jjkiers/cloudron-box
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

Remove any deleted group and user from operators and accessRestriction

Browse Source 
part of #857
This commit is contained in:
Girish Ramakrishnan
2025-10-20 16:37:14 +02:00
parent 2d5e0a51bd
commit 02fd52e366
2 changed files with 19 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
src/groups.js
View File

@@ -90,13 +90,18 @@ async function del(group, auditSource) {
assert.strictEqual(typeof group, 'object');
assert(auditSource && typeof auditSource === 'object');
const arSearch = `JSON_SEARCH(accessRestrictionJson, 'one', ?, NULL, '$.groups')`;
const opSearch = `JSON_SEARCH(operatorsJson, 'one', ?, NULL, '$.groups')`;
const queries = [
{ query: `UPDATE apps SET accessRestrictionJson=JSON_REMOVE(accessRestrictionJson, REPLACE(${arSearch}, '"', '')) WHERE ${arSearch} IS NOT NULL`, args: [ group.id, group.id ] },
{ query: `UPDATE apps SET operatorsJson=JSON_REMOVE(operatorsJson, REPLACE(${opSearch}, '"', '')) WHERE ${opSearch} IS NOT NULL`, args: [ group.id, group.id ] },
{ query: 'DELETE FROM groupMembers WHERE groupId = ?', args: [ group.id ] },
{ query: 'DELETE FROM userGroups WHERE id = ?', args: [ group.id ] }
{ query: 'DELETE FROM userGroups WHERE id = ?', args: [ group.id ] }, // keep this the last query as we check affectedRows below
];
const result = await database.transaction(queries);
if (result[1].affectedRows !== 1) throw new BoxError(BoxError.NOT_FOUND, 'Group not found');
if (result[queries.length-1].affectedRows !== 1) throw new BoxError(BoxError.NOT_FOUND, 'Group not found');
await eventlog.add(eventlog.ACTION_GROUP_REMOVE, auditSource, { group });
}