fix(team): improve team retrieval and session handling for users

2026-04-17 17:21:04 +00:00 · 2025-12-28 14:50:59 +01:00
parent ddd78658e8
commit 8d212bc110
4 changed files with 22 additions and 5 deletions
--- a/app/Http/Controllers/Api/TeamController.php
+++ b/app/Http/Controllers/Api/TeamController.php
@@ -218,7 +218,10 @@ class TeamController extends Controller
        if (is_null($teamId)) {
            return invalidTokenResponse();
        }
-        $team = auth()->user()->currentTeam();
+        $team = auth()->user()->teams->where('id', $teamId)->first();
        if (is_null($team)) {
            return response()->json(['message' => 'Team not found.'], 404);
        }
        return response()->json(
            $this->removeSensitiveData($team),
@@ -263,7 +266,10 @@ class TeamController extends Controller
        if (is_null($teamId)) {
            return invalidTokenResponse();
        }
-        $team = auth()->user()->currentTeam();
+        $team = auth()->user()->teams->where('id', $teamId)->first();
        if (is_null($team)) {
            return response()->json(['message' => 'Team not found.'], 404);
        }
        $team->members->makeHidden([
            'pivot',
            'email_change_code',
--- a/app/Http/Middleware/DecideWhatToDoWithUser.php
+++ b/app/Http/Middleware/DecideWhatToDoWithUser.php
@@ -18,6 +18,9 @@ class DecideWhatToDoWithUser
        }
        if (auth()?->user()?->currentTeam()) {
            refreshSession(auth()->user()->currentTeam());
        } elseif (auth()?->user()?->teams?->count() > 0) {
            // User's session team is invalid (e.g., removed from team), switch to first available team
            refreshSession(auth()->user()->teams->first());
        }
        if (! auth()->user() || ! isCloud()) {
            if (! isCloud() && showBoarding() && ! in_array($request->path(), allowedPathsForBoardingAccounts())) {
--- a/app/Livewire/Team/Member.php
+++ b/app/Livewire/Team/Member.php
@@ -71,11 +71,11 @@ class Member extends Component
                || Role::from($this->getMemberRole())->gt(auth()->user()->role())) {
                throw new \Exception('You are not authorized to perform this action.');
            }
            $teamId = currentTeam()->id;
            $this->member->teams()->detach(currentTeam());
            // Clear cache for the removed user - both old and new key formats
            Cache::forget("team:{$this->member->id}");
-            Cache::remember('team:'.$this->member->id, 3600, function () {
+            Cache::forget("user:{$this->member->id}:team:{$teamId}");
                return $this->member->teams()->first();
            });
            $this->dispatch('reloadWindow');
        } catch (\Exception $e) {
            $this->dispatch('error', $e->getMessage());
--- a/app/Models/User.php
+++ b/app/Models/User.php
@@ -319,6 +319,14 @@ class User extends Authenticatable implements SendsEmail
            return null;
        }
        // Check if user actually belongs to this team
        if (! $this->teams->contains('id', $sessionTeamId)) {
            session()->forget('currentTeam');
            Cache::forget('user:'.$this->id.':team:'.$sessionTeamId);
            return null;
        }
        return Cache::remember('user:'.$this->id.':team:'.$sessionTeamId, 3600, function () use ($sessionTeamId) {
            return Team::find($sessionTeamId);
        });