fix: don't allow deleting used invites on server

un · Aug 28, 2024 · 89c4c3e · 89c4c3e
1 parent 6fea582
commit 89c4c3e
Show file tree

Hide file tree

Showing 2 changed files with 42 additions and 47 deletions.
diff --git a/apps/platform/trpc/routers/orgRouter/users/invitesRouter.ts b/apps/platform/trpc/routers/orgRouter/users/invitesRouter.ts
@@ -326,81 +326,81 @@ export const invitesRouter = router({
       })
     )
     .mutation(async ({ ctx, input }) => {
-      const { db, org } = ctx;
+      const { db } = ctx;
       const { orgMemberPublicId } = input;
 
-      return db.transaction(async (db) => {
-        //find that org member
-        const orgMember = await db.query.orgMembers.findFirst({
-          where: eq(orgMembers.publicId, orgMemberPublicId),
-          columns: {
-            id: true,
-            orgMemberProfileId: true,
-            personalSpaceId: true
-          }
+      const orgMember = await db.query.orgMembers.findFirst({
+        where: eq(orgMembers.publicId, orgMemberPublicId),
+        columns: {
+          id: true,
+          orgMemberProfileId: true,
+          personalSpaceId: true
+        }
+      });
+
+      if (!orgMember) {
+        throw new TRPCError({
+          code: 'NOT_FOUND',
+          message: 'Org Member not found'
         });
+      }
 
-        if (!orgMember) {
-          throw new TRPCError({
-            code: 'NOT_FOUND',
-            message: 'Org Member not found'
-          });
+      const orgInvitesResponse = await db.query.orgInvitations.findFirst({
+        where: eq(orgInvitations.orgMemberId, orgMember.id),
+        columns: {
+          id: true,
+          acceptedAt: true
         }
+      });
 
-        const {
-          id: orgMemberId,
-          orgMemberProfileId,
-          personalSpaceId
-        } = orgMember;
+      if (!orgInvitesResponse) {
+        throw new TRPCError({
+          code: 'NOT_FOUND',
+          message: 'Invitation not found'
+        });
+      }
+
+      if (orgInvitesResponse.acceptedAt) {
+        throw new TRPCError({
+          code: 'FORBIDDEN',
+          message: 'Used invitation cannot be deleted'
+        });
+      }
+
+      const {
+        id: orgMemberId,
+        orgMemberProfileId,
+        personalSpaceId
+      } = orgMember;
 
-        //delte the email identity
+      await db.transaction(async (db) => {
         if (input.emailIdentitiesPublicId) {
           await db
             .delete(emailIdentities)
             .where(eq(emailIdentities.publicId, input.emailIdentitiesPublicId));
         }
 
-        //delete personal space
         if (personalSpaceId) {
           await db
             .delete(spaceMembers)
             .where(eq(spaceMembers.spaceId, personalSpaceId));
           await db.delete(spaces).where(eq(spaces.id, personalSpaceId));
         }
 
-        // dlete the organization member profile
         await db
           .delete(orgMemberProfiles)
           .where(eq(orgMemberProfiles.id, orgMemberProfileId));
 
-        // delete the organization member record
         await db.delete(orgMembers).where(eq(orgMembers.id, orgMemberId));
 
-        const orgInvitesResponse = await db.query.orgInvitations.findFirst({
-          where: eq(orgInvitations.orgMemberId, orgMemberId),
-          columns: {
-            id: true
-          }
-        });
-
-        if (!orgInvitesResponse) {
-          throw new TRPCError({
-            code: 'NOT_FOUND',
-            message: 'Invitation not found'
-          });
-        }
-
-        //dlete the invitation for the org member
         if (orgInvitesResponse) {
           await db
             .delete(orgInvitations)
             .where(eq(orgInvitations.id, orgInvitesResponse.id));
         }
 
         return {
-          success: true,
-          message:
-            'Organization invitation and all related records successfully deleted.'
+          success: true
         };
       });
     }),

diff --git a/apps/web/src/app/[orgShortcode]/settings/org/users/invites/_components/columns.tsx b/apps/web/src/app/[orgShortcode]/settings/org/users/invites/_components/columns.tsx
@@ -5,7 +5,6 @@ import { Button } from '@/src/components/shadcn-ui/button';
 import { CopyButton } from '@/src/components/copy-button';
 import { Badge } from '@/src/components/shadcn-ui/badge';
 import { useOrgShortcode } from '@/src/hooks/use-params';
-import React, { useCallback, useEffect } from 'react';
 import type { RouterOutputs } from '@/src/lib/trpc';
 import { Avatar } from '@/src/components/avatar';
 import { Trash } from '@phosphor-icons/react';
@@ -154,10 +153,6 @@ const DeleteInviteCell: React.FC<{ row: Member }> = ({ row }) => {
       onSuccess: () => {
         toast.success('Invitation deleted');
         void utils.org.users.invites.viewInvites.refetch();
-      },
-      onError: (error) => {
-        toast.error('Something went wrong. Please try again later.');
-        console.error(error);
       }
     });