fix(cloud): delete tenant api (#4000)

2025-03-31 22:51:25 -05:00 · 2023-06-08 14:53:26 +08:00 · 2023-06-08 14:53:26 +08:00 · 69bd7ac88b
commit 69bd7ac88b
parent c73a07e7f2
3 changed files with 34 additions and 1 deletions
--- a/packages/cloud/src/routes/tenants.test.ts
+++ b/packages/cloud/src/routes/tenants.test.ts
@ -165,6 +165,26 @@ describe('DELETE /api/tenants/:tenantId', () => {
  const library = new MockTenantsLibrary();
  const router = tenantsRoutes(library);

+  it('should throw 422 when try to delete `admin` tenant', async () => {
+    await expect(
+      router.routes()(
+        buildRequestAuthContext('DELETE /tenants/admin', { body: {} })(),
+        noop,
+        createHttpContext()
+      )
+    ).rejects.toMatchObject({ status: 422 });
+  });
+
+  it('should throw 422 when try to delete `default` tenant', async () => {
+    await expect(
+      router.routes()(
+        buildRequestAuthContext('DELETE /tenants/default', { body: {} })(),
+        noop,
+        createHttpContext()
+      )
+    ).rejects.toMatchObject({ status: 422 });
+  });
+
  it('should throw 403 when lack of permission', async () => {
    await expect(
      router.routes()(
--- a/packages/cloud/src/routes/tenants.ts
+++ b/packages/cloud/src/routes/tenants.ts
@ -1,4 +1,10 @@
-import { CloudScope, tenantInfoGuard, createTenantGuard } from '@logto/schemas';
+import {
+  CloudScope,
+  tenantInfoGuard,
+  createTenantGuard,
+  adminTenantId,
+  defaultTenantId,
+} from '@logto/schemas';
 import { assert } from '@silverhand/essentials';
 import { createRouter, RequestError } from '@withtyped/server';

@ -75,6 +81,10 @@ export const tenantsRoutes = (library: TenantsLibrary) =>
      }
    )
    .delete('/:tenantId', {}, async (context, next) => {
+      if ([adminTenantId, defaultTenantId].includes(context.guarded.params.tenantId)) {
+        throw new RequestError(`Should not delete built-in tenants.`, 422);
+      }
+
      /** Users w/o either `ManageTenant` or `ManageTenantSelf` scope does not have permission. */
      if (
        ![CloudScope.ManageTenant, CloudScope.ManageTenantSelf].some((scope) =>
--- a/packages/integration-tests/src/tests/api-cloud/tenant.test.ts
+++ b/packages/integration-tests/src/tests/api-cloud/tenant.test.ts
@ -14,6 +14,7 @@ import {
  TenantTag,
  type TenantInfo,
  type CreateTenant,
+  defaultTenantId,
 } from '@logto/schemas';
 import { GlobalValues } from '@logto/shared';
 import { appendPath } from '@silverhand/essentials';
@ -55,6 +56,8 @@ describe('Tenant APIs', () => {
    expect(tenants.length).toBeGreaterThan(2);
    expect(tenants.find((tenant) => tenant.id === tenant1.id)).toStrictEqual(tenant1);
    expect(tenants.find((tenant) => tenant.id === tenant2Updated.id)).toStrictEqual(tenant2Updated);
+    await expect(deleteTenant(accessToken, adminTenantId)).rejects.toThrow();
+    await expect(deleteTenant(accessToken, defaultTenantId)).rejects.toThrow();
  });

  it('should be able to create multiple tenants for `user` role', async () => {