await prisma.$transaction(async (tx) => {
|
|
// Find the team and validate that the user is allowed to update members.
|
|
const team = await tx.team.findFirstOrThrow({
|
|
where: {
|
|
id: teamId,
|
|
members: {
|
|
some: {
|
|
userId,
|
|
role: {
|
|
in: TEAM_MEMBER_ROLE_PERMISSIONS_MAP['MANAGE_TEAM'],
|
|
},
|
|
},
|
|
},
|
|
},
|
|
include: {
|
|
members: {
|
|
select: {
|
|
id: true,
|
|
userId: true,
|
|
role: true,
|
|
},
|
|
},
|
|
},
|
|
});
|
|
|
|
const currentTeamMember = team.members.find((member) => member.userId === userId);
|
|
const teamMemberToUpdate = team.members.find((member) => member.id === teamMemberId);
|
|
|
|
if (!teamMemberToUpdate || !currentTeamMember) {
|
|
throw new AppError(AppErrorCode.NOT_FOUND, { message: 'Team member does not exist' });
|
|
}
|
|
|
|
if (teamMemberToUpdate.userId === team.ownerUserId) {
|
|
throw new AppError(AppErrorCode.UNAUTHORIZED, { message: 'Cannot update the owner' });
|
|
}
|
|
|
|
const isMemberToUpdateHigherRole = !isTeamRoleWithinUserHierarchy(
|
|
currentTeamMember.role,
|
|
teamMemberToUpdate.role,
|
|
);
|
|
|
|
if (isMemberToUpdateHigherRole) {
|
|
throw new AppError(AppErrorCode.UNAUTHORIZED, {
|
|
message: 'Cannot update a member with a higher role',
|
|
});
|
|
}
|
|
|
|
const isNewMemberRoleHigherThanCurrentRole = !isTeamRoleWithinUserHierarchy(
|
|
currentTeamMember.role,
|
|
data.role,
|
|
);
|
|
|
|
if (isNewMemberRoleHigherThanCurrentRole) {
|
|
throw new AppError(AppErrorCode.UNAUTHORIZED, {
|
|
message: 'Cannot give a member a role higher than the user initating the update',
|
|
});
|
|
}
|
|
|
|
return await tx.teamMember.update({
|
|
where: {
|
|
id: teamMemberId,
|
|
teamId,
|
|
userId: {
|
|
not: team.ownerUserId,
|
|
},
|
|
},
|
|
data: {
|
|
role: data.role,
|
|
},
|
|
});
|
|
});
|
|
};
|