rick/rosterchirp-dev
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

v0.10.7 UI rule changes

Browse Source
This commit is contained in:
Ricky Stretch
2026-03-21 11:55:50 -04:00
parent 82a521f12c
commit e0e800012c
9 changed files with 81 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
backend/src/routes/groups.js
View File

@@ -255,7 +255,15 @@ router.delete('/:id/members/:userId', authMiddleware, async (req, res) => {
if (group.type !== 'private') return res.status(400).json({ error: 'Cannot remove members from public groups' });
if (group.owner_id !== req.user.id && req.user.role !== 'admin') return res.status(403).json({ error: 'Only owner or admin can remove members' });
const targetId = parseInt(req.params.userId);
if (targetId === group.owner_id) return res.status(400).json({ error: 'Cannot remove the group owner' });
// Admins can remove the owner only if the owner is a deleted user (orphan cleanup)
const targetUser = await queryOne(req.schema, 'SELECT status FROM users WHERE id=$1', [targetId]);
const isDeletedOrphan = targetUser?.status === 'deleted';
if (targetId === group.owner_id && !isDeletedOrphan && req.user.role !== 'admin') {
return res.status(400).json({ error: 'Cannot remove the group owner' });
}
if (targetId === group.owner_id && !isDeletedOrphan) {
return res.status(400).json({ error: 'Cannot remove the group owner' });
}
const removedUser = await queryOne(req.schema, 'SELECT name,display_name FROM users WHERE id=$1', [targetId]);
const removedName = removedUser?.display_name || removedUser?.name || 'Unknown';
await exec(req.schema, 'DELETE FROM group_members WHERE group_id=$1 AND user_id=$2', [group.id, targetId]);