refactor(schemas): use user membership as foreign key for user org roles (#4885)

2025-03-24 22:41:28 -05:00 · 2023-11-16 11:19:44 +08:00 · 2023-11-16 11:19:44 +08:00 · bfda1d2c95
commit bfda1d2c95
parent fe18e43322
3 changed files with 62 additions and 6 deletions
--- a/packages/integration-tests/src/tests/api/organization-user.test.ts
+++ b/packages/integration-tests/src/tests/api/organization-user.test.ts
@ -227,5 +227,24 @@ describe('organization user APIs', () => {
      expect(user2Roles).toContainEqual(expect.objectContaining({ id: role1.id }));
      expect(user2Roles).toContainEqual(expect.objectContaining({ id: role2.id }));
    });
+
+    it('should automatically remove all roles when remove a user from an organization', async () => {
+      const organization = await organizationApi.create({ name: 'test' });
+      const user = await userApi.create({ username: generateTestName() });
+      const [role1, role2] = await Promise.all([
+        roleApi.create({ name: generateTestName() }),
+        roleApi.create({ name: generateTestName() }),
+      ]);
+
+      await organizationApi.addUsers(organization.id, [user.id]);
+      await organizationApi.addUserRoles(organization.id, user.id, [role1.id, role2.id]);
+      expect(await organizationApi.getUserRoles(organization.id, user.id)).toHaveLength(2);
+
+      await organizationApi.deleteUser(organization.id, user.id);
+      const response = await organizationApi
+        .getUserRoles(organization.id, user.id)
+        .catch((error: unknown) => error);
+      expect(response instanceof HTTPError && response.response.statusCode).toBe(422); // Require membership
+    });
  });
 });
--- a/packages/schemas/alterations/next-1700031616-update-org-role-foreign-keys.ts
+++ b/packages/schemas/alterations/next-1700031616-update-org-role-foreign-keys.ts
@ -0,0 +1,35 @@
+import { sql } from 'slonik';
+
+import type { AlterationScript } from '../lib/types/alteration.js';
+
+const alteration: AlterationScript = {
+  up: async (pool) => {
+    await pool.query(sql`
+      alter table organization_role_user_relations
+        drop constraint organization_role_user_relations_organization_id_fkey;
+      alter table organization_role_user_relations
+        drop constraint organization_role_user_relations_user_id_fkey;
+      alter table organization_role_user_relations
+        add foreign key (tenant_id, organization_id, user_id)
+        references organization_user_relations (tenant_id, organization_id, user_id)
+        on update cascade on delete cascade;
+    `);
+  },
+  down: async (pool) => {
+    await pool.query(sql`
+      alter table organization_role_user_relations
+        -- The constraint name is strange because it's generated by Postgres and it has a 63 character limit
+        drop constraint organization_role_user_relati_tenant_id_organization_id_us_fkey;
+      alter table organization_role_user_relations
+        add foreign key (organization_id)
+        references organizations (id)
+        on update cascade on delete cascade;
+      alter table organization_role_user_relations
+        add foreign key (user_id)
+        references users (id)
+        on update cascade on delete cascade;
+    `);
+  },
+};
+
+export default alteration;
--- a/packages/schemas/tables/organization_role_user_relations.sql
+++ b/packages/schemas/tables/organization_role_user_relations.sql
@ -1,14 +1,16 @@
-/* init_order = 2 */
+/* init_order = 3 */

 /** The relations between organizations, organization roles, and users. A relation means that a user has a role in an organization. */
 create table organization_role_user_relations (
  tenant_id varchar(21) not null
    references tenants (id) on update cascade on delete cascade,
-  organization_id varchar(21) not null
-    references organizations (id) on update cascade on delete cascade,
+  organization_id varchar(21) not null,
  organization_role_id varchar(21) not null
    references organization_roles (id) on update cascade on delete cascade,
-  user_id varchar(21) not null
-    references users (id) on update cascade on delete cascade,
-  primary key (tenant_id, organization_id, organization_role_id, user_id)
+  user_id varchar(21) not null,
+  primary key (tenant_id, organization_id, organization_role_id, user_id),
+  /** User's roles in an organization should be synchronized with the user's membership in the organization. */
+  foreign key (tenant_id, organization_id, user_id)
+    references organization_user_relations (tenant_id, organization_id, user_id)
+    on update cascade on delete cascade
 );