Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Don't allow self-downgrade if no other admins on team #1

Open
wants to merge 2 commits into
base: main
Choose a base branch
from
Open

Don't allow self-downgrade if no other admins on team #1

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
a73b5b1
Don't allow self-downgrade if no other admins on team
eeappno Dec 15, 2024
97d68c9
Fix: N+1 problem on Team Profile (members and invites)
eeappno Dec 15, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 3 additions & 1 deletion app/Http/Controllers/TeamController.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,7 @@
use App\Http\Requests\TeamUpdateRequest;
use App\Models\Team;
use Illuminate\Http\Request;
use Spatie\Permission\Models\Role;

class TeamController extends Controller
{
Expand All @@ -20,7 +21,8 @@ public function setCurrent(SetCurrentTeamRequest $request, Team $team)
public function edit(Request $request)
{
return view('team.edit', [
'team' => $request->user()->currentTeam
'team' => $request->user()->currentTeam->load(['members.roles', 'invites.team']),
'roles' => Role::get()
]);
}

Expand Down
6 changes: 6 additions & 0 deletions app/Policies/TeamPolicy.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -64,6 +64,12 @@ public function revokeInvite(User $user, Team $team)

public function changeMemberRole(User $user, Team $team, User $member)
{
if ($user->id === $member->id) {
return $team->members->filter(function ($teamMember) {
return $teamMember->hasRole('team admin');
})->count() >= 2;
}

if ($team->members->doesntContain($member)) {
return false;
}
Expand Down
2 changes: 1 addition & 1 deletion resources/views/components/team-member-item.blade.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -57,7 +57,7 @@
<x-input-label for="role" value="Role" class="sr-only" />

<x-select-input class="w-full" name="role" id="role">
@foreach(Role::get() as $role)
@foreach($roles as $role)
<option value="{{ $role->name }}" @selected($member->hasRole($role))>{{ $role->name }}</option>
@endforeach
</x-select-input>
Expand Down
2 changes: 1 addition & 1 deletion resources/views/team/partials/team-members.blade.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,7 @@
<div class="mt-6">
<ul class="divide-y divide-gray-100">
@foreach($team->members as $member)
<x-team-member-item :team="$team" :member="$member" />
<x-team-member-item :team="$team" :member="$member" :roles="$roles" />
@endforeach
</ul>

Expand Down
36 changes: 36 additions & 0 deletions tests/Feature/Controllers/TeamMemberControllerTest.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -70,6 +70,42 @@
->and($member->roles->count())->toBe(1);
});

it('can not downgrade own role if no other team admin', function () {
$user = User::factory()->create();

setPermissionsTeamId($user->currentTeam->id);

actingAs($user)
->patch(route('team.members.update', [$user->currentTeam, $user]), [
'role' => 'team member',
])
->assertForbidden();

expect($user->fresh()->hasRole('team admin'))
->toBeTrue();
});

it('can downgrade own role if there is another team admin', function () {
$user = User::factory()->create();

$user->currentTeam->members()->attach(
$anotherAdmin = User::factory()->createQuietly()
);

$anotherAdmin->assignRole('team admin');

setPermissionsTeamId($user->currentTeam->id);

actingAs($user)
->patch(route('team.members.update', [$user->currentTeam, $user]), [
'role' => 'team member',
])
->assertRedirect();

expect($user->fresh()->hasRole('team member'))
->toBeTrue();
});

it('only updates role if provided', function () {
$user = User::factory()->create();

Expand Down