Bug: Add check before delete org (#38056)

* Add check before delete org * Fix comment * Simpify check if signed in user belongs to the org * Add check on login if user has and existing org change error code to 400, when org can not be deleted * Roll back last commit, regarding an different issue
2024-12-28 18:01:40 -06:00 · 2021-08-23 08:58:35 +02:00 · 2021-08-23 08:58:35 +02:00 · b9a538aff0
commit b9a538aff0
parent 8c4c05493b
1 changed files with 7 additions and 1 deletions
--- a/pkg/api/org.go
+++ b/pkg/api/org.go
@ -152,7 +152,13 @@ func updateOrgAddressHelper(form dtos.UpdateOrgAddressForm, orgID int64) respons

 // GET /api/orgs/:orgId
 func DeleteOrgByID(c *models.ReqContext) response.Response {
-	if err := bus.Dispatch(&models.DeleteOrgCommand{Id: c.ParamsInt64(":orgId")}); err != nil {
+	orgID := c.ParamsInt64(":orgId")
+	// before deleting an org, check if user does not belong to the current org
+	if c.OrgId == orgID {
+		return response.Error(400, "Can not delete org for current user", nil)
+	}
+
+	if err := bus.Dispatch(&models.DeleteOrgCommand{Id: orgID}); err != nil {
 		if errors.Is(err, models.ErrOrgNotFound) {
 			return response.Error(404, "Failed to delete organization. ID not found", nil)
 		}