Improve owner transfer process and member sorting

Extended the account ownership transfer tests and implemented several updates. This includes transferring the ownership only to an existing account member, sorting team members based on role hierarchy and whether a member is the primary owner. In the permissions check, prevented non-members from creating invitations and enhanced the styling of role badges depending on if they are custom or not.
2024-04-20 20:33:19 +08:00
parent 4195697b54
commit a55655a61a
8 changed files with 172 additions and 32 deletions
--- a/apps/web/supabase/tests/database/invitations.test.sql
+++ b/apps/web/supabase/tests/database/invitations.test.sql
@@ -58,6 +58,23 @@ select lives_ok(
    'custom role should be able to create invitations'
 );

+-- Foreigners should not be able to create invitations
+
+select tests.create_supabase_user('user');
+
+select tests.authenticate_as('user');
+
+-- it will fail because the user is not a member of the account
+select throws_ok(
+    $$ insert into public.invitations (email, invited_by, account_id, role, invite_token) values ('invite4@makerkit.dev', auth.uid(), makerkit.get_account_id_by_slug('makerkit'), 'member', gen_random_uuid()) $$,
+    'new row violates row-level security policy for table "invitations"'
+);
+
+select is_empty($$
+    select * from public.invitations where account_id = makerkit.get_account_id_by_slug('makerkit') $$,
+    'no invitations should be listed'
+);
+
 select * from finish();

 rollback;