fix: add check to confirm user being removed is the org admin

raystack · Sep 7, 2023 · a74896d · a74896d
1 parent 92c5e60
commit a74896d
Show file tree

Hide file tree

Showing 2 changed files with 3 additions and 3 deletions.
diff --git a/internal/api/v1beta1/group.go b/internal/api/v1beta1/group.go
@@ -340,12 +340,12 @@ func (h Handler) RemoveGroupUser(ctx context.Context, request *frontierv1beta1.R
 		}
 	}
 
-	owners, err := h.userService.ListByGroup(ctx, request.GetId(), schema.OwnerRelationName)
+	owners, err := h.userService.ListByGroup(ctx, request.GetId(), schema.DeletePermission)
 	if err != nil {
 		logger.Error(err.Error())
 		return nil, grpcInternalServerError
 	}
-	if len(owners) == 1 {
+	if len(owners) == 1 && owners[0].ID == request.GetUserId() {
 		return nil, grpcMinOwnerCounrErr
 	}
 

diff --git a/internal/api/v1beta1/org.go b/internal/api/v1beta1/org.go
@@ -408,7 +408,7 @@ func (h Handler) RemoveOrganizationUser(ctx context.Context, request *frontierv1
 		logger.Error(err.Error())
 		return nil, grpcInternalServerError
 	}
-	if len(admins) == 1 {
+	if len(admins) == 1 && admins[0].ID == request.GetUserId() {
 		return nil, grpcMinAdminCountErr
 	}