search

boxyhq / saas-starter-kit

🔥 Enterprise SaaS Starter Kit - Kickstart your enterprise app development with the Next.js SaaS boilerplate 🚀
https://boxyhq.com/blog/enterprise-ready-saas-starter-kit
Apache License 2.0
3.21k stars 722 forks source link

Prevent Admins from Deleting Team Owners to Ensure At Least One Owner Exists #1200

Closed Musyonchez closed 4 months ago

Musyonchez commented 5 months ago

Currently, in your application, an admin has the ability to delete a team owner. This could potentially leave a team without any owner, which is a problematic scenario as it could lead to management and access issues as the application grows.

I propose that you modify the permissions such that only a team owner can delete another team owner. This change would ensure that there is always at least one owner in a team at any given time, preventing teams from being left ownerless.

This issue affects the Members component in the members.tsx file, where the deletion functionality is implemented. The change would likely involve updating the logic in this component to check the role of the current user and the role of the user to be deleted before allowing the operation.

By implementing this change, we can prevent potential management issues and improve the robustness of our team handling.

deepakprabhakara commented 4 months ago

Fixed in https://github.com/boxyhq/saas-starter-kit/pull/1240, thanks @Musyonchez