rick/rosterchirp-dev
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

v0.10.7 UI rule changes

Browse Source
This commit is contained in:
Ricky Stretch
2026-03-21 11:55:50 -04:00
parent 82a521f12c
commit e0e800012c
9 changed files with 81 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
backend/package.json
View File

@@ -1,6 +1,6 @@
{
"name": "jama-backend",
"version": "0.11.6",
"version": "0.11.7",
"description": "TeamChat backend server",
"main": "src/index.js",
"scripts": {

10
backend/src/routes/groups.js
View File

@@ -255,7 +255,15 @@ router.delete('/:id/members/:userId', authMiddleware, async (req, res) => {
if (group.type !== 'private') return res.status(400).json({ error: 'Cannot remove members from public groups' });
if (group.owner_id !== req.user.id && req.user.role !== 'admin') return res.status(403).json({ error: 'Only owner or admin can remove members' });
const targetId = parseInt(req.params.userId);
if (targetId === group.owner_id) return res.status(400).json({ error: 'Cannot remove the group owner' });
// Admins can remove the owner only if the owner is a deleted user (orphan cleanup)
const targetUser = await queryOne(req.schema, 'SELECT status FROM users WHERE id=$1', [targetId]);
const isDeletedOrphan = targetUser?.status === 'deleted';
if (targetId === group.owner_id && !isDeletedOrphan && req.user.role !== 'admin') {
return res.status(400).json({ error: 'Cannot remove the group owner' });
}
if (targetId === group.owner_id && !isDeletedOrphan) {
return res.status(400).json({ error: 'Cannot remove the group owner' });
}
const removedUser = await queryOne(req.schema, 'SELECT name,display_name FROM users WHERE id=$1', [targetId]);
const removedName = removedUser?.display_name || removedUser?.name || 'Unknown';
await exec(req.schema, 'DELETE FROM group_members WHERE group_id=$1 AND user_id=$2', [group.id, targetId]);

16
backend/src/routes/usergroups.js
View File

@@ -349,5 +349,21 @@ router.put('/:id/restrictions', authMiddleware, teamManagerMiddleware, async (re
} catch (e) { res.status(500).json({ error: e.message }); }
});
// DELETE /api/usergroups/:id/members/:userId — admin force-remove (for deleted/orphaned users)
router.delete('/:id/members/:userId', authMiddleware, adminMiddleware, async (req, res) => {
try {
const ugId = parseInt(req.params.id);
const userId = parseInt(req.params.userId);
const ug = await queryOne(req.schema, 'SELECT id FROM user_groups WHERE id=$1', [ugId]);
if (!ug) return res.status(404).json({ error: 'User group not found' });
await exec(req.schema,
'DELETE FROM user_group_members WHERE user_group_id=$1 AND user_id=$2',
[ugId, userId]
);
res.json({ success: true });
} catch (e) { res.status(500).json({ error: e.message }); }
});
return router;
};