From 595b38dd21d6c888924c3bde0ce43b7eda8f2704 Mon Sep 17 00:00:00 2001 From: gbuomprisco Date: Mon, 7 Oct 2024 16:57:01 +0200 Subject: [PATCH] Adjust query to select the correct owner of the Team deleting the account --- apps/web/app/(marketing)/page.tsx | 1 + .../delete-team-account-server-actions.ts | 22 ++++++++----------- 2 files changed, 10 insertions(+), 13 deletions(-) diff --git a/apps/web/app/(marketing)/page.tsx b/apps/web/app/(marketing)/page.tsx index 50665141b..889bcb238 100644 --- a/apps/web/app/(marketing)/page.tsx +++ b/apps/web/app/(marketing)/page.tsx @@ -175,6 +175,7 @@ function Home() { ); } + export default withI18n(Home); function MainCallToActionButton() { diff --git a/packages/features/team-accounts/src/server/actions/delete-team-account-server-actions.ts b/packages/features/team-accounts/src/server/actions/delete-team-account-server-actions.ts index 5f88aa5af..6165d4458 100644 --- a/packages/features/team-accounts/src/server/actions/delete-team-account-server-actions.ts +++ b/packages/features/team-accounts/src/server/actions/delete-team-account-server-actions.ts @@ -2,10 +2,7 @@ import { redirect } from 'next/navigation'; -import { SupabaseClient } from '@supabase/supabase-js'; - import { enhanceAction } from '@kit/next/actions'; -import { Database } from '@kit/supabase/database'; import { getSupabaseServerAdminClient } from '@kit/supabase/server-admin-client'; import { getSupabaseServerClient } from '@kit/supabase/server-client'; @@ -18,12 +15,11 @@ export const deleteTeamAccountAction = enhanceAction( Object.fromEntries(formData.entries()), ); - const client = getSupabaseServerClient(); const userId = user.id; const accountId = params.accountId; // Check if the user has the necessary permissions to delete the team account - await assertUserPermissionsToDeleteTeamAccount(client, { + await assertUserPermissionsToDeleteTeamAccount({ accountId, userId, }); @@ -45,19 +41,19 @@ export const deleteTeamAccountAction = enhanceAction( {}, ); -async function assertUserPermissionsToDeleteTeamAccount( - client: SupabaseClient, - params: { - accountId: string; - userId: string; - }, -) { +async function assertUserPermissionsToDeleteTeamAccount(params: { + accountId: string; + userId: string; +}) { + const client = getSupabaseServerClient(); + const { data, error } = await client .from('accounts') .select('id') .eq('primary_owner_user_id', params.userId) .eq('is_personal_account', false) - .eq('id', params.accountId); + .eq('id', params.accountId) + .single(); if (error ?? !data) { throw new Error('Account not found');