feat(workspace-resolver): prevent deletion of demo workspaces (#2207) (#3068)

* feat(workspace-resolver): prevent deletion of demo workspaces (#2207) * ForbiddenException instead of Error * Optimize user and workspace deletion checks and clarify exception messages (#2207) - ForbiddenException messages for attempts to delete users and workspaces associated with demo accounts
2023-12-20 20:52:44 +07:00
parent d70cb23f30
commit 351dc6488c
2 changed files with 25 additions and 3 deletions
--- a/packages/twenty-server/src/core/user/user.resolver.ts
+++ b/packages/twenty-server/src/core/user/user.resolver.ts
@ -6,7 +6,7 @@ import {
  ResolveField,
  Mutation,
 } from '@nestjs/graphql';
-import { UseGuards } from '@nestjs/common';
+import { ForbiddenException, UseGuards } from '@nestjs/common';

 import crypto from 'crypto';

@ -98,7 +98,20 @@ export class UserResolver {
  }

  @Mutation(() => User)
-  async deleteUser(@AuthUser() { id: userId }: User) {
+  async deleteUser(@AuthUser() { id: userId, defaultWorkspace }: User) {
+    // Get the list of demo workspace IDs
+    const demoWorkspaceIds = this.environmentService.getDemoWorkspaceIds();
+
+    const currentUserWorkspaceId = defaultWorkspace.id;
+
+    // Check if the user's default workspace ID is in the list of demo workspace IDs
+    if (demoWorkspaceIds.includes(currentUserWorkspaceId)) {
+      throw new ForbiddenException(
+        'Deletion of users with a default demo workspace is not allowed.',
+      );
+    }
+
+    // Proceed with user deletion
    return this.userService.deleteUser(userId);
  }
 }