tiennm99/coolify
1
0
Fork 0
mirror of https://github.com/tiennm99/coolify.git synced 2026-06-26 09:05:24 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix(api): validate token team context

Browse Source
This commit is contained in:
Andras Bacsai
2026-06-01 15:17:55 +02:00
parent 4d0be415c8
commit a511bd9b67
14 changed files with 277 additions and 23 deletions
Download Patch File Download Diff File Expand all files Collapse all files
app/Models/User.php
+4
View File
@@ -2,6 +2,7 @@
namespace App\Models;
use App\Actions\User\RevokeUserTeamTokens;
use App\Jobs\UpdateStripeCustomerEmailJob;
use App\Notifications\Channels\SendsEmail;
use App\Notifications\TransactionalEmails\EmailChangeVerification;
@@ -121,6 +122,8 @@ class User extends Authenticatable implements SendsEmail
static::deleting(function (User $user) {
\DB::transaction(function () use ($user) {
RevokeUserTeamTokens::forUser($user);
$teams = $user->teams;
foreach ($teams as $team) {
$user_alone_in_team = $team->members->count() === 1;
@@ -158,6 +161,7 @@ class User extends Authenticatable implements SendsEmail
if ($found_other_member_who_is_not_owner) {
$found_other_member_who_is_not_owner->pivot->role = 'owner';
$found_other_member_who_is_not_owner->pivot->save();
RevokeUserTeamTokens::forUserTeam($found_other_member_who_is_not_owner, $team->id);
$team->members()->detach($user->id);
} else {
static::finalizeTeamDeletion($user, $team);