fix(team): improve team retrieval and session handling for users

2025-12-28 14:50:59 +01:00 · 2025-12-28 14:50:59 +01:00 · 8d212bc110
commit 8d212bc110
parent ddd78658e8
4 changed files with 22 additions and 5 deletions
--- a/app/Http/Controllers/Api/TeamController.php
+++ b/app/Http/Controllers/Api/TeamController.php
@ -218,7 +218,10 @@ public function current_team(Request $request)
        if (is_null($teamId)) {
            return invalidTokenResponse();
        }
-        $team = auth()->user()->currentTeam();
+        $team = auth()->user()->teams->where('id', $teamId)->first();
+        if (is_null($team)) {
+            return response()->json(['message' => 'Team not found.'], 404);
+        }

        return response()->json(
            $this->removeSensitiveData($team),
@ -263,7 +266,10 @@ public function current_team_members(Request $request)
        if (is_null($teamId)) {
            return invalidTokenResponse();
        }
-        $team = auth()->user()->currentTeam();
+        $team = auth()->user()->teams->where('id', $teamId)->first();
+        if (is_null($team)) {
+            return response()->json(['message' => 'Team not found.'], 404);
+        }
        $team->members->makeHidden([
            'pivot',
            'email_change_code',
--- a/app/Http/Middleware/DecideWhatToDoWithUser.php
+++ b/app/Http/Middleware/DecideWhatToDoWithUser.php
@ -18,6 +18,9 @@ public function handle(Request $request, Closure $next): Response
        }
        if (auth()?->user()?->currentTeam()) {
            refreshSession(auth()->user()->currentTeam());
+        } elseif (auth()?->user()?->teams?->count() > 0) {
+            // User's session team is invalid (e.g., removed from team), switch to first available team
+            refreshSession(auth()->user()->teams->first());
        }
        if (! auth()->user() || ! isCloud()) {
            if (! isCloud() && showBoarding() && ! in_array($request->path(), allowedPathsForBoardingAccounts())) {
--- a/app/Livewire/Team/Member.php
+++ b/app/Livewire/Team/Member.php
@ -71,11 +71,11 @@ public function remove()
                || Role::from($this->getMemberRole())->gt(auth()->user()->role())) {
                throw new \Exception('You are not authorized to perform this action.');
            }
+            $teamId = currentTeam()->id;
            $this->member->teams()->detach(currentTeam());
+            // Clear cache for the removed user - both old and new key formats
            Cache::forget("team:{$this->member->id}");
-            Cache::remember('team:'.$this->member->id, 3600, function () {
-                return $this->member->teams()->first();
-            });
+            Cache::forget("user:{$this->member->id}:team:{$teamId}");
            $this->dispatch('reloadWindow');
        } catch (\Exception $e) {
            $this->dispatch('error', $e->getMessage());
--- a/app/Models/User.php
+++ b/app/Models/User.php
@ -319,6 +319,14 @@ public function currentTeam(): ?Team
            return null;
        }

+        // Check if user actually belongs to this team
+        if (! $this->teams->contains('id', $sessionTeamId)) {
+            session()->forget('currentTeam');
+            Cache::forget('user:'.$this->id.':team:'.$sessionTeamId);
+
+            return null;
+        }
+
        return Cache::remember('user:'.$this->id.':team:'.$sessionTeamId, 3600, function () use ($sessionTeamId) {
            return Team::find($sessionTeamId);
        });